A misuse signing operation with f-secure certificate?
Hi, I found there is a file signed with f-secure code-signing certificate.
https://www.virustotal.com/gui/file/06fba6dfa4c1dc3a256701c42ec997b38f046ea92d960dbc6feebbb26cb231c7/details
You can see details from the web site above. I notice that the file is signed by f-secure's certificate.
In fact, it is a file created and signed by Microsoft.
So, I think this may be caused by misuse for f-secure code signing certificate? Or f-secure certificate was stolen?
Looking forward for your reply.
Answers
-
Hi @sam3000
The file is indeed signed by us and is a cause for no concern. Authenticode code-signing allows developer to sign 3rd party library as well. Just few examples from VirusTotal where non-Microsoft signatures are signing similar DLL:
https://www.virustotal.com/gui/file/0d895b4a3964c138b4dd2448fdc5c4297150221cf6ababab3766b5b09f74a701/details (Cisco)
https://www.virustotal.com/gui/file/f7e65d61380b880e98c87fd90ef2bf51690ac014204ac0516ccfc97d39a5644f/details (Amazon)
2 -
@James Chang Thanks.
This kind of operation may hide the signing information when a person only uses Sigcheck to verify signatures, as shown in VirusTotal pages.
If a user refers to Sigcheck info, he will think, 'Wow, it's a software signed by a 3rd party company, but not Microsoft.'
To some extent, this will confuse them. (maybe a little carping)
0
Categories
- All Categories
- 4.6K WithSecure Community
- 3.6K Products
- 1 Get Support