bla*_*899 8 windows executable signature
如果您转到VirusTotal 链接,则会有一个名为文件信息的选项卡(我认为;我的是荷兰语)。你会看到一个标题为
"Authenticode signature block and FileVersionInfo properties"
我想使用 Linux cli 提取标题下的数据。例子:
Run Code Online (Sandbox Code Playgroud)Signature verification Signed file, verified signature Signing date 7:43 AM 11/4/2014 Signers [+] Microsoft Windows [+] Microsoft Windows Production PCA 2011 [+] Microsoft Root Certificate Authority 2010 Counter signers [+] Microsoft Time-Stamp Service [+] Microsoft Time-Stamp PCA 2010 [+] Microsoft Root Certificate Authority 2010
我Camera.exe在 Windows 10 中使用了,以某种方式提取数据。
我解压了.exe文件,发现里面有一个CERTIFICATE文件,里面有很多不可读的数据,还有一些文字,我能读懂,也就是——大致——和上面的输出一样。
如何.exe使用 cli从Linux 下的 Windows文件中提取签名
Ste*_*itt 11
在 Linux 上有一个工具osslsigncode可以处理 Windows Authenticode 签名。验证二进制签名会产生类似于您在示例中显示的输出;在vcredist_x86.exe我必须手上我得到:
$ osslsigncode verify vcredist_x86.exe
Current PE checksum : 004136A1
Calculated PE checksum: 004136A1
Message digest algorithm : SHA1
Current message digest : 0A9F10FB285BA0064B5537023F8BC9E06E173801
Calculated message digest : 0A9F10FB285BA0064B5537023F8BC9E06E173801
Signature verification: ok
Number of signers: 1
Signer #0:
Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation
Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA
Number of certificates: 7
Cert #0:
Subject: /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
Issuer : /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
Cert #1:
Subject: /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
Issuer : /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
Cert #2:
Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA
Issuer : /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
Cert #3:
Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation
Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA
Cert #4:
Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=nCipher DSE ESN:D8A9-CFCC-579C/CN=Microsoft Timestamping Service
Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Timestamping PCA
Cert #5:
Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=nCipher DSE ESN:10D8-5847-CBF8/CN=Microsoft Timestamping Service
Issuer : /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Timestamping PCA
Cert #6:
Subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Timestamping PCA
Issuer : /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority
Succeeded
您还可以提取签名:
osslsigncode extract-signature vcredist_x86.exe vcredist_x86.sig
| 归档时间: |
|
| 查看次数: |
9012 次 |
| 最近记录: |