Warning: attempting to modify or remove digital signatures from software you do not own or have explicit permission to alter can be illegal and may violate software licensing or anti-tampering laws. This article explains technical concepts for defensive, research, or lawful maintenance contexts only (for example, recovering a locally built build, stripping a signature from your own installer for testing, or analyzing a malicious sample in a controlled lab). Do not use these techniques on third-party, commercial, or copyrighted software without permission.
If a cracker patches a signed target.exe, the file now has a corrupted digital hash. Windows will still see a signature block, but the hash fails verification. Running signtool remove on such a file will strip that invalid signature block entirely. The result is a completely unsigned executable.
Why do this? Surprisingly, an unsigned file can be safer to run than one with a broken signature. Some security policies treat "unsigned" as a neutral state (user must confirm), whereas "invalid signature" often triggers immediate deletion by AV heuristics.
If you want to resign a file or modify its signature, ensure you have the right certificate and tools.