Incorrect Authenticode timestamp counter-signature

ID PE180 Level CRITICAL Category Security

Description

Authenticode timestamp counter-signature is not correct. Other reports (if enabled) will provide more details about the reason for the incorrect signature.

Mitigation

  • Make sure you do not modify the executable image after it has been signed.
  • Do not compress/pack signed images.

Arguments

This rule has the following output arguments:

  • signature_info - Readable affected signature name (e.g. "root signature", "timestamp root signature", "nested signature (index 1)")