Executables (PE files) can have a digital signature, Microsoft calls this signature AuthentiCode. There are 2 different ways to sign a PE file: by adding a digital signature to the PE file (embedded digital signature) or by adding a hash of the PE file to a security catalog file (filetype .CAT).
Disitool is a small Python program to manipulate embedded digital signatures
- delete a signature: disitool.py delete signed-file unsigned-file
- copy a signature: disitool.py copy signed-source-file unsigned-file signed-file
- extract a signature: disitool.py extract signed-file signature
- add a signature: disitool.py add signature unsigned-file signed-file
- inject data after the authenticode signature: disitool.py inject [–paddata] signed-source-file data-file signed-destination-file
It is not a tool to digitally sign executables, use signtool for this. When you add or copy a signature from one file to another file, the signature will not be valid.
disitool uses pefile, you’ll need to install this first. This new version (V0.2) will update the PE header checksum.