We needed to modify the resources of an installer and then apply an Authenticode signature. Unfortunately, it already had a signature on it, and modifying the resources of an executable with a signature results in a corrupted signature. The Microsoft signing tools cannot recover from this situation, so:
It is not possible to re-sign a file after modifying its resources.
However, it is possible to remove the existing signature, modify the binary, and then apply a new signature. There are two approaches (which almost certainly amount to the same thing):