I had a little look around the PE file format and Authenticode docs and I believe it is possible to reserve a section in the file that won't be checked against the signature. Basically, the signature itself isn't (and can't be as it isn't known at the time because it hasn't been generated yet!) included, so you should be able to exend that section. For example, because of alignment requirements, the last 3 bytes of the official release (which are padding / 0x00) can be altered with no ill effect to either the operation of the program or code signing verification.