Extracting Certificates For Defender
2022-12-5 08:0:0 Author: blog.didierstevens.com(查看原文) 阅读量:32 收藏

Extracting Certificates For Defender

Filed under: Malware — Didier Stevens @ 0:00

A colleague asked me for help with extracting code signing certificates from malicious files, to add them to Defender’s block list.

The procedure involves right-clicking the EXE in Windows Explorer, selecting properties to view the digital signature, and so on …

But I don’t like procedures where one has to click on malware.

So I looked for a PowerShell command, and found this.

Get-AuthenticodeSignature .\malware.exe.vir | Select-Object -ExpandProperty SignerCertificate | Export-Certificate -Type CERT -FilePath SignerCertificate.cer

No comments yet.


文章来源: https://blog.didierstevens.com/2022/12/05/extracting-certificates-for-defender/
如有侵权请联系:admin#unsafe.sh