Verify that images are digitally signed and dump version information with this simple command-line utility called Sigcheck.
Usage: sigcheck [-i][-e][[-s]|[-v]][-q][-u] [-c catalog file]
Look for signature in the specified catalog file
Scan executable images only (regardless of their extension)
Show image signers
Only show version number
Quiet (no banner)
Show unsigned files only
One way to use the tool is to check for unsigned files in your WindowsSystem32 directories with this command:
sigcheck -u -e c:windowssystem32
You should investigate the purpose of any files that are not signed.
What's New in This Release: [ read full changelog ]
· With this update, it now includes support for Authenticode SHA256 hashes, which is the same hash type used to identify images by AppLocker.