Attention
Zercurity has been acquired by JumpCloud.
This documentation will no longer be maintained or updated. You can read more about the acquisition, or signup to JumpCloud today.
authenticode¶
File (executable, bundle, installer, disk) code signing status.
Platform support¶
Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: authenticode
- Windows
Table schema¶
Name | Type | Description |
---|---|---|
path | TEXT | Must provide a path or directory |
original_program_name | TEXT | The original program name that the publisher has signed |
serial_number | TEXT | The certificate serial number |
issuer_name | TEXT | The certificate issuer name |
subject_name | TEXT | The certificate subject name |
result | TEXT | The signature check result |
Query examples¶
SELECT * FROM authenticode WHERE path = 'C:\Windows\notepad.exe'
SELECT process.pid, process.path, signature.result FROM processes as process LEFT JOIN authenticode AS signature ON process.path = signature.path;