19003e00-d42d-4cbe-91f3-756451bdd7da

AsrSetupDrv103.sys :inline

Description

AsrSetupDrv103.sys is a vulnerable driver and more information will be added as found.

  • UUID: 19003e00-d42d-4cbe-91f3-756451bdd7da
  • Created: 2023-01-09
  • Author: Michael Haag, Guus Verbeek
  • Acknowledgement: |

Commands

sc.exe create AsrSetupDrv103.sys binPath=C:\windows\temp\AsrSetupDrv103.sys type=kernel && sc.exe start AsrSetupDrv103.sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
  • https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules

    • Known Vulnerable Samples

    PropertyValue
    FilenameAsrSetupDrv103.sys
    Creation Timestamp
    MD5
    SHA10b6ec2aedc518849a1c61a70b1f9fb068ede2bc3
    SHA256

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand
    PropertyValue
    FilenameAsrSetupDrv103.sys
    Creation Timestamp
    MD5
    SHA1461882bd59887617cadc1c7b2b22d0a45458c070
    SHA256

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand
    PropertyValue
    FilenameAsrSetupDrv103.sys
    Creation Timestamp
    MD5
    SHA1a7948a4e9a3a1a9ed0e4e41350e422464d8313cd
    SHA256

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand
    PropertyValue
    FilenameAsrSetupDrv103.sys
    Creation Timestamp
    MD5
    SHA1f3cce7e79ab5bd055f311bb3ac44a838779270b6
    SHA256

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand
    PropertyValue
    FilenameAsrSetupDrv103.sys
    Creation Timestamp
    MD5
    SHA1
    SHA256399EFFE75D32BDAB6FA0A6BFFE02DBF0A59219D940B654837C3BE1C0BD02E9AA

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand
    PropertyValue
    FilenameAsrSetupDrv103.sys
    Creation Timestamp
    MD5
    SHA1
    SHA25627CD05527FEB020084A4A76579C125458571DA8843CDFC3733211760A11DA970

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand
    PropertyValue
    FilenameAsrSetupDrv103.sys
    Creation Timestamp
    MD5
    SHA1
    SHA2567AAF2AA194B936E48BC90F01EE854768C8383C0BE50CFB41B346666AEC0CF853

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand
    PropertyValue
    FilenameAsrSetupDrv103.sys
    Creation Timestamp
    MD5
    SHA1
    SHA256727E8BA66A8FF07BDC778EACB463B65F2D7167A6616CA2F259EA32571CACF8AF

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand
    PropertyValue
    Filename
    Creation Timestamp2022-01-04 01:19:15
    MD59226339848e359f5e4cd519bef7dcd39
    SHA1b33b99ae2653b4e675beb7d9eb2c925a1f105bd4
    SHA2569d9346e6f46f831e263385a9bd32428e01919cca26a035bbb8e9cb00bf410bc3
    Authentihash MD58faa23dd62881edd4c9a04f51649c212
    Authentihash SHA10b6ec2aedc518849a1c61a70b1f9fb068ede2bc3
    Authentihash SHA256399effe75d32bdab6fa0a6bffe02dbf0a59219d940b654837c3be1c0bd02e9aa
    RichPEHeaderHash MD56540c04d181ea1395978a08c3d816451
    RichPEHeaderHash SHA1b3b7c684121b40f53751e0b7757ec248ef0670b4
    RichPEHeaderHash SHA256c68faaf4251928872474abfd81ef5ce8a2b5e5bd48c2edb586a4d2e518baa09d
    CompanyRW-Everything
    DescriptionAsrSetupDrv103 Driver
    ProductAsrSetupDrv103 Driver
    OriginalFilenameAsrSetupDrv103.sys

