program Project1;
{$APPTYPE CONSOLE}

uses
  SysUtils,
  Signatures
  ;

var i: integer;

begin
  try
      if (ParamCount > 0) then
          for i:= 1 to ParamCount do
              WriteLn(Format('%s: %u', [ParamStr(i), Signatures.GetCertificateCount(ParamStr(i))]));
  except
        on E: Exception do begin
            WriteLn(Format('Exception %s: %s', [E.ClassName, E.Message]));
            Halt(1);
        end;
    end;
end.

unit Signatures;

uses Windows;

interface

const
  CERT_SECTION_TYPE_ANY = $FF;     // Any Certificate type
 
const
  IMAGEHLPDLL = 'imagehlp.dll';
 
function ImageEnumerateCertificates(FileHandle: THandle; TypeFilter: WORD;
  CertificateCount, Indices: PDWORD; IndexCount: DWORD): BOOL; stdcall; external IMAGEHLPDLL;

function GetCertificateCount(const AFileName: string): DWORD;

implementation

function GetCertificateCount(const AFileName: string): DWORD;
var
  hExe: THandle;
  CertCount: DWORD;
begin
  Result:= 0;
  hExe := CreateFile(PChar(AFilename), GENERIC_READ, FILE_SHARE_READ,
    nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL or FILE_FLAG_RANDOM_ACCESS, 0);
  if (hExe <> INVALID_HANDLE_VALUE) then
    try
      if ImageEnumerateCertificates(hExe, CERT_SECTION_TYPE_ANY, @CertCount, nil, 0) then
        Result:= CertCount;
    finally
      CloseHandle(hExe);
    end;
end;

end.

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (von .NET 4.6.2)
SHA1:   33 00 00 01 2f e1 e3 b9 bc 80 bd 8e e6 00 01 00 00 01 2f
SHA256: 33 00 00 00 ed 9a 4a 53 36 52 2e 14 aa 00 00 00 00 00 ed

type
  _CERT_STRONG_SIGN_SERIALIZED_INFO = record
    dwFlags: DWORD;
    pwszCNGSignHashAlgids: LPWSTR;
    pwszCNGPubKeyMinBitLengths: LPWSTR;
  end;
  CERT_STRONG_SIGN_SERIALIZED_INFO = _CERT_STRONG_SIGN_SERIALIZED_INFO;
  PCERT_STRONG_SIGN_SERIALIZED_INFO = ^CERT_STRONG_SIGN_SERIALIZED_INFO;

  _CERT_STRONG_SIGN_PARA = record
    cbSize: DWORD;
    dwInfoChoice: DWORD;
    union : record         // Not sure if the definition of this union is correct...
      case DWORD of
      0: (pvInfo: Pointer);
      1: (pSerializedInfo: PCERT_STRONG_SIGN_SERIALIZED_INFO);
      2: (pszOID: LPSTR);
    end;
  end;
  CERT_STRONG_SIGN_PARA = _CERT_STRONG_SIGN_PARA;
  PCERT_STRONG_SIGN_PARA = ^CERT_STRONG_SIGN_PARA;

  WINTRUST_SIGNATURE_SETTINGS_ = record
    cbStruct: DWORD;
    dwIndex: DWORD;
    dwFlags: DWORD;
    cSecondarySigs: DWORD;
    dwVerifiedSigIndex: DWORD;
    pCryptoPolicy: PCERT_STRONG_SIGN_PARA;
  end;
  WINTRUST_SIGNATURE_SETTINGS = WINTRUST_SIGNATURE_SETTINGS_;
  PWINTRUST_SIGNATURE_SETTINGS = ^WINTRUST_SIGNATURE_SETTINGS;
 
const
  WSS_VERIFY_SPECIFIC = $00000001;         // Set this value if you set the dwIndex parameter.
  WSS_GET_SECONDARY_SIG_COUNT = $00000002; // Set this value to return the number of secondary
                                            // signatures found in the cSecondarySigs member.

type
  TWinTrustFileInfo = record
    cbStruct: DWORD;
    pcwszFilePath: LPCWSTR;
    hFile: THandle;
    pgKnownSubject: PGUID;
  end;

type
  _WINTRUST_DATA = record
    cbStruct: DWORD;
    pPolicyCallbackData: Pointer;
    pSIPClientData: Pointer;
    dwUIChoice: DWORD;
    fdwRevocationChecks: DWORD;
    dwUnionChoice: DWORD;
    InfoUnion: record
      case DWORD of
        {WTD_CHOICE_FILE}       0: (pFile: PWinTrustFileInfo);
//        {WTD_CHOICE_CATALOG} 1: (pCatalog: PWinTrustCatalogInfo);
//        {WTD_CHOICE_BLOB}    2: (pBlob: PWinTrustBlobInfo);
//        {WTD_CHOICE_SIGNER}  3: (pSgnr: PWinTrustSgnrInfo);
        {WTD_CHOICE_CERT}       4: (pCert: PWinTrustCertInfo);
    end;
    dwStateAction: DWORD;
    hWVTStateData: THandle;
    pwszURLReference: LPCWSTR;
    dwProvFlags: DWORD;
    dwUIContext: DWORD;
    pSignatureSettings: PWINTRUST_SIGNATURE_SETTINGS;      // Windows 8 and Windows Server 2012:
                                                            // Support for this member begins.
  end;
  TWinTrustData = WINTRUST_DATA;

function GetSecondarySignatureCount(const AFileName: string): DWORD;
var
  Lwtd: TWinTrustData;
  Lfileinfo: TWinTrustFileInfo;
  Lsigsettings: WINTRUST_SIGNATURE_SETTINGS;
begin
  Result:= 0;

  ZeroMemory(@Lfileinfo, SizeOf(Lfileinfo));
  Lfileinfo.cbStruct := SizeOf(Lfileinfo);
  Lfileinfo.pcwszFilePath := PWideChar(WideString(AFilename));

  ZeroMemory(@Lsigsettings, SizeOf(WINTRUST_SIGNATURE_SETTINGS));
  Lsigsettings.cbStruct:= SizeOf(WINTRUST_SIGNATURE_SETTINGS);
  Lsigsettings.dwFlags:= WSS_GET_SECONDARY_SIG_COUNT;

  ZeroMemory(@Lwtd, SizeOf(TWinTrustData));
  with Lwtd do begin
    cbStruct := SizeOf(TWinTrustData);
    dwUIChoice := WTD_UI_NONE;
    fdwRevocationChecks := WTD_REVOKE_NONE;
    dwUnionChoice := WTD_CHOICE_FILE;
    dwStateAction := WTD_STATEACTION_IGNORE;
    InfoUnion.pFile := @Lfileinfo;
    pSignatureSettings:= @Lsigsettings;
  end;
  if Windows.WinVerifyTrust(INVALID_HANDLE_VALUE, WINTRUST_ACTION_GENERIC_VERIFY_V2, @Lwtd) = ERROR_SUCCESS then
      Result:= Lwtd.pSignatureSettings.cSecondarySigs;
end;