Monday, February 1, 2016


Sigcheck is a command-line utility that shows file version number, timestamp information,
and digital signature details, including certificate chains. It also includes an option to
check a file’s status on VirusTotal, a site that performs automated file scanning against
over 40 antivirus engines, and an option to upload a file for scanning.

One way to use the tool is to check for unsigned files in your \Windows\System32
directories with this command:

sigcheck -u -e c:\windows\system32


Use the following command to check for local certificate store for the computer in question by downloading the trusted Microsoft root certificate list and only output valid certificates not rooted to a certificate on that list.  If Microsoft's online site is not accessible, or authroot.stl in the current directory are used instead, if present.

sigcheck –tv


The –a switch will display detailed information on a file.


The –vt switch can be used to check the file hash against VirusTotal.


If the hash is not found within the VirusTotal service, use the switch –vs to submit it.The –s switch will scan the entire disk and the –c will produce a .CSV file.


No comments:

Post a Comment