______________________________________________________________________
sigcheck.exe Instructions
________________________________________
Acquire
https://download.sysinternals.com/files/SysinternalsSuite.zip
• Expand the archive to a temporary folder.
________________________________________
Configure
• In an administrative, UAC-elevated cmd.exe prompt, execute: sigcheck.exe
· If the EULA dialog is displayed: click 'OK'
________________________________________
Procedures
• In the displayed output, look for: Verified: Signed
· This will be toward the top.
• In an administrative, UAC-elevated cmd.exe prompt, execute: sigcheck.exe -i -r -h x:\path\filename.ext
· Where 'x:\path\filename.ext' is the path to the file to be verified.
________________________________________
Example Output
X:\>sigcheck -i -r -h c:\windows\system32\user32.dll
Sigcheck v2.30 - File version and signature viewer
Copyright (C) 2004-2015 Mark Russinovich
Sysinternals - www.sysinternals.com
c:\windows\system32\user32.dll:
Verified: Signed
Catalog: c:\windows\system32\user32.dll
Signers:
Microsoft Windows
Status: Valid
Valid Usage: Code Signing,
NT5 Crypto
Serial Number: 33 00 00 00 BC E1 20 FD D2 7C
C8 EE 93 00 00 00 00 00 BC
Thumbprint: E85459B23C232DB3CB94C7A56D47678F58E8E51E
Algorithm: 1.2.840.113549.1.1.11
Valid from: 11:15 AM 8/18/2015
Valid to: 11:15 AM 11/18/2016
Microsoft Windows Production PCA 2011
Status: Valid
Valid Usage: All
Serial Number: 61 07 76 56 00 00 00 00 00 08
Thumbprint: 580A6F4CC4E4B669B9EBDC1B2B3E087B80D0678D
Algorithm: 1.2.840.113549.1.1.11
Valid from: 12:41 PM 10/19/2011
Valid to: 12:51 PM 10/19/2026
Microsoft Root Certificate Authority 2010
Status: Valid
Valid Usage: All
Serial Number: 28 CC 3A 25 BF BA 44 AC 44 9A
9B 58 6B 43 39 AA
Thumbprint: 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Algorithm: 1.2.840.113549.1.1.11
Valid from: 3:57 PM 6/23/2010
Valid to: 4:04 PM 6/23/2035
Signing date: 6:40 PM 11/8/2015
Counter Signers:
Microsoft Time-Stamp Service
Status: Valid
Valid Usage: Timestamp Signing
Serial Number: 33 00 00 00 71 32 45 3C 76 C7
62 FC E8 00 00 00 00 00 71
Thumbprint: 3833D2DE6B619034180337E595D60E6E8660B1E0
Algorithm: 1.2.840.113549.1.1.11
Valid from: 12:17 PM 10/7/2015
Valid to: 12:17 PM 1/7/2017
Microsoft Time-Stamp PCA 2010
Status: Valid
Valid Usage: All
Serial Number: 61 09 81 2A 00 00 00 00 00 02
Thumbprint: 2AA752FE64C49ABE82913C463529CF10FF2F04EE
Algorithm: 1.2.840.113549.1.1.11
Valid from: 3:36 PM 7/1/2010
Valid to: 3:46 PM 7/1/2025
Microsoft Root Certificate Authority 2010
Status: Valid
Valid Usage: All
Serial Number: 28 CC 3A 25 BF BA 44 AC 44 9A
9B 58 6B 43 39 AA
Thumbprint: 3B1EFD3A66EA28B16697394703A72CA340A05BD5
Algorithm: 1.2.840.113549.1.1.11
Valid from: 3:57 PM 6/23/2010
Valid to: 4:04 PM 6/23/2035
Publisher: Microsoft Windows
Company: Microsoft Corporation
Description: Multi-User Windows USER API Client DLL
Product: Microsoft« Windows« Operating System
Prod version: 6.3.9600.18123
File version: 6.3.9600.18123 (winblue_ltsb.151108-1002)
MachineType: 64-bit
MD5: 33094E2182C451BCFCFD60F734B1C4EF
SHA1: E9E8914F0FD88E5CA98D3A8BDDBEF7012DB3C54E
PESHA1: A7A3D1B5E488E08611AFDC43A1664C72530D06F2
PE256: E929B0FC21F41109F625C34676CD2BE66B3685574033EE742FA5B6C04680D68A
SHA256: 8BB2CB228252A0F2B43DB756CFEBB0D5B7E83F7761FECADC2C1AB8D0150113B7
IMP: 6246BBCDB63193881FFC0E4D238D29FA
________________________________________
Credits
Any external referenced material in this document is hyperlinked. Authors responsible for referenced work should be sought through the reference(s) listed.
I am Christopher Etter, a Professional Services consultant.
Because you are using this, I welcome you as my customer. These documents are free for you to use. I work diligently to serve you with material such as this. I would appreciate it if PSPRO (professionalservices.pro), my name, and this 'Credits' section remain attached to this work so that I accrue name recognition via your success and peer recommendation. Thank you very much, and I hope this document helps you solve your current information technology issue!