Sigcheck is a command-line utility that shows file version number, timestamp information, and digital signature details, including certificate chains. It also includes an option to check a file’s status on VirusTotal, a site that performs automated file scanning against over 40 antivirus engines, and an option to upload a file for scanning.
usage: sigcheck [-a][-h][-i][-e][-l][-n][[-s]|[-c|-ct]|[-m]][-q][-r][-u][-vt][-v[r][s]][-f catalog file] <file or directory>
usage: sigcheck [-d][-c|-ct] <file or directory>
usage: sigcheck [-t[u]] <certificate store name|*>
Show extended version information. The entropy measure reported is the bits per byte of information of the file's contents.
CSV output with comma delimiter
CSV output with tab delimiter
Dump contents of a catalog file
Scan executable images only (regardless of their extension)
Look for signature in the specified catalog file
Show file hashes
Show catalog name and image signers
Traverse symbolic links and directory junctions
Only show file version number
Quiet (no banner)
Disable check for certificate revocation
Dump contents of specified certificate store ('*' for all stores). Specify -tu to query the user store (machine store is the default).
If VirusTotal check is enabled, show files that are unknown by VirusTotal or have non-zero detection, otherwise show only unsigned files.
Query VirusTotal (www.virustotal.com) for malware based on file hash. Add 'r' to open reports for files with non-zero detection. Files reported as not previously scanned will be uploaded to VirusTotal if the 's' option is specified. Note scan results may not be available for five of more minutes.