Closed pkdawson closed 2 years ago
I found a (non-malicious) EXE which happens to have an unusual or corrupt certificate table (it starts with a long series of zeros), which causes an exception to be thrown from the std::vector constructor in uthenticode::read_certs.
std::vector
uthenticode::read_certs
It's WaitHelpWindow.exe, part of Samsung Magician: https://www.virustotal.com/gui/file/ffed326a77352d65fba88a4f0edd55f7ec8afdddcef84d16484118dfca7d6bac/details
https://semiconductor.samsung.com/resources/software-resources/Samsung_Magician_Installer_Official_7.1.1.820.zip
I uploaded the individual file here: https://www.dropbox.com/s/9nw352jkye1pa2a/WaitHelpWindow.exe
It looks like maybe there are some embedded certificates, but no signature.
I'll submit a simple PR to avoid the exception.
I found a (non-malicious) EXE which happens to have an unusual or corrupt certificate table (it starts with a long series of zeros), which causes an exception to be thrown from the
std::vectorconstructor inuthenticode::read_certs.It's WaitHelpWindow.exe, part of Samsung Magician: https://www.virustotal.com/gui/file/ffed326a77352d65fba88a4f0edd55f7ec8afdddcef84d16484118dfca7d6bac/details
https://semiconductor.samsung.com/resources/software-resources/Samsung_Magician_Installer_Official_7.1.1.820.zip
I uploaded the individual file here: https://www.dropbox.com/s/9nw352jkye1pa2a/WaitHelpWindow.exe
It looks like maybe there are some embedded certificates, but no signature.
I'll submit a simple PR to avoid the exception.