1 reply to this topic

[joakim]

File Name: DigitalSignatureTweaker
File Submitter: joakim
File Submitted: 28 Nov 2011
File Updated: 01 Dec 2011
File Category: Security

This is a PoC that one can hide data inside an Authenticode signed executable without invalidating the signature. It supports compression, encryption and timestamp manipulation, as well as a separat program to extract hidden data. More explanations inside the readme. Discussion follow at; http://reboot.pro/15889/

Click here to download this file

[joakim]

Turns out there was released a patch from Microsoft (MS12-024) about half a year after the tool was released; https://blog.avast.c...ility-ms12-024/

I don't really know what the patch does, but I remember I could make explorer crash/freeze with certain of my custom made files (only signature was modified), and that could be part of what the patch is for.

Maybe they also should consider making a patch for their WRP since the system protected files can have ADS's injected without triggering any alarms.. Thanks to NTFS.