Without signing.

First let’s generate our certificate

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365

Now let’s generate the pfx file.

openssl pkcs12 -inkey key.pem -in cert.pem -export -out sign.pfx

Now let’s sign our binary.

signtool sign /f sign.pfx /p <pfx-password> /t <http://timestamp.digicert.com> /fd sha256 binary.exe

Now After Signing

Notice that now only 11 vendors discovered it’s malware