Didier Stevens

Monday 4 June 2012

Flame: Before and After KB2718704

Filed under: Malware — Didier Stevens @ 17:57

You probably know Microsoft issued security advisory KB2718704 to revoke Microsoft certificates present in the certificate chain of a signed Flame component.

Here are some screenshots of the signature of this Flame component (WuSetupV.exe).

Before revocation:

After revocation:

Blog at WordPress.com.