LAB C – Changing signatures
In this lab you will view and change signatures
The lab duration will be 10 minutes.
- On the Windows 11 VM, open HxD from the Desktop.
- Open the ccleaner executable that you downloaded in Lab 1 (you can drag this into the HXD window from the downloads folder to open it).
NOTE: We will now change the contents of the file slightly – this will change the hash value, causing a signature mismatch. We need to be careful not to change too much and corrupt the file.
- Find the text that reads ‘This program cannot be run in DOS mode’.
- Click on the e of mode and type f to overwrite this value.
- Now save the file as ccsetupnew.exe in the Downloads folder.
Task 2 - Confirm the signature mismatch in PowerShell
To confirm the hash mismatch, we can use PowerShell.
- Click on the Search icon and enter PowerShell. Click on Windows PowerShell to open it.
- At the prompt, enter, one at a time:
cd downloads
Get-AuthenticodeSignature ccsetup606.exe
Note that the name of your file might be different, ccleaner update the name of the download between versions.
- Now enter:
Get-AuthenticodeSignature ccsetupnew.exe
Notice the signature mismatch on the modified file.
NOTE: Although UAC changes colour and informs that the application is not signed, it is still very easy for a user to run the application. UAC does not tell the user why the code is unsigned.
Module 11: Application security
A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.