Monday, February 1, 2016

Sigcheck

Sigcheck is a command-line utility that shows file version number, timestamp information,
and digital signature details, including certificate chains. It also includes an option to
check a file’s status on VirusTotal, a site that performs automated file scanning against
over 40 antivirus engines, and an option to upload a file for scanning.

One way to use the tool is to check for unsigned files in your \Windows\System32
directories with this command:

sigcheck -u -e c:\windows\system32

image

Use the following command to check for local certificate store for the computer in question by downloading the trusted Microsoft root certificate list and only output valid certificates not rooted to a certificate on that list.  If Microsoft's online site is not accessible, authrootstl.cab or authroot.stl in the current directory are used instead, if present.

sigcheck –tv

image

The –a switch will display detailed information on a file.

image

The –vt switch can be used to check the file hash against VirusTotal.

image

If the hash is not found within the VirusTotal service, use the switch –vs to submit it.The –s switch will scan the entire disk and the –c will produce a .CSV file.

image

https://technet.microsoft.com/en-us/sysinternals/bb897441.aspx

No comments:

Post a Comment