By Mark Russinovich
Published: August 29, 2016
Download Sigcheck (514 KB)
Sigcheck is a command-line utility that shows file version number, timestamp information, and digital signature details, including certificate chains. It also includes an option to check a file’s status on VirusTotal, a site that performs automated file scanning against over 40 antivirus engines, and an option to upload a file for scanning.
usage: sigcheck [-a][-h][-i][-e][-l][-n][[-s]|[-c|-ct]|[-m]][-q][-r][-u][-vt][-v[r][s]][-f catalog file] <file or directory>
usage: sigcheck -d [-c|-ct] <file or directory>
usage: sigcheck -o [-vt][-v[r]] <sigcheck csv file>
usage: sigcheck -t[u][v] [-i] [-c|-ct] <certificate store name|*>
One way to use the tool is to check for unsigned files in your \Windows\System32 directories with this command:
sigcheck -u -e c:\windows\system32
You should investigate the purpose of any files that are not signed.