How to Verify File Hashes for Malware with Claude
Verify File Hashes for Malware with Claude and ToolRouter. Check file hashes against threat intelligence databases to determine if a file is known malware before executing it.
Tool
Use Claude with Security Scanner to check file hashes and get a plain-language verdict with context. Claude explains what a malware family name means, how many engines detected it, and whether partial matches or clean scores warrant further investigation — not just the raw numbers.
Connect ToolRouter to Claude
1Open connector settings Open Settings
2Add a custom connector with these details
Name
ToolRouterURL
https://api.toolrouter.com/mcp3Let Claude set you up Open Claude
Steps
Once connected (see setup above), use the Security Scanner tool:
- Generate the SHA256, SHA1, or MD5 hash of the file you want to check (using certutil, sha256sum, or your OS hash tool).
- Provide the hash to Claude and ask it to check via `security-scanner` with `check_hash`.
- Ask Claude to explain the verdict — malware family, detection count, and confidence level.
- Ask whether the result is decisive or whether the file needs further analysis before it can be trusted.
Example Prompt
Try this with Claude using the Security Scanner tool
Use security-scanner to check this SHA256 hash: 3395856ce81f2b7382dee72602f798b642f14140d912dc31f34e09bb5938b2f5. Tell me the verdict, any malware family name, how many engines detected it, and whether I should treat this file as safe or escalate for further analysis.
Tips
- Always hash the file locally — never upload the file itself to an external service for initial triage.
- Ask Claude what confidence level the detection count represents — 1 engine detecting versus 40 is materially different.
- Check hashes of software received from vendors before running in production, not just files from unknown sources.