diff --git a/pkgs/development/libraries/uthenticode/default.nix b/pkgs/development/libraries/uthenticode/default.nix
new file mode 100644
index 00000000000..9957eccd426
--- /dev/null
+++ b/pkgs/development/libraries/uthenticode/default.nix
@@ -0,0 +1,37 @@
+{ stdenv, lib, fetchFromGitHub, fetchpatch, cmake, gtest, openssl, pe-parse }:
+
+stdenv.mkDerivation rec {
+  pname = "uthenticode";
+  version = "1.0.4";
+
+  src = fetchFromGitHub {
+    owner = "trailofbits";
+    repo = "uthenticode";
+    rev = "v${version}";
+    sha256 = "16j91cki63zk4d7wzwvq8al98l8hmvcdil3vfp44ink4q4bfswkx";
+  };
+
+  patches = [
+    # adds USE_SYSTEM_GTEST cmake flag, the patch won't be necessary in next versions
+    (fetchpatch {
+      url = "https://github.com/trailofbits/uthenticode/commit/7a4c5499c8e5ea7bfae1c620e1f96c112866b1dd.patch";
+      sha256 = "17637j5zwp71jmi803mv1z04arld3k3kmrm8nvrkpg08q5kizh28";
+    })
+  ];
+
+  cmakeFlags = [ "-DBUILD_TESTS=1" "-DUSE_SYSTEM_GTEST=1" ];
+
+  nativeBuildInputs = [ cmake ];
+  buildInputs = [ pe-parse openssl gtest ];
+
+  doCheck = true;
+  checkPhase = "test/uthenticode_test";
+
+  meta = with lib; {
+    description = "A small cross-platform library for verifying Authenticode digital signatures.";
+    homepage = "https://github.com/trailofbits/uthenticode";
+    license = licenses.mit;
+    platforms = platforms.unix;
+    maintainers = with maintainers; [ arturcygan ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index f5eba394290..ecaedcc9e7e 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -16702,6 +16702,8 @@ in
 
   uthash = callPackage ../development/libraries/uthash { };
 
+  uthenticode = callPackage ../development/libraries/uthenticode { };
+
   utmps = skawarePackages.utmps;
 
   ucommon = ucommon_openssl;