The advantage of this method is using certified files as mule carriers for a malicious payload.Holy crap I just noticed that you can make the tampered executable run properly too, with signature valid!!!!!It now better detects file permission issues and if needed uses and to solve it before modification.
On this case you wrecked the binary code portion, however I suspect that one can add the code as an extra data section that does not disturb normal functioning.
VMplayer.exe, signed by VMware) with the video embedded almost doubled its size, kept a valid signature and still worked perfectly. So far all examples have shown, that a certified file stays trustworthy. Just as an example, one could have a "signed" app like this: would "remain verified" no matter what you store in it Wonko I just noticed that the issue was described back in 2009; (and I did not know about that one until now).
The theoretical max size of "garbage" is 0x FFFFFFFF - size of original certificate. In the blogpost there also is a cpp source for a Po C.
The Po C, named Digital Signature Tweaker, works on both 32-bit and 64-bit executables.
I have tested on both architectures and modified the kernel (ntoskrnl.exe) to contain some garbage data.