3bec7340-bd8b-43ae-8569-d81a66f01dda
ene.sys 
Description
ene.sys is a vulnerable driver and more information will be added as found.
- UUID: 3bec7340-bd8b-43ae-8569-d81a66f01dda
- Created: 2023-05-06
- Author: Nasreddine Bencherchali
- Acknowledgement: |
This download link contains the vulnerable driver!
Commands
| Use Case | Privileges | Operating System |
|---|---|---|
| Elevate privileges | kernel | Windows 10 |
Detections
YARA 🏹
Expand
with header and size limitation
without header and size limitation
for renamed driver files
Resources
Known Vulnerable Samples
| Property | Value |
|---|---|
| Filename | ene.sys |
| Creation Timestamp | 2019-05-15 09:36:46 |
| MD5 | fd80c3d38669b302de4b4b736941c0d1 |
| SHA1 | c47b890dda9882f9f37eccc27d58d6a774a2901f |
| SHA256 | 16768203a471a19ebb541c942f45716e9f432985abbfbe6b4b7d61a798cea354 |
| Authentihash MD5 | f2d4af4dcb47113b44651d663ee322f8 |
| Authentihash SHA1 | 097653d7068265aae9f00e37c904857d944a774c |
| Authentihash SHA256 | 995284d05f947e2db58ece30b6d61653a2b94b2c337e5c75ca8315793e0b3955 |
| RichPEHeaderHash MD5 | 2b745d90a102a42256774e350aac3080 |
| RichPEHeaderHash SHA1 | 45768de16e9654a5b21dcc916b5115ef81950791 |
| RichPEHeaderHash SHA256 | 59089a80084d2dd2efbc48ed53ce8eb6198155fe8552e36c1355c732691963a3 |
Certificates
Expand
Certificate 33000000253a2738690a3451c1000000000025
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 60cb2d8488f8724a67bf3254e6a57ff1 |
| ToBeSigned (TBS) SHA1 | 37aef77a1afaa33ac5787fc43a2c1e2509a19eb1 |
| ToBeSigned (TBS) SHA256 | 495a6ff7ace92f915eb1753c4c0b32612056e6d320bb17ff90346db3aa357432 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2018-09-06 21:30:32 |
| ValidTo | 2019-09-06 21:30:32 |
| Signature | a5a2a99a97df110e18898e98fd07aaa52616e13f9c681d0f99cbafcb2914dd7a56a8324ab1fa926b26b9c5c87fd653c193cac3773f7750425d2090034461012f476d77005a079f2883e4cfa8b1dbab735f086c9692b3f6f53efb5db881bd94cdbda4c4c9597026a8fbf1eed41bf628879156fcacae96e751d4fe117f0f6dc985ef3bd72a7bd299bd507633600c9df2f92306fe4833a8d784019dbe8baaaa06fddae1d5066677c9bcce6506e6ebe455cc9f46b1e6e9d77f2a82159b2aac861eeb400de3dcef2bdfa85e0dc51628945f14b3f44340ba9f2a3af7ef1bf24f372b3a0d0fef4baafb86cf3ba43f29030b891d4b46b4ccb29b00506dc0ee0e44959f8369fc9e0fd4bc5fa12159a4cd6db8f9af57353c132654278784509635cf5e020c43757525a4d3dcbbd532986b46b2efaa2b6b3a00aa8d44cd0546efddb6ab2e30ccf75aba4bc8d9249262e408516b89cdd58c55b9af18baeb0201f7732724b4d3ca0c74ebc4afa19bb5583f948e9619232ece825e09465fdab93f6fe6ed0590d08435879ac1ba3cf41a8c4a8f5fea6a50e84a21a5ca38414e85de3867f4bce967cb45b62335b7416a0fdc08c1e3c049e85ef944f438e5f1296a659ff8e01a170001751f92b395bd7c9b4f33106a708a005c16c2b5439bac392253e1bcfbcb545d5f6243466205655a2e496098b9045d605b632b8f98d29f51e27e62fe63a4e8f2 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000000253a2738690a3451c1000000000025 |
| Version | 3 |
Certificate 330000000d690d5d7893d076df00000000000d
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 83f69422963f11c3c340b81712eef319 |
| ToBeSigned (TBS) SHA1 | 0c5e5f24590b53bc291e28583acb78e5adc95601 |
| ToBeSigned (TBS) SHA256 | d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014 |
| ValidFrom | 2014-10-15 20:31:27 |
| ValidTo | 2029-10-15 20:41:27 |
| Signature | 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 330000000d690d5d7893d076df00000000000d |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- HAL.dll
Imported Functions
Expand
- RtlInitUnicodeString
- IoDeleteDevice
- ZwUnmapViewOfSection
- ZwClose
- IofCompleteRequest
- ObReferenceObjectByHandle
- ZwMapViewOfSection
- ObfDereferenceObject
- IoCreateDevice
- RtlAssert
- ZwOpenSection
- DbgPrint
- KeBugCheckEx
- IoCreateSymbolicLink
- IoDeleteSymbolicLink
