2b918b1a-badb-4a85-9214-961607b21219

phymem_ext64.sys :inline

Description

The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable drivers (237 file hashes) accepting firmware access. Six allow kernel memory access. All give full control of the devices to non-admin users. By exploiting the vulnerable drivers, an attacker without the system privilege may erase/alter firmware, and/or elevate privileges. As of the time of writing in October 2023, the filenames of the vulnerable drivers have not been made public until now.

  • UUID: 2b918b1a-badb-4a85-9214-961607b21219
  • Created: 2023-11-02
  • Author: Takahiro Haruyama
  • Acknowledgement: |

DownloadBlock

This download link contains the vulnerable driver!

Commands

sc.exe create phymem_ext64sys binPath= C:\windows\temp\phymem_ext64sys.sys type=kernel && sc.exe start phymem_ext64sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html

    • Known Vulnerable Samples

    PropertyValue
    Filename
    Creation Timestamp2014-08-19 21:33:26
    MD5affe4764d880e78b2afb2643b15b8d41
    SHA1928d26cce64ad458e1f602cc2aea848e0b04eaaf
    SHA2564ec7af309a9359c332d300861655faeceb68bb1cd836dd66d10dd4fac9c01a28
    Authentihash MD58f3890ebc1854d6b014daf1cd58a683c
    Authentihash SHA185f0ac83889df6d3feb439fe2026ce3a7968e263
    Authentihash SHA256d6cb3418c1a512aef6b15586bf5234689d4e471e854103a72d80a8597d263403
    RichPEHeaderHash MD59c3a27e39a5e503f8e7a328f3d23c7d1
    RichPEHeaderHash SHA1ad62f47b829e51043a7c1554326d1e7a64f69ece
    RichPEHeaderHash SHA256d857baa340c7338dffd557b7409c2ddc259a88807a2583770407513e30ed7bbf

    Download

    Certificates

    Expand
    Certificate 08ad40b260d29c4c9f5ecda9bd93aed9
    FieldValue
    ToBeSigned (TBS) MD55d8003a64dfa5a4d88365da1566038cb
    ToBeSigned (TBS) SHA179465b56bc7ad55a37bdf633943da8bfc84db228
    ToBeSigned (TBS) SHA25684bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
    SubjectC=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
    ValidFrom2021-04-29 00:00:00
    ValidTo2036-04-28 23:59:59
    Signature3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
    SignatureAlgorithmOID1.2.840.113549.1.1.12
    IsCertificateAuthorityTrue
    SerialNumber08ad40b260d29c4c9f5ecda9bd93aed9
    Version3
    Certificate 07c1044c6a0de08e13cc1b5e2c6d1fc0
    FieldValue
    ToBeSigned (TBS) MD571dd0345e896c6033cef5840c28346ba
    ToBeSigned (TBS) SHA1a8f17de69b591a80015e33f290808d5072f5fb4a
    ToBeSigned (TBS) SHA25601be120134997087d356bd5d50fa89eed3447aeff1b66d7327373693e4879d42
    SubjectC=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Moyea Software, CN=Shenzhen Moyea Software
    ValidFrom2021-10-14 00:00:00
    ValidTo2024-10-16 23:59:59
    Signature3b0f3ae78dd863d21287b9c3c9b2708a857a104282d3dfe0f8a25e54015cd2b538e5952c295539447eaaaa6ff2804fcf737f62a633c090dc4d250a6738bed4f60ffea1aba18b6a1f2240b72b1c9ff3ffbb0e592178284d375dfdefb2c6f67675c6fe060b426811643081b74f433f473b80ae4918600bbde8f0cf8fa9d4237f3f89dd5bdbc8fb8698066307446fcedc640df539dd8b773ad5bda1d4b9083bc83c88fb3685fdde177bf80a1f1d66fdb492960a1334bd9b17141d1ff1c52b380aca6f092d746509ef5291b8a18f325871a51034cf51eaff0a7f54604ceb3ef9f64532326d28091aa4f4bfd93e0715b961c1b3fbdac691da09006dff68bf6148bb55979beceac4db9f47dda3958cd40b3013a1258974a25d7ba59ab118332dc848d2a60fb63b84e0796d80ab0f877351b1a0ce4a2c31de78acdcd38c44d63d0751abed776d0d86d62082f11c4d8c8c8a2c5b187db26bb551edb1ccdc8138478937ec522639b1c450318f16c0c9011ececbfcc1d12dfb270af59cb828bee6ec93623b5ef1e4e6083917047f3f7c2a199ae84653ec14f8749f105773e9a039764b087065aa1c77aa892b3ac33e9e1dcc03c7ef3a108a1d3477966d09aa5e0597a704b912842ebfaa7a19aeeda7fc9aca5a9fde4c0169bf1746d5a5567894d3f23a89ba90a44542de1c0ee6c09f227fc87c07c76eb9834bffe79d50bdfc5482b13f51ee
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber07c1044c6a0de08e13cc1b5e2c6d1fc0
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • MmUnmapLockedPages
    • IoDeleteSymbolicLink
    • ExFreePoolWithTag
    • MmMapLockedPages
    • RtlInitUnicodeString
    • IoDeleteDevice
    • IoIs32bitProcess
    • MmUnmapIoSpace
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ExAllocatePool
    • MmMapIoSpace
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • IoAllocateMdl
    • KeBugCheckEx
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT

