Absent Authenticode image page hashes

ID PE168 Level WARNING Category Optimization

Description

Authenticode image page hashes are absent. Image page hashes do not impact security, although they are recommended for performance reasons to make image loading faster in some scenarios (especially when used with the /INTEGRITYCHECK Microsoft linker option).

Page hashes are separate hashes for each executable image page (when the image is loaded in memory).

Mitigation

  • When signing the executable with signtool, pass the /ph option to compute image page hashes and include them in the resulting signature. See the signtool description page for more details.

Arguments

This rule has the following output arguments:

  • signature_info - Readable affected signature name (e.g. "root signature", "timestamp root signature", "nested signature (index 1)")