[SIGCHECK]
Verify digital signatures and check file authenticity for malware detection and security analysis
Difficulty: Beginner
Category: Security
Key Features
Signature Verification
Verify digital signatures and certificates
VirusTotal Integration
Check file hashes against VirusTotal database
Bulk Analysis
Process multiple files and directories recursively
CSV Export
Export results in CSV format for analysis
Basic Usage
Signature Verification
# Check single file signature
sigcheck suspicious.exe
# Check directory recursively
sigcheck -s C:\\Windows\\System32
# Show only unsigned files
sigcheck -u -s C:\\Program Files
VirusTotal Integration
# Check file against VirusTotal
sigcheck -v suspicious.exe
# Submit unknown files to VirusTotal
sigcheck -vs malware.exe
# Check directory with VirusTotal
sigcheck -v -s C:\\temp
Advanced Analysis
Detailed Information
# Show verbose information
sigcheck -a suspicious.exe
# Export to CSV
sigcheck -c -s C:\\Program Files > signatures.csv
# Check catalog signatures
sigcheck -cat C:\\Windows\\System32\\drivers
Malware Hunting
# Find unsigned executables
sigcheck -u -s -e C:\\
# Check running processes
sigcheck -p
# Verify system files
sigcheck -s C:\\Windows\\System32\\*.exe
Command Line Options
| Option | Description | Example |
|---|---|---|
| -a | Show extended version information | sigcheck -a file.exe |
| -c | CSV output | sigcheck -c -s C:\\temp |
| -e | Scan executable files only | sigcheck -e -s C:\\ |
| -s | Recurse subdirectories | sigcheck -s C:\\Program Files |
| -u | Show only unsigned files | sigcheck -u -s C:\\ |
| -v | Query VirusTotal | sigcheck -v malware.exe |
| -vr | VirusTotal scan results | sigcheck -vr hash.exe |
Security Use Cases
🦠 Malware Detection
Identify unsigned or suspicious files that may indicate malware presence.
# Hunt for unsigned executables
sigcheck -u -e -s C:\\
🔍 Incident Response
Quickly verify the authenticity of system files during security incidents.
# Check running processes
sigcheck -p -v
📋 Compliance Auditing
Verify that all executables in production systems are properly signed.
# Audit system signatures
sigcheck -c -s C:\\Program Files
🚨 Threat Hunting
Proactively search for indicators of compromise using signature analysis.
# VirusTotal bulk check
sigcheck -v -s C:\\temp
Result Interpretation
✅ Signed & Verified
File has a valid digital signature from a trusted publisher. Generally safe.
Verified: Signed
⚠️ Unsigned
File lacks a digital signature. Not necessarily malicious but requires investigation.
Signed: No
🚨 Invalid Signature
File has been tampered with or signature is corrupt. High suspicion of malware.
Verified: Unsigned
🔍 VirusTotal Results
Shows detection ratio (X/Y) where X is detections and Y is total engines.
VT detection: 5/67 (suspicious)
Best Practices & Tips
Start with unsigned file hunting: Use -u flag to focus on potentially suspicious files
Leverage VirusTotal integration: Combine signature checks with malware detection
Export for analysis: Use CSV output for large-scale analysis and reporting
Check running processes: Use -p flag to verify currently executing programs
Be aware of rate limits: VirusTotal API has rate limits for bulk queries