    Signature

    Expand
    {
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "08ad40b260d29c4c9f5ecda9bd93aed9",
      "Signature": "3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
      "Subject": "C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1",
      "TBS": {
        "MD5": "5d8003a64dfa5a4d88365da1566038cb",
        "SHA1": "79465b56bc7ad55a37bdf633943da8bfc84db228",
        "SHA256": "84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332",
        "SHA384": "65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64"
      },
      "ValidFrom": "2021-04-29 00:00:00",
      "ValidTo": "2036-04-28 23:59:59",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "07c1044c6a0de08e13cc1b5e2c6d1fc0",
      "Signature": "3b0f3ae78dd863d21287b9c3c9b2708a857a104282d3dfe0f8a25e54015cd2b538e5952c295539447eaaaa6ff2804fcf737f62a633c090dc4d250a6738bed4f60ffea1aba18b6a1f2240b72b1c9ff3ffbb0e592178284d375dfdefb2c6f67675c6fe060b426811643081b74f433f473b80ae4918600bbde8f0cf8fa9d4237f3f89dd5bdbc8fb8698066307446fcedc640df539dd8b773ad5bda1d4b9083bc83c88fb3685fdde177bf80a1f1d66fdb492960a1334bd9b17141d1ff1c52b380aca6f092d746509ef5291b8a18f325871a51034cf51eaff0a7f54604ceb3ef9f64532326d28091aa4f4bfd93e0715b961c1b3fbdac691da09006dff68bf6148bb55979beceac4db9f47dda3958cd40b3013a1258974a25d7ba59ab118332dc848d2a60fb63b84e0796d80ab0f877351b1a0ce4a2c31de78acdcd38c44d63d0751abed776d0d86d62082f11c4d8c8c8a2c5b187db26bb551edb1ccdc8138478937ec522639b1c450318f16c0c9011ececbfcc1d12dfb270af59cb828bee6ec93623b5ef1e4e6083917047f3f7c2a199ae84653ec14f8749f105773e9a039764b087065aa1c77aa892b3ac33e9e1dcc03c7ef3a108a1d3477966d09aa5e0597a704b912842ebfaa7a19aeeda7fc9aca5a9fde4c0169bf1746d5a5567894d3f23a89ba90a44542de1c0ee6c09f227fc87c07c76eb9834bffe79d50bdfc5482b13f51ee",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Moyea Software, CN=Shenzhen Moyea Software",
      "TBS": {
        "MD5": "71dd0345e896c6033cef5840c28346ba",
        "SHA1": "a8f17de69b591a80015e33f290808d5072f5fb4a",
        "SHA256": "01be120134997087d356bd5d50fa89eed3447aeff1b66d7327373693e4879d42",
        "SHA384": "269e4987cca4027fe44741ac54963d53289aea17cd951cffbf014790a02639417cd7e489b409dea04c41c630abff6da0"
      },
      "ValidFrom": "2021-10-14 00:00:00",
      "ValidTo": "2024-10-16 23:59:59",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1",
      "SerialNumber": "07c1044c6a0de08e13cc1b5e2c6d1fc0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}
    PropertyValue
    Filename
    Creation Timestamp2014-08-19 21:33:26
    MD5a664904f69756834049e9e272abb6fea
    SHA1c45d03076fa6e66c1b8b74b020ad84712755e3df
    SHA256793a26c5c4c154a40f84c3d3165deb807062b26796acaae94b72f453e95230d5
    Authentihash MD58f3890ebc1854d6b014daf1cd58a683c
    Authentihash SHA185f0ac83889df6d3feb439fe2026ce3a7968e263
    Authentihash SHA256d6cb3418c1a512aef6b15586bf5234689d4e471e854103a72d80a8597d263403
    RichPEHeaderHash MD59c3a27e39a5e503f8e7a328f3d23c7d1
    RichPEHeaderHash SHA1ad62f47b829e51043a7c1554326d1e7a64f69ece
    RichPEHeaderHash SHA256d857baa340c7338dffd557b7409c2ddc259a88807a2583770407513e30ed7bbf

