Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Huge Signed PE File: Keeping The Signature

Published: 2022-05-28
Last Updated: 2022-05-28 06:59:06 UTC
by Didier Stevens (Version: 1)
0 comment(s)

In my diary entry "Huge Signed PE File" we stripped a huge PE file with signature like this:

I was asked how to strip a PE file but keep the signature. So, doing this:

To achieve this, you follow the procedure as explain in my diary entry, and then you copy the signature from the original file to the stripped file with my disitool.py, like this:

Of course, the signature will remain invalid (except for a very special case :-) ).

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com

Keywords: huge pefile signature
0 comment(s)
Diary Archives