______________________________________________________________________
sigcheck.exe Instructions

________________________________________
Acquire

https://download.sysinternals.com/files/SysinternalsSuite.zip

• Expand the archive to a temporary folder.

________________________________________
Configure

• In an administrative, UAC-elevated cmd.exe prompt, execute: sigcheck.exe
    · If the EULA dialog is displayed: click 'OK'

________________________________________
Procedures

• In the displayed output, look for: Verified: Signed
    · This will be toward the top.

• In an administrative, UAC-elevated cmd.exe prompt, execute: sigcheck.exe -i -r -h x:\path\filename.ext
    · Where 'x:\path\filename.ext' is the path to the file to be verified.


________________________________________
Example Output

    X:\>sigcheck -i -r -h c:\windows\system32\user32.dll
    
    Sigcheck v2.30 - File version and signature viewer
    Copyright (C) 2004-2015 Mark Russinovich
    Sysinternals - www.sysinternals.com
    
    c:\windows\system32\user32.dll:
            Verified: Signed
            Catalog: c:\windows\system32\user32.dll
            Signers:
            Microsoft Windows
                    Status: Valid
                    Valid Usage: Code Signing,
                                    NT5 Crypto
                    Serial Number: 33 00 00 00 BC E1 20 FD D2 7C
                                    C8 EE 93 00 00 00 00 00 BC
                    Thumbprint: E85459B23C232DB3CB94C7A56D47678F58E8E51E
                    Algorithm: 1.2.840.113549.1.1.11
                    Valid from: 11:15 AM 8/18/2015
                    Valid to: 11:15 AM 11/18/2016
            Microsoft Windows Production PCA 2011
                    Status: Valid
                    Valid Usage: All
                    Serial Number: 61 07 76 56 00 00 00 00 00 08
                    Thumbprint: 580A6F4CC4E4B669B9EBDC1B2B3E087B80D0678D
                    Algorithm: 1.2.840.113549.1.1.11
                    Valid from: 12:41 PM 10/19/2011
                    Valid to: 12:51 PM 10/19/2026
            Microsoft Root Certificate Authority 2010
                    Status: Valid
                    Valid Usage: All
                    Serial Number: 28 CC 3A 25 BF BA 44 AC 44 9A
                                    9B 58 6B 43 39 AA
                    Thumbprint: 3B1EFD3A66EA28B16697394703A72CA340A05BD5
                    Algorithm: 1.2.840.113549.1.1.11
                    Valid from: 3:57 PM 6/23/2010
                    Valid to: 4:04 PM 6/23/2035
            Signing date: 6:40 PM 11/8/2015
            Counter Signers:
            Microsoft Time-Stamp Service
                    Status: Valid
                    Valid Usage: Timestamp Signing
                    Serial Number: 33 00 00 00 71 32 45 3C 76 C7
                                    62 FC E8 00 00 00 00 00 71
                    Thumbprint: 3833D2DE6B619034180337E595D60E6E8660B1E0
                    Algorithm: 1.2.840.113549.1.1.11
                    Valid from: 12:17 PM 10/7/2015
                    Valid to: 12:17 PM 1/7/2017
            Microsoft Time-Stamp PCA 2010
                    Status: Valid
                    Valid Usage: All
                    Serial Number: 61 09 81 2A 00 00 00 00 00 02
                    Thumbprint: 2AA752FE64C49ABE82913C463529CF10FF2F04EE
                    Algorithm: 1.2.840.113549.1.1.11
                    Valid from: 3:36 PM 7/1/2010
                    Valid to: 3:46 PM 7/1/2025
            Microsoft Root Certificate Authority 2010
                    Status: Valid
                    Valid Usage: All
                    Serial Number: 28 CC 3A 25 BF BA 44 AC 44 9A
                                    9B 58 6B 43 39 AA
                    Thumbprint: 3B1EFD3A66EA28B16697394703A72CA340A05BD5
                    Algorithm: 1.2.840.113549.1.1.11
                    Valid from: 3:57 PM 6/23/2010
                    Valid to: 4:04 PM 6/23/2035
            Publisher: Microsoft Windows
            Company: Microsoft Corporation
            Description: Multi-User Windows USER API Client DLL
            Product: Microsoft« Windows« Operating System
            Prod version: 6.3.9600.18123
            File version: 6.3.9600.18123 (winblue_ltsb.151108-1002)
            MachineType: 64-bit
            MD5: 33094E2182C451BCFCFD60F734B1C4EF
            SHA1: E9E8914F0FD88E5CA98D3A8BDDBEF7012DB3C54E
            PESHA1: A7A3D1B5E488E08611AFDC43A1664C72530D06F2
            PE256: E929B0FC21F41109F625C34676CD2BE66B3685574033EE742FA5B6C04680D68A
            SHA256: 8BB2CB228252A0F2B43DB756CFEBB0D5B7E83F7761FECADC2C1AB8D0150113B7
            IMP: 6246BBCDB63193881FFC0E4D238D29FA

________________________________________
Credits

Any external referenced material in this document is hyperlinked. Authors responsible for referenced work should be sought through the reference(s) listed.



I am Christopher Etter, a Professional Services consultant.

Because you are using this, I welcome you as my customer. These documents are free for you to use. I work diligently to serve you with material such as this. I would appreciate it if PSPRO (professionalservices.pro), my name, and this 'Credits' section remain attached to this work so that I accrue name recognition via your success and peer recommendation. Thank you very much, and I hope this document helps you solve your current information technology issue!