File (executable, bundle, installer, disk) code signing status.
Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error:
no such table: authenticode
|path||TEXT||Must provide a path or directory|
|original_program_name||TEXT||The original program name that the publisher has signed|
|serial_number||TEXT||The certificate serial number|
|issuer_name||TEXT||The certificate issuer name|
|subject_name||TEXT||The certificate subject name|
|result||TEXT||The signature check result|
SELECT * FROM authenticode WHERE path = 'C:\Windows\notepad.exe'
SELECT process.pid, process.path, signature.result FROM processes as process LEFT JOIN authenticode AS signature ON process.path = signature.path;