Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Internet Storm Center - SANS Internet Storm Center Internet Storm Center

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

Huge Signed PE File: Keeping The Signature

Published: 2022-05-28
Last Updated: 2022-05-28 06:59:06 UTC
by Didier Stevens (Version: 1)
0 comment(s)

In my diary entry "Huge Signed PE File" we stripped a huge PE file with signature like this:

I was asked how to strip a PE file but keep the signature. So, doing this:

To achieve this, you follow the procedure as explain in my diary entry, and then you copy the signature from the original file to the stripped file with my, like this:

Of course, the signature will remain invalid (except for a very special case :-) ).


Didier Stevens
Senior handler
Microsoft MVP

Keywords: huge pefile signature
0 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Huge Signed PE File
May 26th 2022
2 days ago by DidierStevens (0 comments)

Using NMAP to Assess Hosts in Load Balanced Clusters
May 25th 2022
3 days ago by Rob VandenBrink (0 comments)

ctx Python Library Updated with "Extra" Features
May 24th 2022
3 days ago by Yee Ching (0 comments)

Attacker Scanning for jQuery-File-Upload
May 23rd 2022
4 days ago by Johannes (0 comments)

View All Diaries →

Latest Discussions

Dshield Sensor
created Jun 8th 2021
11 months ago by Rick (0 replies)

API port data
created Apr 25th 2021
1 year ago by JJ (1 reply)

RSS feed containing non-XML compatible characters
created Apr 14th 2021
1 year ago by Anonymous (1 reply)

Handler's Diary (Full text) RSS Feeds stopt working due to a typo
created Mar 5th 2021
1 year ago by (0 replies)

port_scan issue in Snort3
created Feb 23rd 2021
1 year ago by astraea (0 replies)

View All Forums →

Latest News

Top Diaries

Mixed VBA & Excel4 Macro In a Targeted Excel Sheet
Jan 22nd 2022
4 months ago by Xme (0 comments)

A Quick CVE-2022-21907 FAQ
Jan 14th 2022
4 months ago by Johannes (0 comments)

Method For String Extraction Filtering
Apr 9th 2022
1 month ago by DidierStevens (0 comments)

CinaRAT Delivered Through HTML ID Attributes
Feb 11th 2022
3 months ago by Xme (0 comments)

Obscure Wininet.dll Feature?
Jan 21st 2022
4 months ago by Xme (0 comments)