Sysinternals! Sigcheck!

If you run or support Windows systems, you are missing a bet if you do not use the suite of Sysinternals tools by Mark Russinovich.

He just released a new version of a tool called Sigcheck.  So simple!  Sigcheck reports on the file version number, timestamp information, and digital signature details, including certificate chains. You can also check a file’s status on VirusTotal, and upload a file for scanning there.  It runs at the command line and is a self-contained EXE, so it's portable as soon as you get it.

How obvious a sanity check is this?  Run this against the Windows directory and establish a baseline when you install fresh, or immediately pinpoint anything suspicious to investigate further should there be a possible compromise.

Another one of the easy things you can do to be sure you have a clean system.

This article was updated on May 9, 2023

David F