    Download

    Certificates

    Expand
    Certificate 01ee5f169dff97352b6465d66a
    FieldValue
    ToBeSigned (TBS) MD551c3959a45cecf3d21a3effb05762573
    ToBeSigned (TBS) SHA1ecfcd25fd0525448a74875ba271566bc0bfbf061
    ToBeSigned (TBS) SHA256de1da11668f0a8d5e13346ed3ab2755f5d25bebffcfd1d0bde5b9f87bc292c91
    SubjectOU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign
    ValidFrom2018-09-19 00:00:00
    ValidTo2028-01-28 12:00:00
    Signature2370e9cfe2bef559ae94426fc44333aacd3f3ab96417f262064b48f140880617a1feabd15f3cc633f2f38edd1f1d3ecc1a6099820bacc7fc7e9a872aa57d0fa657eeac3b6a85d6debd4063f8ada6c888b012fcf641df0f09971e38ea539fbe05f43eead39f501276be098bc20b487d1e2e51f68d53d3ab1f401b8a8eed7dfb4f7956705f0cd38e1bb3a7700d372b9795abdae0126b1c40cec5c77eedc26258ec77ed7322c28af5864388adea136efdd8fe422fb97d5ead18ef9490ca3d27ab26949975c7cbd37bf7ca4cd3af5121925b847d2b9f153f74cb51e89e830e166f1be746ce23bdf9e4a28bd2396baa791c912ce261242d8e2a487090c41ec5e8e070
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber01ee5f169dff97352b6465d66a
    Version3
    Certificate 6129152700000000002a
    FieldValue
    ToBeSigned (TBS) MD50bb058d116f02817737920f112d9fd3b
    ToBeSigned (TBS) SHA1fd116235171a4feafedee586b7a59185fb5fd7e6
    ToBeSigned (TBS) SHA256f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2011-04-15 19:55:08
    ValidTo2021-04-15 20:05:08
    Signature5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber6129152700000000002a
    Version3
    Certificate 7803184245708a41cf6f01b8eeb4a954
    FieldValue
    ToBeSigned (TBS) MD5a33260428269bc902bc1cd280e4b1837
    ToBeSigned (TBS) SHA1254209ca172cffcc67bd2a88996556d2f09538f0
    ToBeSigned (TBS) SHA256a67411358594f2cf016741a63fd49f36de917f86531b3e3a43eb6a421c654868
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign Code Signing Root R45
    ValidFrom2020-07-28 00:00:00
    ValidTo2029-03-18 00:00:00
    Signatureacf7cc158b3079a81d0b28881909d71c7ffe86bd7b5a336e0d670e7b62d9e1185cb0bd135d1d23ae39507637aa44fd5f01235986564cccadbc64131430a420a8e03fe89c72dc7ef3d80c23baa82daa3cf6ec9f87310765f539a7518275e1f22f97f6d1e165968364fea11d51fbb5249bf5d27769bc852c5cfa5877d1aea7b10be2d677bba9b4344aa96f3df4f30d955de6f97a45b02517312edbf70f68e6831fa9f7e5d49d988cd3614b2fc3287e7ade930eb47da00a6d92c4b4663f7da758eeacf7ecc30801ab38fc0a1ca9c597b288c8090219f65c9a1af14d6c30d4b306ab0060480d78abcf17ad9293622077756cbdc832b4dc4debd9dfc1909629bdc17f
    SignatureAlgorithmOID1.2.840.113549.1.1.12
    IsCertificateAuthorityTrue
    SerialNumber7803184245708a41cf6f01b8eeb4a954
    Version3
    Certificate 77bd0e05b7590bb61d4761531e3f75ed
    FieldValue
    ToBeSigned (TBS) MD565fd1dac1f115d9507f4e1840c8cb36a
    ToBeSigned (TBS) SHA1c7cf5607e19b22fe60c055e71d9b555d70f71f66
    ToBeSigned (TBS) SHA256d9c7db0b704f07089440c56e69a0f31d730edf77cfbf7514630e8b5390a270fe
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning CA 2020
