{
	"id": "7ffe2424-0db1-4530-9064-281d7325b665",
	"created_at": "2026-04-06T00:17:50.960229Z",
	"updated_at": "2026-04-10T03:19:56.771362Z",
	"deleted_at": null,
	"sha1_hash": "aa83d2887e506f20246206632b50134a7211aac3",
	"title": "Sigcheck - Sysinternals",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 51562,
	"plain_text": "Sigcheck - Sysinternals\r\nBy markruss\r\nArchived: 2026-04-05 22:40:01 UTC\r\nBy Mark Russinovich\r\nPublished: February 4, 2026\r\n Download Sigcheck (645 KB)\r\nSigcheck is a command-line utility that shows file version number, timestamp information, and digital signature\r\ndetails, including certificate chains. It also includes an option to check a file’s status on VirusTotal, a site that\r\nperforms automated file scanning against over 40 antivirus engines, and an option to upload a file for scanning.\r\nusage:\r\nsigcheck [-a][-h][-i][-e][-l][-n][[-s]|[-c|-ct]|[-m]][-q][-r][-u][-vt][-v[r][s]][-f catalog file] \u003cfile or dire\r\nsigcheck -d [-c|-ct] \u003cfile or directory\u003e\r\nusage: sigcheck -t[u][v] [-i] [-c|-ct] \u003ccertificate store name|*\u003e\r\nParameter    Description\r\n-a\r\nShow extended version information. The entropy measure reported is the bits per byte of\r\ninformation of the file's contents.\r\n-accepteula Silently accept the Sigcheck EULA (no interactive prompt)\r\n-c CSV output with comma delimiter\r\n-ct CSV output with tab delimiter\r\n-d Dump contents of a catalog file\r\n-e Scan executable images only (regardless of their extension)\r\n-f Look for signature in the specified catalog file\r\n-h Show file hashes\r\n-i Show catalog name and signing chain\r\n-l Traverse symbolic links and directory junctions\r\nhttps://docs.microsoft.com/sysinternals/downloads/sigcheck\r\nPage 1 of 3\n\nParameter    Description\r\n-m Dump manifest\r\n-n Only show file version number\r\n-o\r\nPerforms Virus Total lookups of hashes captured in a CSV file previously captured by\r\nSigcheck when using the -h option. This usage is intended for scans of offline systems.\r\n-nobanner Do not display the startup banner and copyright message.\r\n-r Disable check for certificate revocation\r\n-p Verify signatures against the specified policy, represented by its GUID.\r\n-s Recurse subdirectories\r\n-t[u][v]\r\nDump contents of specified certificate store ('*' for all stores).\r\nSpecify -tu to query the user store (machine store is the default).\r\nAppend '-v' to have Sigcheck download the trusted Microsoft root certificate list and only\r\noutput valid certificates not rooted to a certificate on that list. If the site is not accessible,\r\nauthrootstl.cab or authroot.stl in the current directory are used instead, if present.\r\n-u\r\nIf VirusTotal check is enabled, show files that are unknown by VirusTotal or have non-zero\r\ndetection, otherwise show only unsigned files.\r\n-v[rs]\r\nQuery VirusTotal (www.virustotal.com) for malware based on file hash.\r\nAdd 'r' to open reports for files with non-zero detection.\r\nFiles  reported as not previously scanned will be uploaded to VirusTotal if the 's' option is\r\nspecified. Note scan results may not be available for five or more minutes.\r\n-vt\r\nBefore using VirusTotal features, you must accept VirusTotal terms of service. See:\r\nhttps://www.virustotal.com/en/about/terms-of-service/ If you haven't accepted the terms and\r\nyou omit this option, you will be interactively prompted.\r\nOne way to use the tool is to check for unsigned files in your \\Windows\\System32 directories with this command:\r\nsigcheck -u -e c:\\windows\\system32\r\nYou should investigate the purpose of any files that are not signed.\r\n Download Sigcheck (645 KB)\r\nRuns on:\r\nClient: Windows 8.1 and higher\r\nServer: Windows Server 2012 and higher\r\nhttps://docs.microsoft.com/sysinternals/downloads/sigcheck\r\nPage 2 of 3\n\nNano Server: 2016 and higher\r\nMalware Hunting with the Sysinternals Tools\r\nIn this presentation, Mark shows how to use the Sysinternals tools to identify, analyze and clean malware.\r\nSource: https://docs.microsoft.com/sysinternals/downloads/sigcheck\r\nhttps://docs.microsoft.com/sysinternals/downloads/sigcheck\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://docs.microsoft.com/sysinternals/downloads/sigcheck"
	],
	"report_names": [
		"sigcheck"
	],
	"threat_actors": [],
	"ts_created_at": 1775434670,
	"ts_updated_at": 1775791196,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/aa83d2887e506f20246206632b50134a7211aac3.pdf",
		"text": "https://archive.orkl.eu/aa83d2887e506f20246206632b50134a7211aac3.txt",
		"img": "https://archive.orkl.eu/aa83d2887e506f20246206632b50134a7211aac3.jpg"
	}
}