- HalTranslateBusAddress
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
Signature
Expand
1
{
2
"Certificates": [
3
{
4
"IsCertificateAuthority": false,
5
"SerialNumber": "33000000253a2738690a3451c1000000000025",
6
"Signature": "a5a2a99a97df110e18898e98fd07aaa52616e13f9c681d0f99cbafcb2914dd7a56a8324ab1fa926b26b9c5c87fd653c193cac3773f7750425d2090034461012f476d77005a079f2883e4cfa8b1dbab735f086c9692b3f6f53efb5db881bd94cdbda4c4c9597026a8fbf1eed41bf628879156fcacae96e751d4fe117f0f6dc985ef3bd72a7bd299bd507633600c9df2f92306fe4833a8d784019dbe8baaaa06fddae1d5066677c9bcce6506e6ebe455cc9f46b1e6e9d77f2a82159b2aac861eeb400de3dcef2bdfa85e0dc51628945f14b3f44340ba9f2a3af7ef1bf24f372b3a0d0fef4baafb86cf3ba43f29030b891d4b46b4ccb29b00506dc0ee0e44959f8369fc9e0fd4bc5fa12159a4cd6db8f9af57353c132654278784509635cf5e020c43757525a4d3dcbbd532986b46b2efaa2b6b3a00aa8d44cd0546efddb6ab2e30ccf75aba4bc8d9249262e408516b89cdd58c55b9af18baeb0201f7732724b4d3ca0c74ebc4afa19bb5583f948e9619232ece825e09465fdab93f6fe6ed0590d08435879ac1ba3cf41a8c4a8f5fea6a50e84a21a5ca38414e85de3867f4bce967cb45b62335b7416a0fdc08c1e3c049e85ef944f438e5f1296a659ff8e01a170001751f92b395bd7c9b4f33106a708a005c16c2b5439bac392253e1bcfbcb545d5f6243466205655a2e496098b9045d605b632b8f98d29f51e27e62fe63a4e8f2",
7
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
8
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
9
"TBS": {
10
"MD5": "60cb2d8488f8724a67bf3254e6a57ff1",
11
"SHA1": "37aef77a1afaa33ac5787fc43a2c1e2509a19eb1",
12
"SHA256": "495a6ff7ace92f915eb1753c4c0b32612056e6d320bb17ff90346db3aa357432",
13
"SHA384": "2a90dcf67abc92f070775de78ecf066e7730ea57b4c4d6c64cfdd66c3eb0f639ac188b24571a9f600ef017737a71decf"
14
},
15
"ValidFrom": "2018-09-06 21:30:32",
16
"ValidTo": "2019-09-06 21:30:32",
17
"Version": 3
18
},
19
{
20
"IsCertificateAuthority": true,
21
"SerialNumber": "330000000d690d5d7893d076df00000000000d",
22
"Signature": "96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f",
23
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
24
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
25
"TBS": {
26
"MD5": "83f69422963f11c3c340b81712eef319",
27
"SHA1": "0c5e5f24590b53bc291e28583acb78e5adc95601",
28
"SHA256": "d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae",
29
"SHA384": "260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63"
30
},
31
"ValidFrom": "2014-10-15 20:31:27",
32
"ValidTo": "2029-10-15 20:41:27",
33
"Version": 3
34
}
35
],
36
"CertificatesInfo": "",
37
"Signer": [
38
{
39
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
40
"SerialNumber": "33000000253a2738690a3451c1000000000025",
41
"Version": 1
42
}
43
],
44
"SignerInfo": ""
45
}
not set
| Property | Value |
|---|---|
| Filename | ene.sys |
| Creation Timestamp | 2020-05-08 00:07:19 |
| MD5 | 7e6e2ed880c7ab115fca68136051f9ce |
| SHA1 | 3cd037fbba8aae82c1b111c9f8755349c98bcb3c |
| SHA256 | 175eed7a4c6de9c3156c7ae16ae85c554959ec350f1c8aaa6dfe8c7e99de3347 |
| Authentihash MD5 | 6055cbe0b4c535baa8c15473fc97e61a |
| Authentihash SHA1 | ce280412dd778cafbe6dbb05b8cab42e98d3ae56 |
| Authentihash SHA256 | 795e5774aefd74200d552bf7ede17491c254fa7a73e2a00eb0e1462f18211ff5 |
| RichPEHeaderHash MD5 | d0ffa2aaf0d3bc149c94629fd26d9a1a |
| RichPEHeaderHash SHA1 | 9d3eb6a840044e7e6f4dd9602d13be9e727d0104 |
| RichPEHeaderHash SHA256 | 893f6ad3e6f34030f6416c00feb4f816d84461e62e441908bab4a6fdb39b0761 |
Certificates
Expand
Certificate 330000003a6ae333708fda7a7b00000000003a
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 6f5d716e7151f1c173396adb7213359e |
| ToBeSigned (TBS) SHA1 | 100610baae90027e9844a8e9c4d489fe122ecd9c |
| ToBeSigned (TBS) SHA256 | 677d532777cee24be88442efec75e9640e80ef57d8e1246396459a1a04be733f |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2020-03-11 17:31:14 |
