Incorrect Authenticode message digest

ID PE170 Level CRITICAL Category Security

Description

Authenticode message digest value is not correct. The value stored in the signature does not match the computed value. This makes the Authenticode signature invalid.

Mitigation

  • Make sure you do not modify the executable image after it has been signed.
  • Do not compress/pack signed images.

Arguments

This rule has the following output arguments:

  • signature_info - Readable affected signature name (e.g. "root signature", "timestamp root signature", "nested signature (index 1)")