File (executable, bundle, installer, disk) code signing status.

Table schema

Name Type Description
path TEXT Must provide a path or directory
original_program_name TEXT The original program name that the publisher has signed
serial_number TEXT The certificate serial number
issuer_name TEXT The certificate issuer name
subject_name TEXT The certificate subject name
result TEXT The signature check result

Query examples

SELECT * FROM authenticode WHERE path = 'C:\Windows\notepad.exe'
SELECT, process.path, signature.result FROM processes as process LEFT JOIN authenticode AS signature ON process.path = signature.path;