Introduction
Verify that images are digitally signed and dump version information with this simple command-line utility.
usage: sigcheck [-a][-h][-i][-e][-n][[-s]|[-v]|[-m]][-q][-r][-u][-c catalog file] <file or directory>
| -a | Show extended version information |
| -c | Look for signature in the specified catalog file |
| -e | Scan executable images only (regardless of their extension) |
| -h | Show file hashes |
| -i | Show catalog name and image signers |
| -m | Dump manifest |
| -n | Only show file version number |
| -q | Quiet (no banner) |
| -r | Disable check for certificate revocation |
| -s | Recurse subdirectories |
| -u | Show unsigned files only |
| -v | Csv output |
One way to use the tool is to check for unsigned files in your \Windows\System32 directories with this command:
sigcheck -u -e c:\windows\system32
You should investigate the purpose of any files that are not signed.
.png "Download")
Download Sigcheck
(120KB)
.png){kind=small}
Download Sigcheck.png)