Signing a Windows executable file was originally conceived as a mechanism to guarantee the authenticity and integrity of a file published on the internet. Unfortunately, this system is built on a problematic core tenet: Trust.
This inherited trust model is taken advantage of by malware authors who purchase certificates directly or via resellers.
This white paper outlines how Chronicle researchers hunted within VirusTotal to gain a deeper understanding of this issue. For this investigation, researchers only included Windows PE Executable files, filtered out samples with less than 15 aggregate detections, aggressively filtered out grayware files, and calculated the distinct number of samples each signing