Sigcheck can verify that images are digitally signed and dump version information with this simple command-line utility.

Usage: sigcheck.exe [-a][-h][-i][-e][-n][[-s]|[-v]|[-m]][-q][-r][-u][-c catalog file] <file or directory>

-a Show extended version information
-c Look for signature in the specified catalog file
-e Scan executable images only (regardless of their extension).
-h Show file hashes
-i Show image signers
-m Dump manifest
-n Only show file version number
-q Quiet (no banner)
-r Check for certificate revocation
-s Recurse subdirectories
-u Show unsigned files only
-v Csv output

One way to use the tool is to check for unsigned files in your WindowsSystem32 directories with this command:
sigcheck -u -e c:windowssystem32
You should investigate the purpose of any files that are not signed.

SigCheck provides information not readily available through abilities provided via the operating system. Particularly useful are hash value and internal name values. Hash values can be fed into online services to check for known malicious files.

The license of this software is Freeware, you can free download and free use this image utility software.