Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: SANS.edu Internet Storm Center - SANS Internet Storm Center SANS.edu Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Last Daily Podcast (Fri, May 27th):Huge Signed PE Files; CVE-2022-22972 PoC; BMC Vuln.; Trend Micro vs. MSFT Patch; Nate Street @sans_edu

Latest Diaries

Huge Signed PE File: Keeping The Signature

Published: 2022-05-28
Last Updated: 2022-05-28 06:59:06 UTC
by Didier Stevens (Version: 1)
0 comment(s)

In my diary entry "Huge Signed PE File" we stripped a huge PE file with signature like this:

I was asked how to strip a PE file but keep the signature. So, doing this:

To achieve this, you follow the procedure as explain in my diary entry, and then you copy the signature from the original file to the stripped file with my disitool.py, like this:

Of course, the signature will remain invalid (except for a very special case :-) ).

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com

Keywords: huge pefile signature
0 comment(s)

If you have more information or corrections regarding our diary, please share.

Top of page

Recent Diaries

Huge Signed PE File
May 26th 2022
2 days ago by DidierStevens (0 comments)

Using NMAP to Assess Hosts in Load Balanced Clusters
May 25th 2022
3 days ago by Rob VandenBrink (0 comments)

ctx Python Library Updated with "Extra" Features
May 24th 2022
4 days ago by Yee Ching (0 comments)

Attacker Scanning for jQuery-File-Upload
May 23rd 2022
5 days ago by Johannes (0 comments)

View All Diaries →
Top of page

Latest Discussions

Dshield Sensor
created Jun 8th 2021
11 months ago by Rick (0 replies)

API port data
created Apr 25th 2021
1 year ago by JJ (1 reply)

RSS feed containing non-XML compatible characters
created Apr 14th 2021
1 year ago by Anonymous (1 reply)

Handler's Diary (Full text) RSS Feeds stopt working due to a typo
created Mar 5th 2021
1 year ago by bas.auer@auerplace.nl (0 replies)

port_scan issue in Snort3
created Feb 23rd 2021
1 year ago by astraea (0 replies)

View All Forums →
Top of page

Latest News

Top Diaries

Mixed VBA & Excel4 Macro In a Targeted Excel Sheet
Jan 22nd 2022
4 months ago by Xme (0 comments)

A Quick CVE-2022-21907 FAQ
Jan 14th 2022
4 months ago by Johannes (0 comments)

Method For String Extraction Filtering
Apr 9th 2022
1 month ago by DidierStevens (0 comments)

CinaRAT Delivered Through HTML ID Attributes
Feb 11th 2022
3 months ago by Xme (0 comments)

Obscure Wininet.dll Feature?
Jan 21st 2022
4 months ago by Xme (0 comments)