Microsoft has released Sigcheck 2.0 a couple of days ago. The excellent program enables you to verify information about files -- including digital certificates, version numbers and timestamp information - by pointing it to a folder that you want checked.
While that makes it an excellent tool for experienced Windows users and admins, its reliance on the command prompt is probably the main reason why it is not used by more users of the system.
Integration of the popular Virustotal API in Sigcheck could change that dramatically on the other hand. While you still need to run the program from the Windows command prompt, you can now send all files of a folder to Virustotal to return a list of files that at least one of the antivirus engines detected as malicious.
Using Sigcheck and Virustotal
Sigcheck 2.0 ships with three parameters that control Virustotal usage, they are:
- -u Shows files that are unknown by Virustotal or have non-zero detection.
- -v [rn] Queries the Virustotal service by using file hashes. The "r" option adds reports for files with non-zero detection, the "n" option prevents the uploading of files that are unknown to Virustotal.
- -vt This accepts the terms of service of Virustotal.
Here are a couple of examples of how you can use the new Virustotal integration of Sigcheck:
sigcheck -vrn -vt c:\windows\system32\
This scans the c:\windows\system32\ folder and checks the hash of the files against Virustotal's database. Unknown files are not uploaded to Virustotal.
sigcheck -u -vt c:\windows\system32\
This command limits the output to files that are unknown to Virustotal, and files that at least one engine reports as malware.
Tip: If you scan a folder with lots of files, or use the -s parameter to include subdirectories in the scan, you may want to redirect the report to a text file by appenending > c:\users\username\downloads\output.txt to the command.
sigcheck -u -v -vt -s c:\temp\ > c:\users\martin\downloads\output.txt
The command will check file hashes on Virustotal and upload any file where no hash is found. It will then add all files with at least one malware hit or that are unknown by Virustotal to the output.txt file. The -s command will include files in subdirectories in the scan.
You can check out all available parameters by following the link to the Microsoft Sysinternals website. There you can also download the application to your system.
As far as system requirements go, it requires at least Windows XP on the client side and Windows Server 2003 on the server side.
The integration of Virustotal scan options improves the scenarios where you can make use of the software. While it is still great for its original functionality, it can now also be used to scan files found in a folder quickly using the remote virus scanning service.