Sigcheck is a command line tool which can provide details (link date, publisher etc) on an executable's digital signature. Sounds dull, yes - but wait. The program can also highlight unsigned executables, and even upload them to VirusTotal for detailed analysis.

For the most basic, details-only use, enter a command like sigcheck c:\windows\system32

Every executable file the program finds will have its digital signature checked and verified, then the signing date, publisher, description, product and more will all be listed.

Life gets more interesting when you start using VirusTotal, although Sigcheck does require that you accept the site's terms and conditions first. (Don't worry, there's nothing bad, but just follow the link to confirm that for yourself.)

With that done, enter a command like sigcheck -e -u -vn -vt c:\windows\system32

Now the program will scan your \Windows\System32 folder for unsigned files, then upload whatever it finds to VirusTotal, before listing anything that at least one of the engines thinks is malware. (It's not unusual for one or two engines to incorrectly raise an alert, so don't panic immediately, but you still need to investigate anything listed here.)

Sigcheck supports plenty of other command line switches. You can have the program show more version information, recurse subdirectories, query VirusTotal with file hashes, export its data in csv format, and more. Enter sigcheck at the command line for the full list.

Version 2.55:

Fix for a bug that caused the display of publisher names with commas to be truncated at the first comma.


An excellent security tool for anyone who might ever need to manually hunt down malware.