Current location - Quotes Website - Personality signature - In addition to abnormal behavior after running, malicious program files that steal digital signatures also have identifiable characteristics?
In addition to abnormal behavior after running, malicious program files that steal digital signatures also have identifiable characteristics?

There is a question that you may have misunderstood

Digital signature does not mean that the program is normal

From the current technical point of view, it is too difficult to successfully "forge" a digital signature. Big~~It’s almost impossible~

There are generally only two situations when malicious programs have digital signatures

1. The malicious program is an infected or modified normal file, and the original normal file There is a digital signature.

But be aware that although this malicious program has a digital signature, you will find that the digital signature is invalid after you click on it! So strictly speaking, there is still no digital signature

2. The malicious program itself has a formal digital signature

As mentioned above, a digital signature does not mean that the program is normal

To put it bluntly, a digital signature is equivalent to our ID card

What is the ID card for? It proves your identity, your name, where you live, nationality, date of birth... But the ID card does not prove that you are a good person~

It is the same as a digital signature. In fact, the function of a digital signature is only to prove that the software was developed by the company pointed to by the digital signature, but it does not prove that the program is safe.

Some companies now use their own digital signatures to sign malicious programs and even viruses~

As far as daily judgment is concerned,

If the digital signature comes from a well-known company, Enterprises

Such as: Microsoft, Google, Tencent, Baidu and other large enterprises that we are familiar with

And it is normal to check the digital signature

Then we can basically think that the program Safe~

If it comes from an unknown small company, it cannot be found online~

Then please ignore this digital signature automatically

Just treat it as Judging from a program without a digital signature

Just judge how you want~

As for judgment, the simplest and most effective way is to use anti-virus software to scan

If you make your own judgment, you can find a monitoring software to monitor program actions

If you are technically savvy, you can use tools such as OD to debug the program and track the code~

You can even use a disassembler like IDA to reverse engineer it. It’s not a bad idea~

Which step you can take depends on your level~~

p.s. Monitoring or debugging can be done in a virtual machine. After all, it runs on a real machine. Malicious programs are not a smart move...