    Download

    Certificates

    Expand
    Certificate 08ad40b260d29c4c9f5ecda9bd93aed9
    FieldValue
    ToBeSigned (TBS) MD55d8003a64dfa5a4d88365da1566038cb
    ToBeSigned (TBS) SHA179465b56bc7ad55a37bdf633943da8bfc84db228
    ToBeSigned (TBS) SHA25684bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
    SubjectC=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
    ValidFrom2021-04-29 00:00:00
    ValidTo2036-04-28 23:59:59
    Signature3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
    SignatureAlgorithmOID1.2.840.113549.1.1.12
    IsCertificateAuthorityTrue
    SerialNumber08ad40b260d29c4c9f5ecda9bd93aed9
    Version3
    Certificate 07c1044c6a0de08e13cc1b5e2c6d1fc0
    FieldValue
    ToBeSigned (TBS) MD571dd0345e896c6033cef5840c28346ba
    ToBeSigned (TBS) SHA1a8f17de69b591a80015e33f290808d5072f5fb4a
    ToBeSigned (TBS) SHA25601be120134997087d356bd5d50fa89eed3447aeff1b66d7327373693e4879d42
    SubjectC=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Moyea Software, CN=Shenzhen Moyea Software
    ValidFrom2021-10-14 00:00:00
    ValidTo2024-10-16 23:59:59
    Signature3b0f3ae78dd863d21287b9c3c9b2708a857a104282d3dfe0f8a25e54015cd2b538e5952c295539447eaaaa6ff2804fcf737f62a633c090dc4d250a6738bed4f60ffea1aba18b6a1f2240b72b1c9ff3ffbb0e592178284d375dfdefb2c6f67675c6fe060b426811643081b74f433f473b80ae4918600bbde8f0cf8fa9d4237f3f89dd5bdbc8fb8698066307446fcedc640df539dd8b773ad5bda1d4b9083bc83c88fb3685fdde177bf80a1f1d66fdb492960a1334bd9b17141d1ff1c52b380aca6f092d746509ef5291b8a18f325871a51034cf51eaff0a7f54604ceb3ef9f64532326d28091aa4f4bfd93e0715b961c1b3fbdac691da09006dff68bf6148bb55979beceac4db9f47dda3958cd40b3013a1258974a25d7ba59ab118332dc848d2a60fb63b84e0796d80ab0f877351b1a0ce4a2c31de78acdcd38c44d63d0751abed776d0d86d62082f11c4d8c8c8a2c5b187db26bb551edb1ccdc8138478937ec522639b1c450318f16c0c9011ececbfcc1d12dfb270af59cb828bee6ec93623b5ef1e4e6083917047f3f7c2a199ae84653ec14f8749f105773e9a039764b087065aa1c77aa892b3ac33e9e1dcc03c7ef3a108a1d3477966d09aa5e0597a704b912842ebfaa7a19aeeda7fc9aca5a9fde4c0169bf1746d5a5567894d3f23a89ba90a44542de1c0ee6c09f227fc87c07c76eb9834bffe79d50bdfc5482b13f51ee
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber07c1044c6a0de08e13cc1b5e2c6d1fc0
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • MmUnmapLockedPages
    • IoDeleteSymbolicLink
    • ExFreePoolWithTag
    • MmMapLockedPages
    • RtlInitUnicodeString
    • IoDeleteDevice
    • IoIs32bitProcess
    • MmUnmapIoSpace
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ExAllocatePool
    • MmMapIoSpace
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • IoAllocateMdl
    • KeBugCheckEx
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT

