To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

A misuse signing operation with f-secure certificate?

sam3000
sam3000 W/ Member Posts: 2 Security Scout
edited October 2023 in WithSecure Business Suite

Hi, I found there is a file signed with f-secure code-signing certificate.

https://www.virustotal.com/gui/file/06fba6dfa4c1dc3a256701c42ec997b38f046ea92d960dbc6feebbb26cb231c7/details

You can see details from the web site above. I notice that the file is signed by f-secure's certificate.

In fact, it is a file created and signed by Microsoft.

So, I think this may be caused by misuse for f-secure code signing certificate? Or f-secure certificate was stolen?

Looking forward for your reply.

Answers

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 504 Moderator

    Hi @sam3000 ,

    I am checking this with our detection team.

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 504 Moderator

    Hi @sam3000

    The file is indeed signed by us and is a cause for no concern. Authenticode code-signing allows developer to sign 3rd party library as well. Just few examples from VirusTotal where non-Microsoft signatures are signing similar DLL:

    https://www.virustotal.com/gui/file/0d895b4a3964c138b4dd2448fdc5c4297150221cf6ababab3766b5b09f74a701/details (Cisco)

    https://www.virustotal.com/gui/file/f7e65d61380b880e98c87fd90ef2bf51690ac014204ac0516ccfc97d39a5644f/details (Amazon)

  • sam3000
    sam3000 W/ Member Posts: 2 Security Scout

    @James Chang Thanks.

    This kind of operation may hide the signing information when a person only uses Sigcheck to verify signatures, as shown in VirusTotal pages.

    If a user refers to Sigcheck info, he will think, 'Wow, it's a software signed by a 3rd party company, but not Microsoft.'

    To some extent, this will confuse them. (maybe a little carping)

This discussion has been closed.