| ValidTo | 2021-03-05 17:31:14 |
| Signature | 7dfc7c353c4c04d9d06066e1ca8584637192eb15d1d6e7c5521b0d819d615fb56524985d30535b0573fb8e0d13173d51b27bd23b9a2052738891d67ed360766452b62c4566eb20c90f018229a8e951bf58df5a7d731c1e51217f471d470979f04e900920bfc8715122b331d82f68f73ebf3de36e09d18fbfed2f3c29190a41baafbca0025bf4e36310a04cb8e61c32fda677820aa693a7f5e69d3c3abdb495b12bb8b6d10f65d44fae945d9b0fcf695d4711fc9e1c0ddb1f569c13093e16c389f748d8fe60e8685f02357464564761db4cece391baa742f3ad3bcfa26e01975966ca41939c832bf1147bec870162ce042fd0cf10d048181ec573d317f2c5de21512f13b24de9bac9bb83fc2ceb4f6f766536fe38c03ede1f8b0a3b8828e8d914d73d0a17699ab20264a27a36e0f77c5144cf470bf44d2296290e345bd25c0bc6a08dd963ec39ce0e500599751c652dc20e9906c1ce76c1d86c09058ae8defb3d7b93b68a34ca83a981a30c2403723f7e5c664b1e951050002ad32e976db221c2d8c660047dc6acfe0da16d44c6372a5cd04b016a35193f841b903ba87e2d6e416a2c59469af9f16e249bb891f21ec22f2db0a84a48d7a9e43d2f7e3bdd016d600f57daf21829885ec035287ab332c32738f5e26c6d2502b2f044afb1e048c85c7c9baf76747de14ecdeca3c7481796a741672a047f89dafe2c12c01982a026c4 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 330000003a6ae333708fda7a7b00000000003a |
| Version | 3 |
Certificate 330000000d690d5d7893d076df00000000000d
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 83f69422963f11c3c340b81712eef319 |
| ToBeSigned (TBS) SHA1 | 0c5e5f24590b53bc291e28583acb78e5adc95601 |
| ToBeSigned (TBS) SHA256 | d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014 |
| ValidFrom | 2014-10-15 20:31:27 |
| ValidTo | 2029-10-15 20:41:27 |
| Signature | 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 330000000d690d5d7893d076df00000000000d |
| Version | 3 |
Imports
Expand
- cng.sys
- ntoskrnl.exe
- HAL.dll
Imported Functions
Expand
- BCryptCloseAlgorithmProvider
- BCryptGetProperty
- BCryptDecrypt
- BCryptImportKey
- BCryptDestroyKey
- BCryptSetProperty
- BCryptOpenAlgorithmProvider
- IofCompleteRequest
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- wcsstr
- ObfDereferenceObject
- ZwClose
- ZwOpenSection
- ZwMapViewOfSection
- ZwUnmapViewOfSection
- PsSetLoadImageNotifyRoutine
- PsRemoveLoadImageNotifyRoutine
- PsGetCurrentProcessId
- RtlTimeToSecondsSince1970
- __C_specific_handler
- ExAllocatePoolWithTag
- ExFreePoolWithTag
- RtlInitUnicodeString
- KeBugCheckEx
- ObReferenceObjectByHandle
- HalTranslateBusAddress
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .reloc
Signature
Expand
1
{
2
"Certificates": [
3
{
4
"IsCertificateAuthority": false,
5
"SerialNumber": "33000000253a2738690a3451c1000000000025",
6
"Signature": "a5a2a99a97df110e18898e98fd07aaa52616e13f9c681d0f99cbafcb2914dd7a56a8324ab1fa926b26b9c5c87fd653c193cac3773f7750425d2090034461012f476d77005a079f2883e4cfa8b1dbab735f086c9692b3f6f53efb5db881bd94cdbda4c4c9597026a8fbf1eed41bf628879156fcacae96e751d4fe117f0f6dc985ef3bd72a7bd299bd507633600c9df2f92306fe4833a8d784019dbe8baaaa06fddae1d5066677c9bcce6506e6ebe455cc9f46b1e6e9d77f2a82159b2aac861eeb400de3dcef2bdfa85e0dc51628945f14b3f44340ba9f2a3af7ef1bf24f372b3a0d0fef4baafb86cf3ba43f29030b891d4b46b4ccb29b00506dc0ee0e44959f8369fc9e0fd4bc5fa12159a4cd6db8f9af57353c132654278784509635cf5e020c43757525a4d3dcbbd532986b46b2efaa2b6b3a00aa8d44cd0546efddb6ab2e30ccf75aba4bc8d9249262e408516b89cdd58c55b9af18baeb0201f7732724b4d3ca0c74ebc4afa19bb5583f948e9619232ece825e09465fdab93f6fe6ed0590d08435879ac1ba3cf41a8c4a8f5fea6a50e84a21a5ca38414e85de3867f4bce967cb45b62335b7416a0fdc08c1e3c049e85ef944f438e5f1296a659ff8e01a170001751f92b395bd7c9b4f33106a708a005c16c2b5439bac392253e1bcfbcb545d5f6243466205655a2e496098b9045d605b632b8f98d29f51e27e62fe63a4e8f2",
7
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
