it works - but use with caution :) it's a bit noisy and I think it's broken

Scan-LOLDrivers.ps1

function Scan-LOLDrivers {
    param(
        [Parameter(Mandatory = $true)]
        [string]$path
    )

    Add-Type -TypeDefinition @"
    using System;
    using System.Security.Cryptography;
    using System.Security.Cryptography.X509Certificates;
    using System.IO;
    using System.Text;
    public class FileHashScanner {
        public static string ComputeSha256(string path) {
            try {
                using (FileStream stream = File.OpenRead(path)) {
                    SHA256Managed sha = new SHA256Managed();
                    byte[] checksum = sha.ComputeHash(stream);
                    return BitConverter.ToString(checksum).Replace("-", String.Empty);
                }
            } catch (Exception) {
                return null;
            }
        }
        public static string GetAuthenticodeHash(string path) {
            try {
                X509Certificate2 cert = new X509Certificate2(path);
                return BitConverter.ToString(cert.GetCertHash()).Replace("-", String.Empty);
            } catch (Exception) {
                return null;
            }
        }
    }
"@

    Write-Host "Downloading drivers.json..."
    $driversJsonUrl = "https://www.loldrivers.io/api/drivers.json"
    $driversJsonContent = Invoke-WebRequest -Uri $driversJsonUrl
    $driverData = $driversJsonContent.Content | ConvertFrom-Json
    Write-Host "Download complete."

    Write-Host "Building correlation tables"
    $fileHashes = @{}
    $authenticodeHashes = @{}
    foreach ($driverInfo in $driverData) {
        foreach ($sample in $driverInfo.KnownVulnerableSamples) {
            'MD5 SHA1 SHA256'.Split() | ForEach-Object {
                $fileHashValue = $sample.$_
                if ($fileHashValue) {
                    $fileHashes[$fileHashValue] = $driverInfo
                }
                $authCodeHashValue = $sample.Authentihash.$_
                if ($authCodeHashValue) {
                    $authenticodeHashes[$authCodeHashValue] = $driverInfo
                }
            }
        }
    }
    Write-Host "Done building correlation tables"

    function Scan-Directory {
        param([string]$directory)
        
        Get-ChildItem -Path $directory -Recurse -File | ForEach-Object {
            $filePath = $_.FullName
            Write-Verbose "Computing hash for $filePath..."
            $fileHash = [FileHashScanner]::ComputeSha256($filePath)
            $fileAuthenticodeHash = [FileHashScanner]::GetAuthenticodeHash($filePath)
            if ($fileHashes.ContainsKey($fileHash)) {
                Write-Host "SHA256 hash match found: $filePath with hash $fileHash (matching $($fileHashes[$fileHash]))"
            }
            if ($fileAuthenticodeHash -and $authenticodeHashes.ContainsKey($fileAuthenticodeHash)) {
                Write-Host "Authenticode hash match found: $filePath with hash $fileAuthenticodeHash (matches $($authenticodeHashes[$fileAuthenticodeHash]))"
            }
        }
    }

    Write-Host "Starting scan..."
    Scan-Directory -directory $path
    Write-Host "Scan complete."
}

@HotCakeX The constructor for X509Certificate2 tries to identify the file type, and if it's a signed file it'll attempt to locate the signing certificate

So which part of the code is calculating the Authenticode hash?

@HotCakeX None, as far as I'm aware - GetAuthenticodeHash would have been more aptly named GetAuthenticodeSignerHash, but you'll have to ask @MHaggis about the original naming choice :)