Malware Binary Signing & Metadata Modification
Malware Binary Signing
Although security solutions will still scan the executable, additional scrutiny would've been placed on it had the binary been unsigned.
Purchased Certificate
The most ideal way is to purchase the certificate from a trusted vendor
Self-signed certificate
To create a certificate first generate the required pem files:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365
Next, generate a pfx file using the pem files:
openssl pkcs12 -inkey key.pem -in cert.pem -export -out sign.pfx
Then install signtool.exe (is part of Windows SDK, dowload here https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/)
signtool sign /f sign.pfx /p <pfx-password> /t http://timestamp.digicert.com /fd sha256 binary.exe
Malware Metadata Modification
The goal is to make the malicious binary appear as ordinary as possible avoiding blue teamers, but this may not directly decrease the likelihood of detection.
Metadata Modification
First, open up Visual Studio and create a new solution.
Right-click the project, select 'Add' > 'New Item'
Add a new resource file to the project.
Exit the resource viewer, right-click the resource file and select 'Open With' > 'Source Code (Text) Editor'.
Scroll down to the bottom of the file and insert the following contents:
Finally, build the solution and view the properties of the newly compiled binary.
Binary Icon
First, download the desired .ico file.
Next, place the file in the same location where the .sln file is located.
In the resource file, insert the following line.
Finally, build the solution and the binary should now have an icon.
Last updated