Check unsigned files at VirusTotal with Sysinternals’ Sigcheck
By Mike Williams
icrosoft Sysinternals has released Sigcheck 2.0, the latest edition of its digital signature verification tool. Okay, it’s true, a command line utility which scans for signed executables doesn’t exactly sound interesting. At all. But wait: this version’s new VirusTotal support means it could be a very useful addition to your malware-hunting toolkit.
To get a general feel for how the program works, open a command window, enter something like:
sigcheck -e -u -vn -vt c:\windows\system32
Now the program will scan your \Windows\System32 folder for unsigned files, then upload whatever it finds to VirusTotal, before listing anything that at least one of the engines thinks is malware.