United States - English

Argentina (Español)

Australia (English)

Brasil (Português)

Canada (English)

中国 (简体中文)

Colombia (Español)

Deutschland (Deutsch)

España (Español)

France (Français)

India (English)

Italia (Italiano)

日本 (日本語)

México (Español)

Perú (Español)

Россия (Pусский)

United Kingdom (English)

United States (English)

Welcome Sign in

Windows Sysinternals

File and Disk Utilities

|

Networking Utilities

|

Process Utilities

|

Security Utilities

|

System Information

|

|

Printer Friendly Version

Send

Utilities

Sysinternals Suite Utilities Index File and Disk Utilities Networking Utilities Process Utilities Security Utilities System Information Miscellaneous Utilities

Additional Resources

Forum Site Blog Sysinternals Library Sysinternals Learning Mark's Webcasts Mark's Events Mark's Blog Software License Licensing FAQ

Sigcheck v1.54

By Mark Russinovich

Published: September 30, 2008

Introduction

Verify that images are digitally signed and dump version information with this simple command-line utility.

Usage: sigcheck.exe [-a][-h][-i][-e][-n][[-s]|[-v]|[-m]][-q][-r][-u][-c catalog file] <file or directory>

-a	Show extended version information
-c	Look for signature in the specified catalog file
-e	Scan executable images only (regardless of their extension).
-h	Show file hashes
-i	Show image signers
-m	Dump manifest
-n	Only show file version number
-q	Quiet (no banner)
-r	Check for certificate revocation
-s	Recurse subdirectories
-u	Show unsigned files only
-v	Csv output

One way to use the tool is to check for unsigned files in your \Windows\System32 directories with this command:

sigcheck -u -e c:\windows\system32

You should investigate the purpose of any files that are not signed.

Download Sigcheck (114 KB)

Download Sigcheck (114 KB)