Professional Documents
Culture Documents
HOWTO Find Unsigned Executables On
HOWTO Find Unsigned Executables On
on Windows
From the Sigcheck website, Sigcheck is a command-line utility that shows file version number,
time stamp information, and digital signature details, including certificate chains. It also includes
an option to check a files status on VirusTotal, a site that performs automated file scanning
against over 40 antivirus engines, and an option to upload a file for scanning. It runs on
XP/2003 and higher versions of Windows.
Download sigcheck and unzip to a location of your choice. Run the commands below to get a
feel for the output. When the command prompt returns, open the file in Excel, Calc or your
favorite spreadsheet program. The Verified column will show signed or unsigned.
Sigcheck page:
http://technet.microsoft.com/en-us/sysinternals/bb897441
Sigcheck download:
http://download.sysinternals.com/files/Sigcheck.zip
1) The following command scans executables only, shows extended version information,
recurses sub-directories in c:\windows\system32 and writes the output to a file called
sigcheck-Win7.csv.
> sigcheck -e -a -s -c c:\windows\system32 > sigcheck-Win7.csv
2) To run a check through VirusTotal, add the -v option. Note that when using the Virustotal
option it may take 20 minutes or more to complete.
> sigcheck -e -a -s -v -c c:\windows\system32 > sigcheck-Win7-virustotal.csv