Didier Stevens

Monday 5 December 2022

Extracting Certificates For Defender

Filed under: Malware — Didier Stevens @ 0:00

A colleague asked me for help with extracting code signing certificates from malicious files, to add them to Defender’s block list.

The procedure involves right-clicking the EXE in Windows Explorer, selecting properties to view the digital signature, and so on …

But I don’t like procedures where one has to click on malware.

So I looked for a PowerShell command, and found this.

Get-AuthenticodeSignature .\malware.exe.vir | Select-Object -ExpandProperty SignerCertificate | Export-Certificate -Type CERT -FilePath SignerCertificate.cer

1 Comment »

  1. […] Didier StevensExtracting Certificates For Defender […]

    Pingback by Week 50 – 2022 – This Week In 4n6 — Sunday 11 December 2022 @ 11:47

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.