Sigcheck (with VirusTotal)

Using the Command Prompt command below you’ll be calling sigcheck to check the specified folder, the -u parameter outputs only the files that are unsigned and also none zero detections, the -e limits the scan to executable images only, just to speed up the process.

sigcheck -u -e c:\windows\system32

This should output a list of files that are unsigned or none zero detected on (files that have 1 or more detections) with a link to go check it out.

Another useful option is to use Sigheck to check hashes really quickly, especially if you create a context menu. The below command with the -h parameter will output hashes for the file location specified. There are probably better tools, but this one is from Microsoft so you can trust it.

sigcheck -h C:\file.exe

Then you could add the context menu (via Command Prompt again). This adds the ability to see “Check Hashes” when you right click on any file. Instantly types the above command with the file you selected.

reg add "HKCR\*\shell\Check Hashes\command" /ve /d "cmd /k sigcheck.exe -h "%1""

You can find more parameters and other relevant information in the links below.

Links & References

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.