One method of knowing if a downloaded program file is safe to install is to compare the file checksum (also called a hash) before running the executable.

Verifying the checksum of a file helps ensure the file was not corrupted during download, or modified by a malicious third-party before you downloaded it. If it was infected with malware or other malicious software after the checksum was originally calculated, you will discover the change when you calculate the new checksum.

The checksum is a long string of numbers that looks like this:

6fa92dd2ca691c11dfbfc0a239e34369897a7fab

This hexadecimal number is unique to the installer .exe file created by the author. If anyone has altered or tampered with the file that you downloaded, the checksum will be different on your computer.

How to check the checksum of a file in Windows

Many utilities can verify the checksum of a file in Windows. Below are our favorite options, the Checksum Calculator, an easy to use and compare checksum utility and the FCIV command line utility from Microsoft.

For maximum system security, always verify the checksum of any software you download from the Internet, before you run it.

  • How to check the checksum of a file in Windows.

  • How to view the checksum of a file in Linux.

  • Using the checksum calculator.

  • Using the Microsoft FCIV utility.

Checksum calculator

The Checksum Calculator is a free file checksum calculation utility that supports the most commonly used file checksum algorithms, such as md5, crc32, and sha1. The Checksum Calculator can also batch process multiple files and is an easy to understand and use Windows program.

Downloading and installing the checksum calculator

  • Download the Checksum Calculator.
  • Run the executable, checksumcalculator_setup.exe.
  • Follow the prompts to install the program.

Using the calculator

  • Open the Checksum Calculator if not already opened after the install.
  • Click the Browse next to the file box and browse to the file you want to check. In our example, we are checking the checksum of the windirstat1_1_2_setup.exe file.
  • Select the type of Checksum you are calculating. By default, the Checksum is set to MD5. In our example below, we set the value to SHA1.
  • Click the Calculate button.
  • After clicking Calculate, a result is shown in the Result box. To compare the values with what’s shown on the web page or documentation, copy and paste the checksum to the Compare box and click Verify. If both values match, you see a message box indicating the values are the same.

Using the Microsoft FCIV utility

Unfortunately, no version of Microsoft Windows comes pre-installed with a checksum utility, but Microsoft has released a command line command perform a checksum. In our example, we are downloading, installing, and using the Microsoft FCIV (File Checksum Integrity Verifier) to check the WinDirStat installer file. WinDirStat is a great free utility for checking what files and folders are occupying space on your hard drive.

Downloading and installing Microsoft FCIV

  • Download FCIV from Microsoft.

  • Run the executable, Windows-KB841290-x86-ENU.exe.

  • Click Yes to accept the license agreement.

  • The installer asks where you want to extract the files. It’s convenient to have it in the same place as the WinDirStat installer, so we recommend you extract it to your Downloads folder. Click Browse, highlight Downloads, and click OK.

  • Click OK to extract the files.

  • Click OK to close the installer.

Using FCIV

  • FCIV is a command-line utility, so you need to run it from the Windows command prompt. Open a new command prompt window now. In Windows 10, you can find it under Start menu → Windows System → Command Prompt. You can also open it from the Run box if you press Win+R (hold down the Windows key on your keyboard and press R), type cmd, and press Enter.
  • Change to your Downloads directory or the directory containing fciv and the file you want to compare. At the command prompt, run:

cd Downloads

  • The checksums provided on the WinDirStat use the SHA1 algorithm, so we need to use the -sha1 option when we run FCIV. For example, to verify windirstat1_1_2_setup.exe, use this command:

fciv -sha1 windirstat1_1_2_setup.exe

FCIV spends a few moments calculating, and then provide output like this:

If you copy the fciv.exe file to your C:\Windows directory, the command works from any directory or drive in the command prompt.

The checksum is the long hexadecimal number on the last line:

6fa92dd2ca691c11dfbfc0a239e34369897a7fab windirstat1_1_2_setup.exe

That hexadecimal number is the SHA1 checksum for your file. Check to make sure it matches the checksum on the WinDirStat website:

  • See our fciv command page for further information about this command and its syntax and options.

How to check the checksum of a file in Linux

In Linux, the checksum of a file can be checked using one of the following command line commands depending on the checksum the author used for comparison.

  • The MD5 checksum is verified using the md5sum command.
  • An SHA224 checksum is checked using the sha224sum command.
  • An SHA256 checksum is shown using the sha256sum command.
  • An SHA384 checksum is shown using the sha384sum command.
  • An SHA512 checksum is verified using the sha512sum command.
  • How to protect yourself while on the Internet.
  • See our checksum page for further information and related links.
  • Microsoft Windows help and support.