Incorrect Authenticode timestamp counter-signature digest

ID PE177 Level CRITICAL Category Security

Description

Authenticode timestamp counter-signature digest is not correct. The value stored in the signature and the computed value do not match. This makes the timestamp Authenticode signature invalid.

Mitigation

  • Make sure you do not modify the executable image after it has been signed.
  • Do not compress/pack signed images.

Arguments

This rule has the following output arguments:

  • signature_info - Readable affected signature name (e.g. "root signature", "timestamp root signature", "nested signature (index 1)")