New
#1
Run sigcheck via batch file
1. download sigcheck.exe from sysinternals.com and copy it in c:\windows
2. make a plain text file and name it "sigcheck.bat"
3. copy the following in this file
4. In third line of the bat file change "C:\Program Files (x86)\Mozilla Firefox" to whatever folder you wantCode:@ECHO OFF cd c:\windows set str1="C:\Program Files (x86)\Mozilla Firefox" FOR %%A IN (%str1%) DO set str2=%%~sfA echo %str2% cd c:\windows :sigcheck -e -s -vrs C:\windows\system32 :sigcheck -e -s -vrs C:\Users\Bill\Desktop\NEWFOL~1 sigcheck -e -s -vrs %str2% goto 10: usage: sigcheck [-a][-h][-i][-e][-l][-n][[-s]|[-c|-ct]|[-m]][-q][-r][-u][-vt][-v[r][s]][-f catalog file] <file or directory> usage: sigcheck [-d][-c|-ct] <file or directory> usage: sigcheck [-t[u]] <certificate store name|*> -a Show extended version information. The entropy measure reported is the bits per byte of information of the file's contents. -c CSV output with comma delimiter -ct CSV output with tab delimiter -d Dump contents of a catalog file -e Scan executable images only (regardless of their extension) -f Look for signature in the specified catalog file -h Show file hashes -i Show catalog name and image signers -l Traverse symbolic links and directory junctions -m Dump manifest -n Only show file version number -q Quiet (no banner) -r Disable check for certificate revocation -s Recurse subdirectories -t[u] Dump contents of specified certificate store ('*' for all stores). Specify -tu to query the user store (machine store is the default). -u If VirusTotal check is enabled, show files that are unknown by VirusTotal or have non-zero detection, otherwise show only unsigned files. -v[rs] Query VirusTotal ( www.virustotal.com) for malware based on file hash. Add 'r' to open reports for files with non-zero detection. Files reported as not previously scanned will be uploaded to VirusTotal if the 's' option is specified. Note scan results may not be available for five of more minutes. -vt Before using VirusTotal features, you must accept VirusTotal terms of service. See: https://www.virustotal.com/en/about/terms-of-service/. If you haven't accepted the terms and you omit this option, you will be interactively prompted. One way to use the tool is to check for unsigned files in your \Windows\System32 directories with this command: sigcheck -u -e c:\windows\system32 You should investigate the purpose of any files that are not signed. :10 pause
5. Run the bat file