Open ikiril01 opened 10 years ago
ikiril01
commented
9 years ago I don't know much about Authenticode, so this may require a new "AuthenticodeInfoType" with corresponding elements, or it could just make use of the existing X509 Certificate Object.
ikiril01
commented
9 years ago Context: this is useful primarily for malware-related use cases, for more accurately characterizing the properties of authenticode-signed PE binaries (i.e. in MAEC).
LOE: Unknown
We should add the ability to capture Authenticode/SignerInfo data of a PE file object as a native component of the Windows Executable File Object.