0

I want to know whether the SHA256 of a file changes from being available for download to once we downloaded to a device.

For example, I got the URL https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B7E34C753-0D4E-7F51-19E4-EBB7979C40B3%7D%26lang%3Den%26browser%3D5%26usagestats%3D1%26appname%3DGoogle%2520Chrome%26needsadmin%3Dprefers%26ap%3Dx64-stable-statsdef_1%26brand%3DRXQR%26installdataindex%3Dempty/update2/installers/ChromeSetup.exe to download Chrome Browser installer.

When I submit this address to VirusTotal.com, the service informs me that the final URL is https://dl.google.com/tag/s/appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={7E34C753-0D4E-7F51-19E4-EBB7979C40B3}&lang=en&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&brand=RXQR&installdataindex=empty/update2/installers/ChromeSetup.exe, and that the Body SHA-256 is f8333a218d1f9037d013d97b520548d7f1de125845b9842743efaa879d76322c You can view the VirusTotal.com report here: https://www.virustotal.com/gui/url/fb2d08d9378cba5fcff0612f0ac45a64d632b929b99101915d0dc937611bd1fb/details

Would this SHA256 be different when generated from the downloaded ChromeSetup.exe to my computer?

Or can I expect the SHA256 to be equal to the Body SHA256 reported by VirusTotal.com?

Thx

u20210512
  • 3
  • 1
  • The URL can point to a different file when Chrome gets an update. So VirusTotal got previous version, hashed it, you got the newer version. – ThoriumBR Dec 23 '21 at 12:57
  • I got a different SHA256 for the downloaded file. I submitted the URL to TotalVirus the minute after the download. Assuming they changed the file from the time I downloaded to the time I submitted the URL to the site; I wonder what would be the likelihood that I download the file again, submit the download URL to TotalVirus right away, and again get a different SHA256? I'll do and report back tomorrow. Thank you for your feedback – u20210512 Dec 23 '21 at 15:24
  • It does not matter when you submit the URL, but only when VirusTotal downloaded Chrome the last time. – ThoriumBR Dec 23 '21 at 17:25
  • If you got a different sha256 then you either entered the command incorrectly or there were errors in the download (unlikely). I ran sha256sum on ChromeSetup.exe and got the same output indicated in the report. – fuzzydrawrings Dec 23 '21 at 19:39

2 Answers2

0

Would this SHA256 be different when generated from the downloaded ChromeSetup.exe to my computer?

If the file hasn't changed, then the SHA256 checksum of the file should not have changed.

mti2935
  • 23,468
  • 2
  • 53
  • 73
0

Some installers seem to be delivered with unique "tokens", so the checksum of different downloads of (what appears to be) the same file, may actually not be the same. Firefox is known to do that:

https://www.ghacks.net/2022/03/17/each-firefox-download-has-a-unique-identifier/

I don't know about Chrome. But I just downloaded the chrome installer from the official Google site, and then checked the sha256 of that file on Virus Total - it was unknown. I find that very suspicious in case of a popular software installer.

Nico
  • 1
  • welcome - including a brief summary of the ghacks article would improve your answer, and in this case the first paragraph is ideal: "The identifier, called dltoken by Mozilla internally, is used to link downloads to installations and first runs of the Firefox browser. The identifier is unique to each Firefox installer, which means that it is submitted to Mozilla whenever it is used." – brynk Dec 10 '22 at 00:53