SigcheckGUI is a front end for Sysinternals Sigcheck, a command-line tool which shows digital signature, version and other information about a set of files.

There are options to scan specific files, the contents of a folder tree, or just running processes. (Beware, scanning can be slow, and if you point the program at \Windows, or anywhere else with a lot of files, you could be waiting for a very long time. If in doubt, try it on a test folder with first.)

Whatever you choose is scanned, and details are displayed about each file: whether it's signed or unsigned, the signing date, publisher, description, product name, product/ file/ binary version, whether it's 32 or 64-bit, its original name, internal name, copyright, comments, hashes, path, and - optionally - VirusTotal score.

Unsigned files are highlighted in red, making them easy to spot. This doesn't mean they're dangerous - even SigcheckGUI.exe is unsigned, ironically - but if you already think you might be infected then the report might help you spot something suspicious.

Right-clicking any file displays options to help you investigate further. You're able to open the file location, run web searches for the file name, open a VirusTotal URL for the file, and more.

Please note, VirusTotal support is turned off by default because it slows down the scanning process. If you need it, click the Options tab and check "Query VirusTotal..." before starting a scan.


SigcheckGUI's interface isn't great, and we noticed one or two minor bugs in our tests (right-clicking a file and selecting Open File Location didn't always work).

The program carries out its main tasks without difficulty, though, and overall it can be a useful way to find malicious or unwanted software.