8
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
9
"TBS": {
10
"MD5": "60cb2d8488f8724a67bf3254e6a57ff1",
11
"SHA1": "37aef77a1afaa33ac5787fc43a2c1e2509a19eb1",
12
"SHA256": "495a6ff7ace92f915eb1753c4c0b32612056e6d320bb17ff90346db3aa357432",
13
"SHA384": "2a90dcf67abc92f070775de78ecf066e7730ea57b4c4d6c64cfdd66c3eb0f639ac188b24571a9f600ef017737a71decf"
14
},
15
"ValidFrom": "2018-09-06 21:30:32",
16
"ValidTo": "2019-09-06 21:30:32",
17
"Version": 3
18
},
19
{
20
"IsCertificateAuthority": true,
21
"SerialNumber": "330000000d690d5d7893d076df00000000000d",
22
"Signature": "96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f",
23
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
24
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
25
"TBS": {
26
"MD5": "83f69422963f11c3c340b81712eef319",
27
"SHA1": "0c5e5f24590b53bc291e28583acb78e5adc95601",
28
"SHA256": "d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae",
29
"SHA384": "260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63"
30
},
31
"ValidFrom": "2014-10-15 20:31:27",
32
"ValidTo": "2029-10-15 20:41:27",
33
"Version": 3
34
}
35
],
36
"CertificatesInfo": "",
37
"Signer": [
38
{
39
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
40
"SerialNumber": "33000000253a2738690a3451c1000000000025",
41
"Version": 1
42
}
43
],
44
"SignerInfo": ""
45
}
not set
| Property | Value |
|---|---|
| Filename | ene.sys |
| Creation Timestamp | 2018-03-19 21:59:12 |
| MD5 | 8942e9fa2459b1e179a6535ca16a2fb4 |
| SHA1 | 3a3342f4ca8cc45c6b86f64b1a7d7659020b429f |
| SHA256 | 810513b3f4c8d29afb46f71816350088caacf46f1be361af55b26f3fee4662c3 |
| Authentihash MD5 | 198111fd73515aa7fe4387612f027f0f |
| Authentihash SHA1 | 651b953cb03928e41424ad59f21d4978d6f4952e |
| Authentihash SHA256 | ebbaa44277a3ec6e20ad3f6aef5399fdc398306eb4c13aa96e45c9a281820a12 |
| RichPEHeaderHash MD5 | 2b745d90a102a42256774e350aac3080 |
| RichPEHeaderHash SHA1 | 45768de16e9654a5b21dcc916b5115ef81950791 |
| RichPEHeaderHash SHA256 | 59089a80084d2dd2efbc48ed53ce8eb6198155fe8552e36c1355c732691963a3 |
Certificates
Expand
Certificate 1688f039255e638e69143907e6330b
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 0179e8ddeebaf8998fec419d65cdf13d |
| ToBeSigned (TBS) SHA1 | 34c724c3369f2da8c25b591808962f66f10bde28 |
| ToBeSigned (TBS) SHA256 | 35b0bac11602847aaab65fb35199d3c8976cde3ccf7e061b130177c712cbd92f |
| Subject | C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO SHA,1 Time Stamping Signer |
| ValidFrom | 2015-12-31 00:00:00 |
| ValidTo | 2019-07-09 18:40:36 |
| Signature | ba332440408c7cdb589fb36098b2f5c031feeb1f6e50f60ae0e4e681ad2687a2dffdb3daf473f300fb291b891b153edb6b52932bc4ac3981d73c67579a3936e028089ae3394f9b89097f7bc5617f598932250a6aae1a3ef0a227a8b6c3b887f7160448413d5cd8ec9f4d203104d965a1edcd690753163ddd36020a88eb40e506300bb8164bdcefbc5509ffc63e122e76b3dcce42eff97657e1b70a054098589a5d711693718c6581ea6ff389f7fb73adb4e7bfd98e6faa0b4f25f3b8e1d5dd75986881f8aac0d180c2c4c43989c1f6c99e6cd774f9d997f84fc29a0acd5e8ff819e9e0a59fc4f09221e62d7925c922f9c3f03a8457ad3a16f46394101d5dd0c6 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 1688f039255e638e69143907e6330b |
| Version | 3 |
Certificate 3300000035d8d5595b0671412b000000000035
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 3d488d41aaeb5661974952080abef2fd |
| ToBeSigned (TBS) SHA1 | df01e35e6befc7d65625319f17397b861e618d56 |
| ToBeSigned (TBS) SHA256 | 3d6ef38b5d26773dc77392e415e88b3a744b30ea9f2081e2a992b5818db2f0c4 |
| Subject | C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root |
| ValidFrom | 2013-08-15 20:26:30 |
| ValidTo | 2023-08-15 20:36:30 |
| Signature | 362ba2f2e1331fe493f7f26985c6640ec99b632fe4703798fd94ec7bcff8a14246f9ed6a4e8d34693605557a1ebbad8c99429606e925a82684bec1bf16a97caa5b04b7fdd1c0f402be28edf577c79bfe3af6e8c17bd382abfa144ecf2bcfe5d5b54840b1a38f838bad2b2553aba634cef243f74f2ce9dd1e4e5ab6bae83b10992400bc50fd78f6e523a8899493f7b74130374a57b7e644d9c9df9905aa44fc74af8264cc07cb01b609c32ee3e832a7b49f4178c7a184365462f2ec150ac8ead084f8f1e06bf456125f95e0fcddb77693fe294a25e90400f1b4110ec9849edb177df51ea58e3629193a6d6c464bd7ab7024288d05a3d9d524f2f8a0d13c8239d4a8820e693a8109fc06f0c75933843693064191232c22a5a7012b50b428aedb46b0591b86b39b87e8494e390b6d14df4c03301e1f5f74aef55b590353ec9816e0d06235751b48b87d13e57a48b87752a40798253b069b7a4e6a6f44864f144f2779273d5073414c9c413edd290c73b1c7fb1f760c176504ebd25010924149ece4067d3615446f89bf697df94d40c13a98b6a07e31d2b5aecafb53d53f5086cd5e933b6d5d7c9a3f3ff7a9255884dd114900a2c7c89e37dd778e6d718be05b81345d54baccf59347886de7ef5be228e4801b40e40f2ad17f2315655aac9994433f465526d6c4fa8895e2919aa32d0b85deac8ce0f967709f71790231f761a229c4 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 3300000035d8d5595b0671412b000000000035 |
| Version | 3 |
Certificate 2766ee56eb49f38eabd770a2fc84de22
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | be5bfbe77379139ac5cdcbcc8d4d3b34 |
| ToBeSigned (TBS) SHA1 | 606b701bc9f448ddbfe6fa63ccb8061b838ee254 |
| ToBeSigned (TBS) SHA256 | 0d73a614eef7596cf5a34733f74daf2ccfe4df7b4a40069bf43c43e428264177 |
| Subject | C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority |
| ValidFrom | 2000-05-30 10:48:38 |
| ValidTo | 2020-05-30 10:48:38 |
| Signature | 64bf83f15f9a85d0cdb8a129570de85af7d1e93ef276046ef15270bb1e3cff4d0d746acc818225d3c3a02a5d4cf5ba8ba16dc4540975c7e3270e5d847937401377f5b4ac1cd03bab1712d6ef34187e2be979d3ab57450caf28fad0dbe5509588bbdf8557697d92d852ca7381bf1cf3e6b86e661105b31e942d7f91959259f14ccea391714c7c470c3b0b19f6a1b16c863e5caac42e82cbf90796ba484d90f294c8a973a2eb067b239ddea2f34d559f7a6145981868c75e406b23f5797aef8cb56b8bb76f46f47bf13d4b04d89380595ae041241db28f15605847dbef6e46fd15f5d95f9ab3dbd8b8e440b3cd9739ae85bb1d8ebcdc879bd1a6eff13b6f10386f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.12 |
| IsCertificateAuthority | True |
| SerialNumber | 2766ee56eb49f38eabd770a2fc84de22 |
| Version | 3 |
Certificate 00e7640d3b521f8b0b6fd8ce64c827613b
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 4926d545fbfffd080f86c130a9858617 |
| ToBeSigned (TBS) SHA1 | de9cafee670382ee4ad8a306c36c2b908e1542fb |
| ToBeSigned (TBS) SHA256 | 0e53e01805c33df56bd7fade57169dab0081f39eb124d57d9d655940392cf8d1 |
| Subject | C=TW, postalCode=11071, ST=Taiwan, L=Taipei, ??=12F., No.1,8, Sec. 5, Zhongxiao E. Rd., Xinyi Dist., Taipei City 11071, Taiwan (R.O.C.), O=Ptolemy Tech Co., Ltd, CN=Ptolemy Tech Co., Ltd |
| ValidFrom | 2018-02-21 00:00:00 |
| ValidTo | 2019-02-21 23:59:59 |
| Signature | 0dbb7a0ba1c1f2522a473c9994cf7cb087a3e1b69a733e84665124c5473bc87e43d639859088db27ede83500cbf39c36a80b24476562cd1ec3363458efbcf5a770b63f75ae5c249b313cb70603564bc0eaa9825b9c3deaa0460462d7e861d487c474f8af3a42163090b6e189ca8b0d1dbf3d87f80bd1ca031140b3e37baadef936611ab23e5a7419c8dc34dc28b0a8f69c0df0c876a53fcbc7f4e6ba3f0e89cd05faed21432cc43d452344b515dc4f8f90bc5c064d3d0271850147eb782b3ac159f496cdacdc5f1c2c0a02503d042cedf7a7e999520ac193276935bdc224ec0df1bc7b9123cbc96ba51ab57aa4ba52764b04b905c74c3e66d0508fe8031819b8 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 00e7640d3b521f8b0b6fd8ce64c827613b |
| Version | 3 |
Certificate 2e7c87cc0e934a52fe94fd1cb7cd34af
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | f64df7e88bb2b95c7204bc07bb197a87 |
| ToBeSigned (TBS) SHA1 | a1bfa9f0f46a1e9ac66259c9b2b1b2dcaf16db9b |
| ToBeSigned (TBS) SHA256 | a3dd3858c0e514dd37cacd5f23fc8222443ff636eef4a9fe90bc0ecbbb051fd1 |
| Subject | C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Code Signing CA |
| ValidFrom | 2013-05-09 00:00:00 |
| ValidTo | 2028-05-08 23:59:59 |
| Signature | 023f0239c3eef8ca3b89de0c6d4db1f14e924fafc2382c04ccc56311ab0963afaba2d7023fcc6f19c33dd61a0894ff25d8a988a72b101ae09bb107221a511c3ad4e1e909bfe62474af1e7b16316e23ef54512d5202e27508054cf1b751e15100c687f66cee104476576af1df586b21aa49d47c374ebdffb67554401836576711cd4f02e4fef3dafc7517dbecb7f7650923491f435783ea7e207761c84df2bb654da8f7854507af7a6927659029408bdf7b3a51398ca81f7079ad6d4220a2cf0c6c038c4ccd730794e75a8e3a04baa2a17c1fcb633a15a7d4151ba7524732a9f4bf6447d1aa1f534e323073c26fb778829d5cff46bb6b221d880bf81baa34a6fc8cf5dd7f658c8c315731d036ec47a1cfcb8ba8ef1c1858c50677ca4b9b51af4c084a7a8fe2a352e28e8ecc26e4b2d8e538c2a8edc6819c356ba958614a0a97b44b42b6559dbe99e7706d59f86d2a0c7f19605f0c9a886c30ac520990161bff2b9ddbd020ca89ea287e328e19df7b48331ed765f8aec9f8831493767d64d08ecebe357dff72314d9f9ebd1e6c2fa88f0c0650fb8c27b376c9f4e6d7c334e28c87218661febf5574e12177030a686cbbe4c9a9e6cf5925eb7cec450e796668e822cdb8ef98854d96113c098ad07fbc282813fb6aca548d925ccdc26598069ece485bd4b5379346417c07ddcffa43efba6761ff7d49e0bb307d5c80e3e616394ba7 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.12 |
| IsCertificateAuthority | True |
| SerialNumber | 2e7c87cc0e934a52fe94fd1cb7cd34af |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- HAL.dll
Imported Functions
Expand
- RtlInitUnicodeString
- IoDeleteDevice
- ZwUnmapViewOfSection
- ZwClose
- IofCompleteRequest
- ObReferenceObjectByHandle
- ZwMapViewOfSection
- ObfDereferenceObject
- IoCreateDevice
- RtlAssert
- ZwOpenSection
- DbgPrint
- KeBugCheckEx
- IoCreateSymbolicLink
- IoDeleteSymbolicLink
- HalTranslateBusAddress
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
Signature
Expand
1
{
2
"Certificates": [
3
{
4
"IsCertificateAuthority": false,
5
"SerialNumber": "33000000253a2738690a3451c1000000000025",
6
"Signature": "a5a2a99a97df110e18898e98fd07aaa52616e13f9c681d0f99cbafcb2914dd7a56a8324ab1fa926b26b9c5c87fd653c193cac3773f7750425d2090034461012f476d77005a079f2883e4cfa8b1dbab735f086c9692b3f6f53efb5db881bd94cdbda4c4c9597026a8fbf1eed41bf628879156fcacae96e751d4fe117f0f6dc985ef3bd72a7bd299bd507633600c9df2f92306fe4833a8d784019dbe8baaaa06fddae1d5066677c9bcce6506e6ebe455cc9f46b1e6e9d77f2a82159b2aac861eeb400de3dcef2bdfa85e0dc51628945f14b3f44340ba9f2a3af7ef1bf24f372b3a0d0fef4baafb86cf3ba43f29030b891d4b46b4ccb29b00506dc0ee0e44959f8369fc9e0fd4bc5fa12159a4cd6db8f9af57353c132654278784509635cf5e020c43757525a4d3dcbbd532986b46b2efaa2b6b3a00aa8d44cd0546efddb6ab2e30ccf75aba4bc8d9249262e408516b89cdd58c55b9af18baeb0201f7732724b4d3ca0c74ebc4afa19bb5583f948e9619232ece825e09465fdab93f6fe6ed0590d08435879ac1ba3cf41a8c4a8f5fea6a50e84a21a5ca38414e85de3867f4bce967cb45b62335b7416a0fdc08c1e3c049e85ef944f438e5f1296a659ff8e01a170001751f92b395bd7c9b4f33106a708a005c16c2b5439bac392253e1bcfbcb545d5f6243466205655a2e496098b9045d605b632b8f98d29f51e27e62fe63a4e8f2",
7
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
8
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
9
"TBS": {
10
"MD5": "60cb2d8488f8724a67bf3254e6a57ff1",
11
"SHA1": "37aef77a1afaa33ac5787fc43a2c1e2509a19eb1",
12
"SHA256": "495a6ff7ace92f915eb1753c4c0b32612056e6d320bb17ff90346db3aa357432",
13
"SHA384": "2a90dcf67abc92f070775de78ecf066e7730ea57b4c4d6c64cfdd66c3eb0f639ac188b24571a9f600ef017737a71decf"
14
},
15
"ValidFrom": "2018-09-06 21:30:32",
16
"ValidTo": "2019-09-06 21:30:32",
17
"Version": 3
18
},
19
{
20
"IsCertificateAuthority": true,
21
"SerialNumber": "330000000d690d5d7893d076df00000000000d",
22
"Signature": "96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f",
23
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
24
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
25
"TBS": {
26
"MD5": "83f69422963f11c3c340b81712eef319",
27
"SHA1": "0c5e5f24590b53bc291e28583acb78e5adc95601",
28
"SHA256": "d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae",
29
"SHA384": "260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63"
30
},
31
"ValidFrom": "2014-10-15 20:31:27",
32
"ValidTo": "2029-10-15 20:41:27",
33
"Version": 3
34
}
35
],
36
"CertificatesInfo": "",
37
"Signer": [
38
{
39
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
40
"SerialNumber": "33000000253a2738690a3451c1000000000025",
41
"Version": 1
42
}
43
],
44
"SignerInfo": ""
45
}
not set
| Property | Value |
|---|---|
| Filename | ene.sys |
| Creation Timestamp | 2020-03-21 13:16:55 |
| MD5 | 1f3522c5db7b9dcdd7729148f105018e |
| SHA1 | 17b3163aecd1f512f1603548ef6eb4947fbec95e |
| SHA256 | 910aa4685c735d8c07662aa04fafec463185699ad1a0cd1967b892fc33ec6c3c |
| Authentihash MD5 | 1da05109a3734c583233491ec8242e11 |
| Authentihash SHA1 | b93b24e5edb56cf7872d73a0a081ae1127ae43d2 |
| Authentihash SHA256 | 91b0fdd5bfc596b2f7c9db33e822d24f378c706daf6f92682c5fe1043e547f8d |
| RichPEHeaderHash MD5 | 91e6ebc6d1c3e69e80475959690d68a9 |
| RichPEHeaderHash SHA1 | 9f7f7ed60f2f4c7cde0ee12668f4c22e07620e26 |
| RichPEHeaderHash SHA256 | d9802cc2655d9c4827c6d30b30dcc7c74cb41ce18261b5251acbd84e59999f5e |
Certificates
Expand
Certificate 33000000319479a318f5522d06000000000031
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 5b81fd0f706522a8d7c9f2957283c0b4 |
| ToBeSigned (TBS) SHA1 | 84d894599653a8ed0e0b2802db3197dc177908cc |
| ToBeSigned (TBS) SHA256 | 4fa629304df4287c97ae5b7e481974316e9daf776b0cdeffab1671e7dca68fb4 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2019-06-05 18:34:00 |
| ValidTo | 2020-06-03 18:34:00 |
| Signature | 312314217055afc1a5751181c7d2d7619b23ba17166e6ae6f358b16921c925c6e3b75c31b93035f357c154fe4d347019e927db1957193b741e3371b46f4d6212b3bec972d6ff2297e8b1f2391f840045471ee31c524d4f5bf1cae4a32b73f6e48f51f777bb5b8a726db2a387c7c8df42289540f4f3d27b37d4ab4854efba809021879f3257d5670d70003a51d62bbc68e345a769f37ccb3ad336b7b3c494f5d56ef8300228d29835e5129b070742a220f83b6c9d5e2589cf2e7a1f7b59cfc81cda3232fc2fa448d736db546dc4b274cad3da83433deaa3eb9919b23ad08dc4055a8026711adcfccdb47d7a7c1adb2671ecc7198a786973807699a0ee236a46771f88913b769693b0b8ce9b002a40c2aa426edfd9a98368f89817b0d174458a390e11628e21f77e751431fae13831228e0e357610a24d89806d85390e9b3831792f62688bf04f91ee9a854b252452de7e752f39e57765a09a4ff41ae96144593a8a99688c6c9ad6b9fcaba1189ef2372b99e96db3fe6402b0e125b17f36c6f70fc1eb83257ce639b6c691a9ec031dddb9fa6536bb8e6080c9db976533f4ddfb73309b6498543cc94d3283d43668d614dd60a4fe707eb3b871da3204c534c8cc73cbc66aeb36cefd765439eef68d7ee9c515eb617f051a72097d0a25003df2dceccc9a0c4be1fd27e473955cc83ee9dba626748b1cb723c3b1c8b8ebc59321a0f5 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000000319479a318f5522d06000000000031 |
| Version | 3 |
Certificate 330000000d690d5d7893d076df00000000000d
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 83f69422963f11c3c340b81712eef319 |
| ToBeSigned (TBS) SHA1 | 0c5e5f24590b53bc291e28583acb78e5adc95601 |
| ToBeSigned (TBS) SHA256 | d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014 |
| ValidFrom | 2014-10-15 20:31:27 |
| ValidTo | 2029-10-15 20:41:27 |
| Signature | 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 330000000d690d5d7893d076df00000000000d |
| Version | 3 |
Imports
Expand
- cng.sys
- ntoskrnl.exe
- HAL.dll
Imported Functions
Expand
- BCryptCloseAlgorithmProvider
- BCryptGetProperty
- BCryptDecrypt
- BCryptImportKey
- BCryptDestroyKey
- BCryptSetProperty
- BCryptOpenAlgorithmProvider
- IofCompleteRequest
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- ObReferenceObjectByHandle
- ObfDereferenceObject
- ZwClose
- ZwOpenSection
- ZwMapViewOfSection
- ZwUnmapViewOfSection
- PsSetLoadImageNotifyRoutine
- PsRemoveLoadImageNotifyRoutine
- PsGetCurrentProcessId
- RtlTimeToSecondsSince1970
- __C_specific_handler
- ExAllocatePoolWithTag
- ExFreePoolWithTag
- MmGetSystemRoutineAddress
- wcsstr
- ZwSetSecurityObject
- IoDeviceObjectType
- IoCreateDevice
- ObOpenObjectByPointer
- RtlGetDaclSecurityDescriptor
- RtlGetGroupSecurityDescriptor
- RtlGetOwnerSecurityDescriptor
- RtlGetSaclSecurityDescriptor
- SeCaptureSecurityDescriptor
- _snwprintf
- RtlLengthSecurityDescriptor
- SeExports
- RtlCreateSecurityDescriptor
- _wcsnicmp
- wcschr
- RtlAbsoluteToSelfRelativeSD
- RtlAddAccessAllowedAce
- RtlLengthSid
- IoIsWdmVersionAvailable
- RtlSetDaclSecurityDescriptor
- ZwOpenKey
- ZwSetValueKey
- ZwQueryValueKey
- ZwCreateKey
- RtlFreeUnicodeString
- KeBugCheckEx
- RtlInitUnicodeString
- HalTranslateBusAddress
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- PAGE
- INIT
- .reloc
Signature
Expand
1
{
2
"Certificates": [
3
{
4
"IsCertificateAuthority": false,
5
"SerialNumber": "33000000253a2738690a3451c1000000000025",
6
"Signature": "a5a2a99a97df110e18898e98fd07aaa52616e13f9c681d0f99cbafcb2914dd7a56a8324ab1fa926b26b9c5c87fd653c193cac3773f7750425d2090034461012f476d77005a079f2883e4cfa8b1dbab735f086c9692b3f6f53efb5db881bd94cdbda4c4c9597026a8fbf1eed41bf628879156fcacae96e751d4fe117f0f6dc985ef3bd72a7bd299bd507633600c9df2f92306fe4833a8d784019dbe8baaaa06fddae1d5066677c9bcce6506e6ebe455cc9f46b1e6e9d77f2a82159b2aac861eeb400de3dcef2bdfa85e0dc51628945f14b3f44340ba9f2a3af7ef1bf24f372b3a0d0fef4baafb86cf3ba43f29030b891d4b46b4ccb29b00506dc0ee0e44959f8369fc9e0fd4bc5fa12159a4cd6db8f9af57353c132654278784509635cf5e020c43757525a4d3dcbbd532986b46b2efaa2b6b3a00aa8d44cd0546efddb6ab2e30ccf75aba4bc8d9249262e408516b89cdd58c55b9af18baeb0201f7732724b4d3ca0c74ebc4afa19bb5583f948e9619232ece825e09465fdab93f6fe6ed0590d08435879ac1ba3cf41a8c4a8f5fea6a50e84a21a5ca38414e85de3867f4bce967cb45b62335b7416a0fdc08c1e3c049e85ef944f438e5f1296a659ff8e01a170001751f92b395bd7c9b4f33106a708a005c16c2b5439bac392253e1bcfbcb545d5f6243466205655a2e496098b9045d605b632b8f98d29f51e27e62fe63a4e8f2",
7
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
8
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
9
"TBS": {
10
"MD5": "60cb2d8488f8724a67bf3254e6a57ff1",
11
"SHA1": "37aef77a1afaa33ac5787fc43a2c1e2509a19eb1",
12
"SHA256": "495a6ff7ace92f915eb1753c4c0b32612056e6d320bb17ff90346db3aa357432",
13
"SHA384": "2a90dcf67abc92f070775de78ecf066e7730ea57b4c4d6c64cfdd66c3eb0f639ac188b24571a9f600ef017737a71decf"
14
},
15
"ValidFrom": "2018-09-06 21:30:32",
16
"ValidTo": "2019-09-06 21:30:32",
17
"Version": 3
18
},
19
{
20
"IsCertificateAuthority": true,
21
"SerialNumber": "330000000d690d5d7893d076df00000000000d",
22
"Signature": "96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f",
23
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
24
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
25
"TBS": {
26
"MD5": "83f69422963f11c3c340b81712eef319",
27
"SHA1": "0c5e5f24590b53bc291e28583acb78e5adc95601",
28
"SHA256": "d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae",
29
"SHA384": "260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63"
30
},
31
"ValidFrom": "2014-10-15 20:31:27",
32
"ValidTo": "2029-10-15 20:41:27",
33
"Version": 3
34
}
35
],
36
"CertificatesInfo": "",
37
"Signer": [
38
{
39
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
40
"SerialNumber": "33000000253a2738690a3451c1000000000025",
41
"Version": 1
42
}
43
],
44
"SignerInfo": ""
45
}
not set
last_updated: 2025-04-02