How to identify malware with sigcheck

Sigcheck is a Windows Sysinternals tool that checks version numbers, signatures, certificates , timestamps etc. and allows you to submit samples to VirusTotal for scanning. You can download it here:

From a Windows machine, run it against suspected binaries, or entire folders, like so:

sigcheck -c -e -u -h -v -vt filename.exe > sigcheck-results.csv
sigcheck -c -e -u -h -v -vt \path\to\folders\like\system32 > sigcheck-results.csv

Open the CSV in Excel and order by the VT detection column to see which files had VirusTotal trigger.