Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Instructional video: Checking the Digital Signature of Windows Executables


  • Please log in to reply
11 replies to this topic

#1 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:05 PM

Posted 05 January 2014 - 08:23 AM

Here's an instructional video I just made.

 

It happens that I advise people to check if a program has a (valid) digital signature.

It starts with checking the digital signature of Windows executables with the properties dialog. Later in the video, it gets more technical by using tools (AnalyzePESig and sigcheck) to check signatures.

 


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:05 AM

Posted 05 January 2014 - 08:46 AM

:thumbup2: I added a link to this pinned topic so it will not get lost.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 LittleGreenDots

LittleGreenDots

  • Members
  • 444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metro Detroit Area
  • Local time:06:05 AM

Posted 10 January 2015 - 06:58 AM

Hi.  I don't mean to drag this out but I have one (hopefully) final question.

 

Does this mean that there is no reason to trust a download with an unsigned signature? 

 

What a body can learn around here is amazing! 



#4 Didier Stevens

Didier Stevens
  • Topic Starter

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:05 PM

Posted 10 January 2015 - 05:35 PM

No, the absence or presence of a digital signature without knowing the context does not mean that you automatically trust or distrust the executable.

 

If there is a valid signature, you know that the file was released by the signer and that it was not modified afterwards. But you still have to decide if you trust that signer.

For example, a valid digital signature does not mean that the executable does not contain adware. There are some download sites that bundle adware with their installation programs, and then sign them.

 

The absence of a digital signature doesn't mean you have to distrust the file. There are many developers who don't have the money to buy a code signing certificate.

 

The reason why I mentioned digital signatures in your other post, is that you seemed to trust the developer, but were not sure if a third party had tampered with the file.

The presence of a digital signature by the developer means that the file was not modified by somebody else.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:05 AM

Posted 10 January 2015 - 06:45 PM

In addition, older legitimate software and drivers may not have a digital signature and there are tutorials which show you how to load them.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 LittleGreenDots

LittleGreenDots

  • Members
  • 444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Metro Detroit Area
  • Local time:06:05 AM

Posted 11 January 2015 - 06:32 AM

Further down the rabbit hole.

 

Thanks.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:05 AM

Posted 11 January 2015 - 07:57 AM

And a good reason to carry a rope. :wink:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 skymaster191

skymaster191

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 28 March 2016 - 09:37 AM

I'll have to check it out when I get home from work tonight



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:05 AM

Posted 28 March 2016 - 03:22 PM

I assume you mean the video.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 xaris2335

xaris2335

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 12 November 2017 - 06:04 AM

is there any way for massive check signed softwares ?

I think process explorer has a verification of signed software, am i right?

 

My english is not so good forgive me for the mistakes  :cherry:

 

Nice post by the way 



#11 1PW

1PW

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:03:05 AM

Posted 12 November 2017 - 11:35 PM

Hello xaris2335:
 
Although similar Windows based solutions may be available, please consider looking at Jody Holmes' SigcheckGUI to be used in conjunction with Mark Russinovich's Sigcheck.

Thank you.


Edited by 1PW, 12 November 2017 - 11:47 PM.

All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.


#12 xaris2335

xaris2335

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 13 November 2017 - 12:35 AM

thanks for the reply  :bananas: :thumbsup:


Edited by xaris2335, 13 November 2017 - 12:37 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users