SigCheck – Windows CMD Command

Display file version number, VirusTotal status, timestamp information, and digital signature details, including certificate chains.

VirusTotal.com is a website that performs automated file scanning against over 40 antivirus engines, with an option to upload a file for scanning. You should investigate the purpose of any files found that are not signed.

If scanning a large number of files redirect the output of sigcheck to a text file.

Examples:

Check for unknown/unsigned executable files in your C:\Windows\System32 directory:
sigcheck -u -e -vt c:\windows\system32

Check for malware files in the C:\Windows\System32 directory (files will NOT be uploaded to VirusTotal):
sigcheck -vr -vt c:\windows\system32\

Check for malware within executable files only, in C:\Windows\System32 directory and upload any suspect file to VirusTotal:
sigcheck -vrs -e -vt c:\windows\system32

Return the Windows major/minor version no. by testing a key Windows DLL, this will return the same information as VER but potentially you could run this against a remote machine:
sigcheck -n C:\Windows\System32\ntoskrnl.exe -nobanner

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *