search

log2timeline / plaso

Super timeline all the things
https://plaso.readthedocs.io
Apache License 2.0
1.66k stars 327 forks source link

add digital signature checking - Authenticode PE signature #729

Open nwf9 opened 8 years ago

nwf9 commented 8 years ago

i'm wondering if it's not useful to add the checking of the digital signature (Authenticode PE signature) of each non compliant PE Microsoft.

Thanks

joachimmetz commented 8 years ago

i'm wondering if it's not useful to add the checking

I assume you mean "Add functionality to check of the Authenticode signature of PE/COFF files"

nwf9 commented 8 years ago

Yes , correct.

Thanks

nwf9 commented 6 years ago

You will find below a list of code signing malware discover on the wild that will confirm the interest of this feature. http://signedmalware.org/