    Signature

    Expand
    {
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "08ad40b260d29c4c9f5ecda9bd93aed9",
      "Signature": "3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
      "Subject": "C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1",
      "TBS": {
        "MD5": "5d8003a64dfa5a4d88365da1566038cb",
        "SHA1": "79465b56bc7ad55a37bdf633943da8bfc84db228",
        "SHA256": "84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332",
        "SHA384": "65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64"
      },
      "ValidFrom": "2021-04-29 00:00:00",
      "ValidTo": "2036-04-28 23:59:59",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "07c1044c6a0de08e13cc1b5e2c6d1fc0",
      "Signature": "3b0f3ae78dd863d21287b9c3c9b2708a857a104282d3dfe0f8a25e54015cd2b538e5952c295539447eaaaa6ff2804fcf737f62a633c090dc4d250a6738bed4f60ffea1aba18b6a1f2240b72b1c9ff3ffbb0e592178284d375dfdefb2c6f67675c6fe060b426811643081b74f433f473b80ae4918600bbde8f0cf8fa9d4237f3f89dd5bdbc8fb8698066307446fcedc640df539dd8b773ad5bda1d4b9083bc83c88fb3685fdde177bf80a1f1d66fdb492960a1334bd9b17141d1ff1c52b380aca6f092d746509ef5291b8a18f325871a51034cf51eaff0a7f54604ceb3ef9f64532326d28091aa4f4bfd93e0715b961c1b3fbdac691da09006dff68bf6148bb55979beceac4db9f47dda3958cd40b3013a1258974a25d7ba59ab118332dc848d2a60fb63b84e0796d80ab0f877351b1a0ce4a2c31de78acdcd38c44d63d0751abed776d0d86d62082f11c4d8c8c8a2c5b187db26bb551edb1ccdc8138478937ec522639b1c450318f16c0c9011ececbfcc1d12dfb270af59cb828bee6ec93623b5ef1e4e6083917047f3f7c2a199ae84653ec14f8749f105773e9a039764b087065aa1c77aa892b3ac33e9e1dcc03c7ef3a108a1d3477966d09aa5e0597a704b912842ebfaa7a19aeeda7fc9aca5a9fde4c0169bf1746d5a5567894d3f23a89ba90a44542de1c0ee6c09f227fc87c07c76eb9834bffe79d50bdfc5482b13f51ee",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Moyea Software, CN=Shenzhen Moyea Software",
      "TBS": {
        "MD5": "71dd0345e896c6033cef5840c28346ba",
        "SHA1": "a8f17de69b591a80015e33f290808d5072f5fb4a",
        "SHA256": "01be120134997087d356bd5d50fa89eed3447aeff1b66d7327373693e4879d42",
        "SHA384": "269e4987cca4027fe44741ac54963d53289aea17cd951cffbf014790a02639417cd7e489b409dea04c41c630abff6da0"
      },
      "ValidFrom": "2021-10-14 00:00:00",
      "ValidTo": "2024-10-16 23:59:59",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1",
      "SerialNumber": "07c1044c6a0de08e13cc1b5e2c6d1fc0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}
    PropertyValue
    Filename
    Creation Timestamp2014-08-19 21:33:26
    MD5a125390293d50091b643cfa096c2148c
    SHA1ff9887cfd695916a06319b3a96f7ab2e6343a20e
    SHA256e26a21e1b79ecaee7033e05edb0bd72aca463c23bd6fdf5835916ce2dfdf1a63
    Authentihash MD58f3890ebc1854d6b014daf1cd58a683c
    Authentihash SHA185f0ac83889df6d3feb439fe2026ce3a7968e263
    Authentihash SHA256d6cb3418c1a512aef6b15586bf5234689d4e471e854103a72d80a8597d263403
    RichPEHeaderHash MD59c3a27e39a5e503f8e7a328f3d23c7d1
    RichPEHeaderHash SHA1ad62f47b829e51043a7c1554326d1e7a64f69ece
    RichPEHeaderHash SHA256d857baa340c7338dffd557b7409c2ddc259a88807a2583770407513e30ed7bbf

