 Let me show you how you can check the digital signature of Windows executables. So here we have the installation program, the setup program for Microsoft Security Essentials. If you right-click here and take the properties, you will have a tab, these little signatures, that is, because this program is signed. Now if you take another program here, like Process Hacker, which is not signed, take the properties, you can see that the digital signature tab is missing, so it is not signed. And then you have an exception, which I want to talk later on in this video. This is the Notepad program from Windows, which is digitally signed, but if you take the properties, you will not see a tab. I will show you later how you can check this. So let's come back to the Microsoft Security Essential installer package. Look at the properties, select the digital signature. Now how you can you check that such a signature is valid? You select the signature, click on Details, it can take a couple of seconds while the verification is ongoing. And here we have the details of the signatures. First of all here you notice that this digital signature is OK, so that is how you check if a digital signature is valid or not. You look at the details and then Microsoft Windows here tells you if it is OK or not. You can also have a look at the certificate, view certificate, and in the Certification tab you can see the different certificates that have been used to sign this certificate, Shane, and the executable itself. So the executable was signed by a certificate from Microsoft Corporation, which in its turn was signed by Microsoft Code Signing PCA, and that certificate was signed by the Microsoft Root Certificate Authority. So this is a valid digital signature. Here I have a copy of the Microsoft Security Essential Installation Package, which I've changed, so I've changed this executable. And if you now look at the properties, we still have the digital signature, which is here. If we look at the details, now you can see that the signature is not valid, and the reason why this signature is not valid is that I changed the executable after it was signed, and this invalidates the signature. Now you can also have other reasons why a signature is not valid, so not only that the executable was modified, was tampered with, so there could be other reasons. For example, if we have a look here at Exor Search, this is a program that I developed and that I signed with my own certificate. If we look at the properties of this program, you can see it has a digital signature. Look at the details, and here you can also see that it is not okay, but the reason is different. The reason is a certificate chain processed but terminated in a root certificate, which is not trusted by the trust provider. What does it mean? If you look at the certificate and you look at the certification pad, so the chain, you can see here the certificate chaining up all the way to a root certificate here. This is a root certificate that I created, and Windows does not trust this root certificate. You can see it here, this CA root certificate is not trusted because it is not in a trusted root certification authority store. So this is something you can encounter that a program has a valid digital signature, but I mean that it has not been tampered with, but that that signature is not accepted because the root CA that was used to sign it is not in the store. You can check this here. If you launch this utility program, CertManager, okay, here it is, CertManager. If you look here, trusted root certificate authorities, certificates, here you have the list of root certificate authorities that are trusted by this Windows installation. You can see here the Microsoft root authority, which we saw at checking of the MSE setup, while you can see that my root CA DDS statements here is not installed, and that's why it is not trusted. Okay, now let's take a look at another program that I developed here, AnalyzedPEcig. This program is also digitally signed, but this one is signed with a certificate that I bought from a certification authority. So if you look now at the digital signatures, details, view certificate, certification path, so you can see it is signed by me, and this is a certificate that I obtained from Global Sign. And this certificate, everything here you can see is okay, and the reason is that the Global Sign root CA is trusted by this Windows installation. Signature is okay. If we go back to the CertManager, trusted root CA is here, certificates, here you can find the Global Sign root CA. Okay, so this is how you check the digital signature of a Windows executable with the properties tab, and you go to the digital signature tab. So remember, I told you here, Notepad is also signed, but it has no digital signature tab. And the reason is because the digital signature of Notepad is not stored inside the Notepad executable itself, but it is stored inside a catalog file. And there is a way to check this. If you take a command line tool, and you use the program sichtcheck from sysinternals, so let's do this sichtcheck on Notepad. Okay, you can see that it is signed. So this program Notepad is signed, but you have to check it with sichtcheck to be sure that it is signed. And let me just show you the signature analysis with my Analyze PCG program. So Analyze PCG of Notepad. Okay, you get a lot of information about executable and the signature, and if we scroll back and have a look here, you can see that we have a valid signature, value 1 it is valid, and that the signature itself comes from a catalog file and we have value 1 here, and here you have the name of the catalog file. It is in Windows system, catroot, that's where you will find all the different catalog files used by Windows.