Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>THE</strong> MicrosoftCodeSigningPCA CERTIFICATE CLUSTER<br />
The KorDllbot sample 87bae4517ff40d9a8800ba4d2fa8d2f9df3c2e224e97c4b3c162688f2b0d832e is digitally<br />
signed using a non-original (and thus non-validating) Microsoft certificate. The file is in reality self-signed.<br />
This signature doesn’t say much about who made it. However, the way the certificate is constructed is peculiar.<br />
The faked issuer in this case is Microsoft Code Signing PCA. The real Microsoft Code Signing PCA is one of the<br />
certificate authorities used by Microsoft to sign their software.<br />
The Subject - i.e. the entity the certificate is supposed to have been issued to - is also Microsoft Code Signing PCA.<br />
This is a construct never seen in legitimate certifications, and it is rare enough in faked certificates that it’s<br />
worthwhile checking other malware signed in this way.