Executables (PE files) can have a digital signature, Microsoft calls this signature AuthentiCode. There are 2 different ways to sign a PE file: by adding a digital signature to the PE file (embedded digital signature) or by adding a hash of the PE file to a security catalog file (filetype .CAT).
Disitool is a small Python program to manipulate embedded digital signatures
- delete a signature: disitool.py delete signed-file unsigned-file
- copy a signature: disitool.py copy signed-source-file unsigned-file signed-file
- extract a signature: disitool.py extract signed-file signature
- add a signature: disitool.py add signature unsigned-file signed-file
- inject data after the authenticode signature: disitool.py inject [–paddata] signed-source-file data-file signed-destination-file
It is not a tool to digitally sign executables, use signtool for this. When you add or copy a signature from one file to another file, the signature will not be valid.
disitool uses pefile, youâ€™ll need to install this first. This new version (V0.2) will update the PE header checksum.