    ValidFrom2020-07-28 00:00:00
    ValidTo2030-07-28 00:00:00
    Signature2575a009c939bab7a139892f189fabd6eb1d4be8947c0d07689b1c9def71b6176a6b024fb33f864587cc659b4ce35806022266d56102c5638fd4a2f1b65e250b7796e9cd7140338829eceef3a26dbc4db53e064bc97333ca08142d3d4ce8b0ba75a6742da4583a6c1349f8a5150a149685b16a68342542af9656f410fa247df12b72c116e16bebe6a998c73e5af4d0189dfd74978677462a3d237d28738aaeef2b1b9abf6c53a7149e3c8771c05e8ec8fbd32a9233ea574d5e075ecac118ac812d1a21fa6ecf97617bdf717a3aca63f7d530443732febb4385dcbafca6ca33192b776ddbcb05f07e5f752ea2b6bf35aa3663c9ce64d9bdfcbc2cf3495600c8122bc627bb37af57efc4cf1e29c4f4e22dce2a61cf57edf50a40e2f518d61ee9902fcad3875f938a481a111de537859f2e66629a5e814e95ac555743dc538b257e3c610f8a0bbaf53fa6d78ef704565e21bb9fd76a7180bf96de7203d8d8222bf327164f38e851400cae92efbe3d7df780c64c36578495a7841548300e5227088d8ea2bd22c719c9a6ca0ea87a36db6aba615f112495a4e28e68ee19a949995ed0b434bdd6f940c710973152393529118724d3c4fba963cb7748d5fa62fc24e0047a4ed0e46edece9e385026f4217165d70925d4c907007ab8c7f377e8c5d4e255d0d31ef67f52e2498db911720c88442633660144dfe4330e21de62894807daf5
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber77bd0e05b7590bb61d4761531e3f75ed
    Version3
    Certificate 3be24b96d2c8d729eddb03e3
    FieldValue
    ToBeSigned (TBS) MD5bce317dc724ff8d4f6f02fca3e0e481e
    ToBeSigned (TBS) SHA1c84cd3e5f7120b9fcf38bbd968c2921dbd0a1e76
    ToBeSigned (TBS) SHA2569b51dea8257984791d5cd3d82426595e92baba100bfd4cb0c960b1366f0a261e
    Subject??=Private Organization, serialNumber=80333613, ??=TW, C=TW, ST=Taipei, L=Taipei, ??=2F., No. 37, Sec. 2, Zhongyang S. Rd., Beitou Dist., O=ASROCK INC., CN=ASROCK INC.
    ValidFrom2021-09-17 08:05:26
    ValidTo2024-09-17 08:05:26
    Signaturea55d62e7c374666fc5f4d61d7c92d6a8c0b220441906ce5196674436a3f42f969875922d7a88766d7191ede53d1bcf28605c1a94a5b2fbe5598a686ee80ee3090a6cc96070fd98e7a975fdc7af0e12dbd070f5648a1b75d7f492448a1131dd6e4313a64293abaf9ba2a95fb1eaad5f20b04992d5e3b160501de906a7dc3c52d59bc106bc0b80928a1ad86cc4eb6e711e2d25c32ad092642679f257a32d7c0bc56af451d55e01473deac2c62d58c9e70d9d03dcaf493c5b4443caf3e120f0a5a8638c3a79d3b3c84554e90016bdcd301d9892193cc85a2e40a675ff543a78328be3b85c0cad5cfd9c59ed7a5e1978cc4f6af8d3b68640375405535be14e04a3c988992626fda57d1b3b30a10050c4aca6b499b53b9806b4b3620cbd458820c919bfdeccb5f7901ff7a3110fc2df7034acd4be5b4170395c4249c88ee70f11f20867623ba709a8788c40a7db56003ce5569303cd0ca7f14866b2170a559e0f70479c640b5a7076c91290ea7cb106262f87eb01e1167a842d116307f765e5632663e0f07b10139c17fd3732087602ec0a6f43dd57decad308e53f2a2a2ae45b10e7895a56ff73f0697e1e96f63324294b660a795bcf1e634ce94d77edc753157a70fc47628ef9c8fc764775fbe465dd8585c597d9d022a35a3662a289ec71351c325fe83370cababb5399e0882cbaf7aa3a58d00213097cb3eeb13ca1fb4a457d6e
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber3be24b96d2c8d729eddb03e3
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll
    • cng.sys

