Sigcheck 1.92

Verify that images are digitally signed and dump version information with this simple command-line utility called Sigcheck.

Usage: sigcheck [-i][-e][[-s]|[-v]][-q][-u] [-c catalog file]

-c
Look for signature in the specified catalog file
-e
Scan executable images only (regardless of their extension)
-i
Show image signers
-n
Only show version number
-q
Quiet (no banner)
-s
Recurse subdirectories
-u
Show unsigned files only
-v
Csv output
One way to use the tool is to check for unsigned files in your WindowsSystem32 directories with this command:

sigcheck -u -e c:windowssystem32

You should investigate the purpose of any files that are not signed.

What's New in This Release: [ read full changelog ]

· With this update, it now includes support for Authenticode SHA256 hashes, which is the same hash type used to identify images by AppLocker.