image
LAB C – Changing signatures

LAB C – Changing signatures

alt

In this lab you will view and change signatures

The lab duration will be 10 minutes.

  • On the Windows 11 VM, open HxD from the Desktop.
  • Open the ccleaner executable that you downloaded in Lab 1 (you can drag this into the HXD window from the downloads folder to open it).

alt

NOTE: We will now change the contents of the file slightly – this will change the hash value, causing a signature mismatch. We need to be careful not to change too much and corrupt the file.

  • Find the text that reads ‘This program cannot be run in DOS mode’.
  • Click on the e of mode and type f to overwrite this value.

alt

  • Now save the file as ccsetupnew.exe in the Downloads folder.

Task 2 - Confirm the signature mismatch in PowerShell

To confirm the hash mismatch, we can use PowerShell.

  • Click on the Search icon and enter PowerShell. Click on Windows PowerShell to open it.
  • At the prompt, enter, one at a time:

cd downloads

Get-AuthenticodeSignature ccsetup606.exe

Note that the name of your file might be different, ccleaner update the name of the download between versions.

  • Now enter:

Get-AuthenticodeSignature ccsetupnew.exe

Notice the signature mismatch on the modified file.

alt

NOTE: Although UAC changes colour and informs that the application is not signed, it is still very easy for a user to run the application. UAC does not tell the user why the code is unsigned.

Difficulty
Beginner
Duration
35m
Description

Module 11: Application security

About the Author
Students
43862
Labs
168
Courses
1745
Learning Paths
45

A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.