% codesign -vv HandBrake.app
HandBrake.app: code object is not signed at all
In architecture: x86_64
However, code signing only goes so far. In there past, malware has been spread in signed application bundles as well [1]. The only good solution is sandboxing. Unfortunately, virtually nobody sandboxes macOS apps outside the App Store (where it is a requirement). These days I think twice before installing/purchasing an application outside the Mac App store.
[1] http://gizmodo.com/mac-bittorrent-client-transmission-gets-i...