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee152d7
    FieldValue
    ToBeSigned (TBS) MD5e140543fe3256027cfa79fc3c19c1776
    ToBeSigned (TBS) SHA1c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
    ToBeSigned (TBS) SHA2563ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2028-01-28 12:00:00
    Signature4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee152d7
    Version3
    Certificate 1121405c1f0ed258882be54d8686ba11ea45
    FieldValue
    ToBeSigned (TBS) MD5b95cbc184d388718612d5933f7b36770
    ToBeSigned (TBS) SHA1ff124c5d160710720108616ffee99bbe090ed363
    ToBeSigned (TBS) SHA25613027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
    SubjectC=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode , G1
    ValidFrom2013-08-23 00:00:00
    ValidTo2024-09-23 00:00:00
    Signature0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber1121405c1f0ed258882be54d8686ba11ea45
    Version3
    Certificate 3c4080057de4b37a48e6a7ba6ccf0e07
    FieldValue
    ToBeSigned (TBS) MD57c755dc4cf3054f9ccaf400c6dde5e3e
    ToBeSigned (TBS) SHA1bc3f88dc6acdfdcce7ca7f6703dab970bcd88c36
    ToBeSigned (TBS) SHA25637dab5ac1313736d65f5b08813415b85f13d6265ba97edf8e1d965059710de77
    SubjectC=CN, ST=GuangDong, L=ShenZhen, O=Shenzhen Moyea Software, OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Moyea Software
    ValidFrom2013-06-26 00:00:00
    ValidTo2015-07-26 23:59:59
    Signature9fae06239933edda24c66ceed64d273ced1af9e27f353ca00c242ddda14e2ed348797fe4ac70004ed786c4861c489cac5c166c3cdd1df2b55f19270dfa38ae21ee464154efb02c00a384ed1c59f3978438341a8cd5aa4d99e477d7a63dbb48f928ce43e9551b1ef9282a411f07dab2bd773dd55e074397c64ec677d060b1c64027f56d9c65d1e3714dd204361abe1e39af47fad59068172a89625f600f52517e833af5a88dd4e3d5c6c11c7721ec854f522ec1b504d7ef458f3431c4a8525f1a0e9fdc4d3fe030aacbafebc0a817ca9e407dc6f4e1b0022778bde96f274cc791834239fa131570fb4ad8a2a62cc7703e2905ea60e33f456516796b680d31060f
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber3c4080057de4b37a48e6a7ba6ccf0e07
    Version3
    Certificate 611993e400000000001c
    FieldValue
    ToBeSigned (TBS) MD578a717e082dcc1cda3458d917e677d14
    ToBeSigned (TBS) SHA14a872e0e51f9b304469cd1dedb496ee9b8b983a4
    ToBeSigned (TBS) SHA256317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
    ValidFrom2011-02-22 19:25:17
    ValidTo2021-02-22 19:35:17
    Signature812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611993e400000000001c
    Version3
    Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
    FieldValue
    ToBeSigned (TBS) MD5b30c31a572b0409383ed3fbe17e56e81
    ToBeSigned (TBS) SHA14843a82ed3b1f2bfbee9671960e1940c942f688d
    ToBeSigned (TBS) SHA25603cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber5200e5aa2556fc1a86ed96c9d44b33c7
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • MmUnmapLockedPages
    • IoDeleteSymbolicLink
    • ExFreePoolWithTag
    • MmMapLockedPages
    • RtlInitUnicodeString
    • IoDeleteDevice
    • IoIs32bitProcess
    • MmUnmapIoSpace
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ExAllocatePool
    • MmMapIoSpace
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • IoAllocateMdl
    • KeBugCheckEx
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT

