Sigcheck is a command-line utility from the awesome Windows Sysinternals. It’s developed to show file version numbers, timestamp, and digital signature details, including certificate chains. In the recent release, it also includes an option to check file’s status on VirusTotal to see if it’s infected by a virus, just like both Autoruns and Process Explorer.
The basic usage of this tool is simple:
sigcheck [-switches] <file or directory>
There are a lot of switches available but to start something simple, you can just ignore all the switches and only run sigcheck against a file or a folder.
Or, with switch -h to show the hash info about the file.
Or, checking the virus status with switch -v. If it’s the first time using sigcheck with VirusTotal, you will need -vt to accept VirsTotal terms of service.
So let’s go back to the topic, to find out the unsigned executable files in a particular folder, you can use the following sigcheck usage.
sigcheck -u -e directory
The -e is to only scan executable files. A common use of this is to use this against windows system folder c:\windows\system32:
Lastly, with the switches like -c or -ct, you can export the result to a comma delimited or tab delimited CSV file.
Latest posts by Kent Chen (see all)
- The Story of How SSH Got the Port Number 22 - April 28, 2017
- Microsoft To-Do App Available in Preview on Windows 10, iOS and Android - April 19, 2017
- Windows 10 Tip: What’s Mini View in Movies & TV App and How To Use it - April 15, 2017
Last updated: 04/12/2015