Weak Authenticode image hash algorithm
ID PE171 Level ERROR Category Security
Description
Authenticode image hash algorithm is too weak. This may allow an attacker to modify the executable while keeping the signature valid.
Mitigation
- Use stronger hash algorithm when signing the image.
MD5andSHA1algorithms are no longer considered safe. UseSHA256,SHA384orSHA512. - When signing the image using
signtool, pass the/fdoption with the strong hash name (e.g./fd SHA256). See thesigntooldescription page for more details.
Arguments
This rule has the following output arguments:
-
signature_info- Readable affected signature name (e.g. "root signature", "timestamp root signature", "nested signature (index 1)") -
hash_algorithm- Weak hash algorithm used in the signature (e.g.MD5,SHA1)
Loading...
Unable to load this documentation page.