    Signature

    Expand
    {
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "08ad40b260d29c4c9f5ecda9bd93aed9",
      "Signature": "3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
      "Subject": "C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1",
      "TBS": {
        "MD5": "5d8003a64dfa5a4d88365da1566038cb",
        "SHA1": "79465b56bc7ad55a37bdf633943da8bfc84db228",
        "SHA256": "84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332",
        "SHA384": "65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64"
      },
      "ValidFrom": "2021-04-29 00:00:00",
      "ValidTo": "2036-04-28 23:59:59",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "07c1044c6a0de08e13cc1b5e2c6d1fc0",
      "Signature": "3b0f3ae78dd863d21287b9c3c9b2708a857a104282d3dfe0f8a25e54015cd2b538e5952c295539447eaaaa6ff2804fcf737f62a633c090dc4d250a6738bed4f60ffea1aba18b6a1f2240b72b1c9ff3ffbb0e592178284d375dfdefb2c6f67675c6fe060b426811643081b74f433f473b80ae4918600bbde8f0cf8fa9d4237f3f89dd5bdbc8fb8698066307446fcedc640df539dd8b773ad5bda1d4b9083bc83c88fb3685fdde177bf80a1f1d66fdb492960a1334bd9b17141d1ff1c52b380aca6f092d746509ef5291b8a18f325871a51034cf51eaff0a7f54604ceb3ef9f64532326d28091aa4f4bfd93e0715b961c1b3fbdac691da09006dff68bf6148bb55979beceac4db9f47dda3958cd40b3013a1258974a25d7ba59ab118332dc848d2a60fb63b84e0796d80ab0f877351b1a0ce4a2c31de78acdcd38c44d63d0751abed776d0d86d62082f11c4d8c8c8a2c5b187db26bb551edb1ccdc8138478937ec522639b1c450318f16c0c9011ececbfcc1d12dfb270af59cb828bee6ec93623b5ef1e4e6083917047f3f7c2a199ae84653ec14f8749f105773e9a039764b087065aa1c77aa892b3ac33e9e1dcc03c7ef3a108a1d3477966d09aa5e0597a704b912842ebfaa7a19aeeda7fc9aca5a9fde4c0169bf1746d5a5567894d3f23a89ba90a44542de1c0ee6c09f227fc87c07c76eb9834bffe79d50bdfc5482b13f51ee",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Moyea Software, CN=Shenzhen Moyea Software",
      "TBS": {
        "MD5": "71dd0345e896c6033cef5840c28346ba",
        "SHA1": "a8f17de69b591a80015e33f290808d5072f5fb4a",
        "SHA256": "01be120134997087d356bd5d50fa89eed3447aeff1b66d7327373693e4879d42",
        "SHA384": "269e4987cca4027fe44741ac54963d53289aea17cd951cffbf014790a02639417cd7e489b409dea04c41c630abff6da0"
      },
      "ValidFrom": "2021-10-14 00:00:00",
      "ValidTo": "2024-10-16 23:59:59",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1",
      "SerialNumber": "07c1044c6a0de08e13cc1b5e2c6d1fc0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}
    PropertyValue
    Filename
    Creation Timestamp2014-08-19 21:33:26
    MD50c55128c301921ce71991a6d546756ad
    SHA1ef8de780cfe839ecf6dc0dc161ae645bff9b853c
    SHA256fc3e8554602c476e2edfa92ba4f6fb2e5ba0db433b9fbd7d8be1036e454d2584
    Authentihash MD58f3890ebc1854d6b014daf1cd58a683c
    Authentihash SHA185f0ac83889df6d3feb439fe2026ce3a7968e263
    Authentihash SHA256d6cb3418c1a512aef6b15586bf5234689d4e471e854103a72d80a8597d263403
    RichPEHeaderHash MD59c3a27e39a5e503f8e7a328f3d23c7d1
    RichPEHeaderHash SHA1ad62f47b829e51043a7c1554326d1e7a64f69ece
    RichPEHeaderHash SHA256d857baa340c7338dffd557b7409c2ddc259a88807a2583770407513e30ed7bbf

    Download

    Certificates

    Expand
    Certificate 0d424ae0be3a88ff604021ce1400f0dd
    FieldValue
    ToBeSigned (TBS) MD5c0189c338449a42fe8358c2c1fbecc60
    ToBeSigned (TBS) SHA1b8ac0ee6875594b80ad86a6df6dd1fa3048c187c
    ToBeSigned (TBS) SHA256a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5
    SubjectC=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021
    ValidFrom2021-01-01 00:00:00
    ValidTo2031-01-06 00:00:00
    Signature481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber0d424ae0be3a88ff604021ce1400f0dd
    Version3
    Certificate 0aa125d6d6321b7e41e405da3697c215
    FieldValue
    ToBeSigned (TBS) MD58d26184fc613f89aba1cefb30fce1b53
    ToBeSigned (TBS) SHA163a7e376bad5ec2e419d514a403bcf46c8d31d95
    ToBeSigned (TBS) SHA25656b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured ID Timestamping CA
    ValidFrom2016-01-07 12:00:00
    ValidTo2031-01-07 12:00:00
    Signature719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber0aa125d6d6321b7e41e405da3697c215
    Version3
    Certificate 059b1b579e8e2132e23907bda777755c
    FieldValue
    ToBeSigned (TBS) MD541b622dd54995550fdc2f31ea12f8d9b
    ToBeSigned (TBS) SHA1420704040c93dfe9d3ad01a26c07f2be1f4888c1
    ToBeSigned (TBS) SHA2564816e2e9e37ba61e1def6f7a4c623e981c7af355e51349b5554a3d56c5252e24
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
    ValidFrom2013-08-01 12:00:00
    ValidTo2038-01-15 12:00:00
    Signaturebb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e
    SignatureAlgorithmOID1.2.840.113549.1.1.12
    IsCertificateAuthorityTrue
    SerialNumber059b1b579e8e2132e23907bda777755c
    Version3
    Certificate 08ad40b260d29c4c9f5ecda9bd93aed9
    FieldValue
    ToBeSigned (TBS) MD55d8003a64dfa5a4d88365da1566038cb
    ToBeSigned (TBS) SHA179465b56bc7ad55a37bdf633943da8bfc84db228
    ToBeSigned (TBS) SHA25684bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
    SubjectC=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
    ValidFrom2021-04-29 00:00:00
    ValidTo2036-04-28 23:59:59
    Signature3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
    SignatureAlgorithmOID1.2.840.113549.1.1.12
    IsCertificateAuthorityTrue
    SerialNumber08ad40b260d29c4c9f5ecda9bd93aed9
    Version3
    Certificate 07c1044c6a0de08e13cc1b5e2c6d1fc0
    FieldValue
    ToBeSigned (TBS) MD571dd0345e896c6033cef5840c28346ba
    ToBeSigned (TBS) SHA1a8f17de69b591a80015e33f290808d5072f5fb4a
    ToBeSigned (TBS) SHA25601be120134997087d356bd5d50fa89eed3447aeff1b66d7327373693e4879d42
    SubjectC=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Moyea Software, CN=Shenzhen Moyea Software
    ValidFrom2021-10-14 00:00:00
    ValidTo2024-10-16 23:59:59
    Signature3b0f3ae78dd863d21287b9c3c9b2708a857a104282d3dfe0f8a25e54015cd2b538e5952c295539447eaaaa6ff2804fcf737f62a633c090dc4d250a6738bed4f60ffea1aba18b6a1f2240b72b1c9ff3ffbb0e592178284d375dfdefb2c6f67675c6fe060b426811643081b74f433f473b80ae4918600bbde8f0cf8fa9d4237f3f89dd5bdbc8fb8698066307446fcedc640df539dd8b773ad5bda1d4b9083bc83c88fb3685fdde177bf80a1f1d66fdb492960a1334bd9b17141d1ff1c52b380aca6f092d746509ef5291b8a18f325871a51034cf51eaff0a7f54604ceb3ef9f64532326d28091aa4f4bfd93e0715b961c1b3fbdac691da09006dff68bf6148bb55979beceac4db9f47dda3958cd40b3013a1258974a25d7ba59ab118332dc848d2a60fb63b84e0796d80ab0f877351b1a0ce4a2c31de78acdcd38c44d63d0751abed776d0d86d62082f11c4d8c8c8a2c5b187db26bb551edb1ccdc8138478937ec522639b1c450318f16c0c9011ececbfcc1d12dfb270af59cb828bee6ec93623b5ef1e4e6083917047f3f7c2a199ae84653ec14f8749f105773e9a039764b087065aa1c77aa892b3ac33e9e1dcc03c7ef3a108a1d3477966d09aa5e0597a704b912842ebfaa7a19aeeda7fc9aca5a9fde4c0169bf1746d5a5567894d3f23a89ba90a44542de1c0ee6c09f227fc87c07c76eb9834bffe79d50bdfc5482b13f51ee
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber07c1044c6a0de08e13cc1b5e2c6d1fc0
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • MmUnmapLockedPages
    • IoDeleteSymbolicLink
    • ExFreePoolWithTag
    • MmMapLockedPages
    • RtlInitUnicodeString
    • IoDeleteDevice
    • IoIs32bitProcess
    • MmUnmapIoSpace
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ExAllocatePool
    • MmMapIoSpace
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • IoAllocateMdl
    • KeBugCheckEx
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT

    Signature

    Expand
    {
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "08ad40b260d29c4c9f5ecda9bd93aed9",
      "Signature": "3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
      "Subject": "C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1",
      "TBS": {
        "MD5": "5d8003a64dfa5a4d88365da1566038cb",
        "SHA1": "79465b56bc7ad55a37bdf633943da8bfc84db228",
        "SHA256": "84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332",
        "SHA384": "65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64"
      },
      "ValidFrom": "2021-04-29 00:00:00",
      "ValidTo": "2036-04-28 23:59:59",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "07c1044c6a0de08e13cc1b5e2c6d1fc0",
      "Signature": "3b0f3ae78dd863d21287b9c3c9b2708a857a104282d3dfe0f8a25e54015cd2b538e5952c295539447eaaaa6ff2804fcf737f62a633c090dc4d250a6738bed4f60ffea1aba18b6a1f2240b72b1c9ff3ffbb0e592178284d375dfdefb2c6f67675c6fe060b426811643081b74f433f473b80ae4918600bbde8f0cf8fa9d4237f3f89dd5bdbc8fb8698066307446fcedc640df539dd8b773ad5bda1d4b9083bc83c88fb3685fdde177bf80a1f1d66fdb492960a1334bd9b17141d1ff1c52b380aca6f092d746509ef5291b8a18f325871a51034cf51eaff0a7f54604ceb3ef9f64532326d28091aa4f4bfd93e0715b961c1b3fbdac691da09006dff68bf6148bb55979beceac4db9f47dda3958cd40b3013a1258974a25d7ba59ab118332dc848d2a60fb63b84e0796d80ab0f877351b1a0ce4a2c31de78acdcd38c44d63d0751abed776d0d86d62082f11c4d8c8c8a2c5b187db26bb551edb1ccdc8138478937ec522639b1c450318f16c0c9011ececbfcc1d12dfb270af59cb828bee6ec93623b5ef1e4e6083917047f3f7c2a199ae84653ec14f8749f105773e9a039764b087065aa1c77aa892b3ac33e9e1dcc03c7ef3a108a1d3477966d09aa5e0597a704b912842ebfaa7a19aeeda7fc9aca5a9fde4c0169bf1746d5a5567894d3f23a89ba90a44542de1c0ee6c09f227fc87c07c76eb9834bffe79d50bdfc5482b13f51ee",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Moyea Software, CN=Shenzhen Moyea Software",
      "TBS": {
        "MD5": "71dd0345e896c6033cef5840c28346ba",
        "SHA1": "a8f17de69b591a80015e33f290808d5072f5fb4a",
        "SHA256": "01be120134997087d356bd5d50fa89eed3447aeff1b66d7327373693e4879d42",
        "SHA384": "269e4987cca4027fe44741ac54963d53289aea17cd951cffbf014790a02639417cd7e489b409dea04c41c630abff6da0"
      },
      "ValidFrom": "2021-10-14 00:00:00",
      "ValidTo": "2024-10-16 23:59:59",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1",
      "SerialNumber": "07c1044c6a0de08e13cc1b5e2c6d1fc0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

    source

    last_updated: 2024-09-26