How to use Sigcheck

Command line tool to check digital signatures.

YouTube

Click here for a video explanation.

Official site

https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck

How to use

Specify the file path and run it

PS C:\Users\miajimyu\Desktop> sigcheck.exe .\notepad.exe

Sigcheck v2.80 - File version and signature viewer
Copyright (C) 2004-2020 Mark Russinovich
Sysinternals - www.sysinternals.com

C:\Users\miajimyu\Desktop\notepad.exe:
        Verified:       Signed
        Signing date:   3:11 2020/11/01
        Publisher:      Microsoft Windows
        Company:        Microsoft Corporation
        Description:    Notepad
        Product:        Microsoftョ Windowsョ Operating System
        Prod version:   10.0.18362.693
        File version:   10.0.18362.693 (WinBuild.160101.0800)
        MachineType:    64-bit

Run without displaying the banner

If you add -nobanner, the first extra character will not be displayed.

PS C:\Users\miajimyu\Desktop> sigcheck.exe -nobanner .\notepad.exe
C:\Users\miajimyu\Desktop\notepad.exe:
        Verified:       Signed
        Signing date:   3:11 2020/11/01
        Publisher:      Microsoft Windows
        Company:        Microsoft Corporation
        Description:    Notepad
        Product:        Microsoftョ Windowsョ Operating System
        Prod version:   10.0.18362.693
        File version:   10.0.18362.693 (WinBuild.160101.0800)
        MachineType:    64-bit

Output the execution result to a CSV file

If you add -c, the result will be output in comma separated format.

PS C:\Users\miajimyu\Desktop> sigcheck.exe -nobanner -c .\notepad.exe > output.csv

Scan for malware with VirusTotal

The items VT detection and VT link will be added.

PS C:\Users\miajimyu\Desktop> sigcheck.exe -vt -vr .\notepad.exe

Sigcheck v2.80 - File version and signature viewer
Copyright (C) 2004-2020 Mark Russinovich
Sysinternals - www.sysinternals.com

C:\Users\miajimyu\Desktop\notepad.exe:
        Verified:       Signed
        Signing date:   3:11 2020/11/01
        Publisher:      Microsoft Windows
        Company:        Microsoft Corporation
        Description:    Notepad
        Product:        Microsoftョ Windowsョ Operating System
        Prod version:   10.0.18362.693
        File version:   10.0.18362.693 (WinBuild.160101.0800)
        MachineType:    64-bit
        VT detection:   0/74
        VT link:        https://www.virustotal.com/gui/file/e5d90beeb6f13f4613c3153dabbd1466f4a062b7252d931f37210907a7f914f7/detection