Learn about Sigcheck of Microsoft

Sigcheck is a command line utility that displays file version numbers, timestamp information and digital signature details, including certificate strings. It also includes an option to check the status of a file on VirusTotal.

Sigcheck is a command line utility that displays file version numbers,timestampinformationand digital signature details, including certificate strings.It also includes an option to check the status of a file on VirusTotal.com, an automated file scanning site with more than 40 antivirus tools and file upload options.

 usage: sigcheck [-a][-h][-i][-e][-l][-n][[-s]|[-c|-ct]|[-m]][-q][-r][-u][-vt][-v[r][s]][-f catalog file] usage: sigcheck -d [-c|-ct] usage: sigcheck -o [-vt][-v[r]] usage: sigcheck -t[u][v] [-i] [-c|-ct]

Learn about Sigcheck of Microsoft Picture 1 Learn about Sigcheck of Microsoft Picture 1

Parameters Description -a Displays extended version information. Entropy measurements (entropy analysis will help detect malicious code) are reported as bits per byte of information of file content. -c Output CSV with comma delimited. -ct Output CSV with delimiter is the tab key. -d Output content of a catalog file. -e Only scan executable images (regardless of their extension). -f Find the signature in the specified catalog file. -h Display the hash of the file. -i Display the name and signature chain of the catalog. -l Pass symbolic links and directory junction. -m Output manifests. -n Only show file version number. -o Use Virus Total lookup hash is recorded in CSV file (previously collected by Sighcheck) when using -h option . This feature is exclusively for scanning offline systems. -q Quiet (without banner). -r Disable the certificate revocation feature. -s Recursive (recurse) subdirectories. -t [u] [v] - The output of the specified certificate store ('*' represents all stores).
- Specify -tu to query the user store (the machine store is the default option).
- Combine with '-v' to Sigcheck to download Microsoft trusted root certificate list, and export only valid certificates that cannot be rooted in a certificate in that list. If the website cannot be accessed, authrootstl.cab or authroot.stl in the current directory is used instead (if available). -u If VirusTotal's checking feature is enabled, files that VirusTotal does not identify or detect non-zero (containing other digits) will be displayed, otherwise it will only display files signed only. -v [rs] - VirusTotal query (www.virustotal.com) for hash-based malware.
- Add 'r' to open the report for detected files that are non-zero.
- Files that are reported to have not been scanned before will be uploaded to VirusTotal, if the 's' option is specified. Note that it takes 5 minutes or more to get the scan results. -vt Before using VirusTotal features, users must accept VirusTotal's terms of service. Visit https://www.virustotal.com/en/about/terms-of-service/ for more details. If you do not accept the terms and ignore this option, the user will see a warning message appear.

One way to use this tool is to check the unsigned files in the WindowsSystem32 directories with this command: