Malware Analyst
Reputation: 1
Is digital certificate of PE(Portable Executable) file is in overlay of file?
Digital Certificate is in the overlay of file or digital certificate is outside of a file
Upvotes: 0
Views: 704
Answers (1)
mox
Reputation: 6324
Yes, technically, the certificate of an Executable is located in the overlay of the executable, which is, never mapped into memory.
Most of the time, Analysis tools separate/distinguish between the Certificate and the "rest" of the overlay (if available).
e.g. "pestudio" separates these logical entities...
Upvotes: 3
Related Questions
- Testing PE files
- Which parts/sections of PE files (.exe .dll) contain most their behaviours?
- Understanding a Composite Document File V2 Document Malware file
- what is the base relocation table in the PE file format?
- Is there integrity check in PE files?
- Portable executable file analysing using c#
- how to extract and remove the header of a windows PE (portable executable) file?
- Tool for analyse portable executable loaded into memory
- Packer detection of PE files
- About the code section of PE format