    Imported Functions

    Expand
    • RtlQueryRegistryValues
    • MmUnmapIoSpace
    • IoFreeMdl
    • MmGetPhysicalAddress
    • IoBuildAsynchronousFsdRequest
    • MmMapIoSpace
    • IofCompleteRequest
    • IoFreeIrp
    • RtlCompareMemory
    • MmUnlockPages
    • IoCreateSymbolicLink
    • MmAllocateContiguousMemorySpecifyCache
    • IofCallDriver
    • KeBugCheckEx
    • IoDeleteDevice
    • MmGetSystemRoutineAddress
    • IoCreateDevice
    • ZwClose
    • ObOpenObjectByPointer
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlInitUnicodeString
    • MmFreeContiguousMemorySpecifyCache
    • ExFreePoolWithTag
    • IoDeleteSymbolicLink
    • ExAllocatePoolWithTag
    • KeStallExecutionProcessor
    • BCryptCloseAlgorithmProvider
    • BCryptGenerateSymmetricKey
    • BCryptOpenAlgorithmProvider
    • BCryptDecrypt
    • BCryptDestroyKey

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    PropertyValue
    Filename
    Creation Timestamp2015-01-14 02:11:44
    MD55cd0ec261c8c2a39d9105fbbcad4e5b9
    SHA10ac0c21ca05161eaa6a042f347391a2a2fc78c96
    SHA256a0728184caead84f2e88777d833765f2d8af6a20aad77b426e07e76ef91f5c3f
    Authentihash MD5d8cbed27b67b802e00dd27a41400b762
    Authentihash SHA1a7948a4e9a3a1a9ed0e4e41350e422464d8313cd
    Authentihash SHA2567aaf2aa194b936e48bc90f01ee854768c8383c0be50cfb41b346666aec0cf853
    RichPEHeaderHash MD56540c04d181ea1395978a08c3d816451
    RichPEHeaderHash SHA1b3b7c684121b40f53751e0b7757ec248ef0670b4
    RichPEHeaderHash SHA256c68faaf4251928872474abfd81ef5ce8a2b5e5bd48c2edb586a4d2e518baa09d
    CompanyRW-Everything
    DescriptionAsrSetupDrv103 Driver
    ProductAsrSetupDrv103 Driver
    OriginalFilenameAsrSetupDrv103.sys

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 250ce8e030612e9f2b89f7054d7cf8fd
    FieldValue
    ToBeSigned (TBS) MD5918d9eb6a6cd36c531eceb926170a7e1
    ToBeSigned (TBS) SHA10ae95700d65e6f59715aa47048993ca7858e676a
    ToBeSigned (TBS) SHA25647c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
    ValidFrom2006-11-08 00:00:00
    ValidTo2021-11-07 23:59:59
    Signature1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber250ce8e030612e9f2b89f7054d7cf8fd
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3
    Certificate 03ffdaa3aac322387d7eb98acf9524bf
    FieldValue
    ToBeSigned (TBS) MD5987b0fb90b05c0b59ba66fb1527c27e3
    ToBeSigned (TBS) SHA11b5d5279beed01b2355731588b1a26da29218b55
    ToBeSigned (TBS) SHA256b3cd9f313e55fce2d39d25dbe303777e5db9d0c01448dcd9ac70c2355bb5b4ea
    SubjectC=TW, ST=TAIWAN, L=Taipei, O=ASROCK Incorporation, OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=ASROCK Incorporation
    ValidFrom2014-03-07 00:00:00
    ValidTo2017-05-05 23:59:59
    Signature1a2d36e51fc7012c4b1548f12a0b4dbef774c3662171e0e1779f412648292619a8d74f8603af4fff5516d4859e7a26de9f0f688b2714b64ff296e56165afb0781c9a9dd23220d939c15cc218fe29d63d9ccd12f74127268c027d4041d392cad853e9da0a6d9379ac46efa8fe2099da7c49374b6c416139038143a94cc56334fad15ccbba2a821a22591d2c5b1449999e40af21e4f8280485d02056d904740e5c73a36e30c43376e7dbc8d0ccb7520e4bffc6501d0c0674a684398281b23d7dcb4386721fdece5817c74509fe6cc86751cd28e255dd47de330646d6bfe863fc50c773b90078f0332c3a02539c9e82b5e793c288063f91ed5f2036eb6cd4eae9e0
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03ffdaa3aac322387d7eb98acf9524bf
    Version3
    Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
    FieldValue
    ToBeSigned (TBS) MD5b30c31a572b0409383ed3fbe17e56e81
    ToBeSigned (TBS) SHA14843a82ed3b1f2bfbee9671960e1940c942f688d
    ToBeSigned (TBS) SHA25603cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber5200e5aa2556fc1a86ed96c9d44b33c7
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll
    • cng.sys

    Imported Functions

    Expand
    • RtlQueryRegistryValues
    • MmUnmapIoSpace
    • IoFreeMdl
    • MmGetPhysicalAddress
    • IoBuildAsynchronousFsdRequest
    • MmMapIoSpace
    • IofCompleteRequest
    • IoFreeIrp
    • RtlCompareMemory
    • MmUnlockPages
    • IoCreateSymbolicLink
    • MmAllocateContiguousMemorySpecifyCache
    • IofCallDriver
    • KeBugCheckEx
    • IoDeleteDevice
    • MmGetSystemRoutineAddress
    • IoCreateDevice
    • ZwClose
    • ObOpenObjectByPointer
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • SeExports
    • wcschr
    • _wcsnicmp
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwOpenKey
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlInitUnicodeString
    • MmFreeContiguousMemorySpecifyCache
    • ExFreePoolWithTag
    • IoDeleteSymbolicLink
    • ExAllocatePoolWithTag
    • KeStallExecutionProcessor
    • BCryptCloseAlgorithmProvider
    • BCryptGenerateSymmetricKey
    • BCryptOpenAlgorithmProvider
    • BCryptDecrypt
    • BCryptDestroyKey

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand

    source

    last_updated: 2024-04-09