Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sigcheck supplies dummy signing date #91

Closed
nnposter opened this issue Jun 8, 2018 · 2 comments
Closed

Sigcheck supplies dummy signing date #91

nnposter opened this issue Jun 8, 2018 · 2 comments
Assignees
@analyze-v

Comments

@nnposter
Copy link

nnposter commented Jun 8, 2018

When scanning a signed executable with a missing signature timestamp, sigcheck will silently substitute it with the current machine time. The objective of this substitution is unclear while it misleads users.

Interestingly, when run with option -i then the signature timestamp is correctly reported as n/a.

PS C:\> sigcheck64.exe bbflbk5*

Sigcheck v2.60 - File version and signature viewer
Copyright (C) 2004-2017 Mark Russinovich
Sysinternals - www.sysinternals.com

C:\bbflbk5.exe:
	Verified:	Signed
	Signing date:	6:36 PM 6/7/18
	Publisher:	Blueberry Software Ltd
	Company:	Blueberry Software (UK) Ltd.
	Description:	n/a
	Product:	FlashBack Pro 5
	Prod version:	5.31.0.4361
	File version:	5.31.0.4361
	MachineType:	32-bit

PS C:\> sigcheck64.exe bbflbk5*

Sigcheck v2.60 - File version and signature viewer
Copyright (C) 2004-2017 Mark Russinovich
Sysinternals - www.sysinternals.com

C:\bbflbk5.exe:
	Verified:	Signed
	Signing date:	6:37 PM 6/7/18
	Publisher:	Blueberry Software Ltd
	Company:	Blueberry Software (UK) Ltd.
	Description:	n/a
	Product:	FlashBack Pro 5
	Prod version:	5.31.0.4361
	File version:	5.31.0.4361
	MachineType:	32-bit

PS C:\> sigcheck64.exe -i bbflbk5*

Sigcheck v2.60 - File version and signature viewer
Copyright (C) 2004-2017 Mark Russinovich
Sysinternals - www.sysinternals.com

C:\bbflbk5.exe:
	Verified:	Signed
	Link date:	1:19 PM 2/24/12
	Signing date:	n/a
	Catalog:	C:\bbflbk5.exe
	Signers:
	   Blueberry Software Ltd
		Cert Status:	Valid
		Valid Usage:	Code Signing
		Cert Issuer:	COMODO RSA Code Signing CA
		Serial Number:	62 F6 DD E4 D6 02 D4 82 F8 30 41 79 B2 1D 42 70
		Thumbprint:	D68E7377F726BB5D5E467DFCEE9CE53B80EE1260
		Algorithm:	sha256RSA
		Valid from:	6:00 PM 8/31/17
		Valid to:	5:59 PM 8/31/20
	   COMODO RSA Code Signing CA
		Cert Status:	Valid
		Valid Usage:	Code Signing
		Cert Issuer:	COMODO RSA Certification Authority
		Serial Number:	2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
		Thumbprint:	B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
		Algorithm:	sha384RSA
		Valid from:	6:00 PM 5/8/13
		Valid to:	5:59 PM 5/8/28
	   COMODO SECURE?
		Cert Status:	Valid
		Valid Usage:	Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
		Cert Issuer:	COMODO RSA Certification Authority
		Serial Number:	4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
		Thumbprint:	AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
		Algorithm:	sha384RSA
		Valid from:	6:00 PM 1/18/10
		Valid to:	5:59 PM 1/18/38
	Company:	Blueberry Software (UK) Ltd.
	Description:	n/a
	Product:	FlashBack Pro 5
	Prod version:	5.31.0.4361
	File version:	5.31.0.4361
	MachineType:	32-bit
@analyze-v
Copy link
Contributor

Confirmed that this was resolved by Mark R. on 14th November 208. Closing

@nnposter
Copy link
Author

Confirmed that the issue has not been fixed in Sigcheck 2.72

@nnposter nnposter mentioned this issue May 21, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@analyze-v analyze-v

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nnposter @analyze-v