NoVirusThanks Signer Extractor

guest · May 12, 2018

Signer Extractor is a simple program designed for Windows that lets you extract the signer (usually the Vendor) that digitally signed a portable executable (PE) file (e.g. EXE, DLL, SYS).

This is useful to know all the signers present in your system (or on a specific folder or partition) and build a complete list of 'Trusted Vendors' to use/import within third-party security software or within specific security policies.
Click to expand...

NoVirusThanks Signer Extractor v1.0 (May 13, 2018)
Website

v1.0.0.0 - 13-May-2018

+ Initial release
Click to expand...

* This tool needs administrator privileges *

guest · May 13, 2018

Cool app will save us lot of time.

Rasheed187 · May 19, 2018

So how would you use this to import 'Trusted Vendors' into ERP?

guest · May 19, 2018

Step 1) Signer Extractor: Scan a folder and then export the list of Signers to a text-file.
Step 2) ERP: "Trusted Vendors"-dialog & "Import Signers from Text File"

EASTER · May 20, 2018

mood said: ↑

Step 1) Signer Extractor: Scan a folder and then export the list of Signers to a text-file.
Step 2) ERP: "Trusted Vendors"-dialog & "Import Signers from Text File"
Click to expand...

Awesome simple instructions for that and as always thanks @mood. You are always so, Interactive?

Baldrick · May 20, 2018

mood said: ↑

Step 1) Signer Extractor: Scan a folder and then export the list of Signers to a text-file.
Step 2) ERP: "Trusted Vendors"-dialog & "Import Signers from Text File"
Click to expand...

Can't find the Trusted Vendors dialog??

guest · May 20, 2018

Baldrick said: ↑

Can't find the Trusted Vendors dialog??
Click to expand...

Settings > left column > View/Edit Vendors > right click > Import Signers from Text File

guest · May 20, 2018

Baldrick said: ↑

Can't find the Trusted Vendors dialog??
Click to expand...

Click on "View/Edit Vendors" to get to the Trusted Vendors dialog:

Edit: After posting it i wasn't aware that the answer was already posted #7, but instead of deleting my post i think it couldn't harm to have a picture for this.

Rasheed187 · May 24, 2018

mood said: ↑

Step 1) Signer Extractor: Scan a folder and then export the list of Signers to a text-file.
Step 2) ERP: "Trusted Vendors"-dialog & "Import Signers from Text File"
Click to expand...

OK cool, so this means that ERP can trust certificates that are already present on the system. So I guess with the "Trusted Vendors" feature, ERP adds certificates that are not yet present on the system?

guest · May 24, 2018

Rasheed187 said: ↑

So I guess with the "Trusted Vendors" feature, ERP adds certificates that are not yet present on the system?
Click to expand...

Yes. You'll high likely encounter Trusted Vendors "unknown to you" or Trusted Vendors for Applications which you don't have installed at the moment.

To make sure that only Trusted Vendors from applications which are currently installed on the system are on the list, Signer Extractor is a good choice to achieve this.
= All Trusted Vendors in ERP can be removed and then be replaced with the list of Trusted Vendors found by Signer Extractor.

Rasheed187 · Jun 10, 2018

mood said: ↑

Yes. You'll high likely encounter Trusted Vendors "unknown to you" or Trusted Vendors for Applications which you don't have installed at the moment.
Click to expand...

Wait a minute, I just scanned my machine and I was a bit surprised to see certain certificates from apps that I never installed on my machine, only in the sandbox. So is this perhaps a flaw in SBIE, doesn't it virtualize digital signature creation?

And perhaps it's an idea to make it possible to scan for sub-folders. This would mean that if you select to scan C:\Windows\*, it will show you all digital signatures from the Windows folder. Now you will have to scan all folders individually.

guest · Jun 16, 2018

I think it is worth to mention here, too.
As you already have found out, it simply scans all files and it also "finds" vendors of applications which are installed into a sandbox:

Rasheed187 said:

You know, I think I completely misunderstood this Signer Extractor tool. It simply scans EXE files for digital signatures, so if you scan C:\ it will also scan C:\Sandbox, so no wonder I get to see all of those signatures. I assumed it scanned the Windows Certificate Store.
#4640
Click to expand...

Rasheed187 · Jun 23, 2018

mood said: ↑

I think it is worth to mention here, too.
As you already have found out, it simply scans all files and it also "finds" vendors of applications which are installed into a sandbox:
Click to expand...

Yes thanks, forgot to update this topic. But I didn't even know you could extract signatures from EXE files. I suppose that security tools also read these signatures when apps run in memory.

https://stackoverflow.com/questions...tored-when-code-signing-a-exe-file-in-windows

guest · Nov 26, 2018

NoVirusThanks Signer Extractor v1.1 Released (November 26, 2018)
Website

v1.1.0.0 - 26-November-2018

+ Exported log file is correctly encoded in Unicode
Click to expand...

Log in or Sign up

NoVirusThanks Signer Extractor

guest Guest

guest Guest

Rasheed187 Registered Member

guest Guest

EASTER Registered Member

Baldrick Registered Member

guest Guest

guest Guest

Rasheed187 Registered Member

guest Guest

Rasheed187 Registered Member

guest Guest

Rasheed187 Registered Member

guest Guest

Log in or Sign up

NoVirusThanks Signer Extractor

guest Guest

guest Guest

Rasheed187 Registered Member

guest Guest

EASTER Registered Member

Baldrick Registered Member

guest Guest

guest Guest

Rasheed187 Registered Member

guest Guest

Rasheed187 Registered Member

guest Guest

Rasheed187 Registered Member

guest Guest

Useful Searches