Miscellaneous Utilities : SigCheck reports unsigned system file

Author: gpneil
Subject: SigCheck reports unsigned system file
Posted: 24 September 2013 at 4:21am


Lately I find if I copy some system files(e.g. wininit.exe) from target machine(win8.1 RTM) to my working machines(Win7 SP1 and Win8.1 RTM) and run the command in the below on my working machines, SigCheck will say the file is NOT signed. However if I run the same command with same file on target machine, SigCheck says the file is signed. I guess it may be related to some differences in security related settings. But not every system file has the problem. For example, SigCheck does say "signed" when I check smss.exe(copy from target machine) on my working machine.

Another finding is if I copy the file(wininit.exe) from a target machine(Win7 SP1) to my working machine which is Win7 SP1 as well, SigCheck does not say the file is NOT signed.

The question is why the behavior is different? What's the right way to check if a file is signed or not?


SigCheck -h xxx.exe


e:\wininit.exe:
        Verified:       Unsigned
        Link date:      10:49 2013/8/22
        Publisher:      Microsoft Corporation
        Description:    Windows Start-Up Application
        Product:        Microsoft?Windows?Operating System
        Version:        6.3.9600.16384
        File version:   6.3.9600.16384 (winblue_rtm.130821-1623)