66813e1f-13c8-4884-931a-62b46350c345

834761775.sys :inline :inline

Description

Cisco Talos has identified multiple versions of an undocumented malicious driver named “RedDriver,” a driver-based browser hijacker that uses the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver has been active since at least 2021. RedDriver utilizes HookSignTool to forge its signature timestamp to bypass Windows driver-signing policies. Code from multiple open-source tools has been used in the development of RedDriver's infection chain, including HP-Socket and a custom implementation of ReflectiveLoader. The authors of RedDriver appear to be skilled in driver development and have deep knowledge of the Windows operating system. This threat appears to target native Chinese speakers, as it searches for Chinese language browsers to hijack. Additionally, the authors are likely Chinese speakers themselves.

  • UUID: 66813e1f-13c8-4884-931a-62b46350c345
  • Created: 2023-07-12
  • Author: Michael Haag
  • Acknowledgement: |

Download

This download link contains the malicious driver!

Commands

sc.exe create 834761775.sys binPath=C:\windows\temp\834761775.sys type=kernel && sc.exe start 834761775.sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://blog.talosintelligence.com/undocumented-reddriver/

    • Known Vulnerable Samples

    PropertyValue
    Filename834761775.sys
    Creation Timestamp2022-10-10 19:26:25
    MD5072ba2309b825ce1dba37d8d924ea8ed
    SHA189a74d0e9fd03129082c5b868f5ad62558ca34fd
    SHA25624c900024d213549502301c366d18c318887630f04c96bf0a3d6ba74e0df164f
    Authentihash MD5d572a2339ab3259578bfb39301b78884
    Authentihash SHA1d8e79ba181f2a646bbaa9e28ce2c4c490074fda2
    Authentihash SHA25622074c412bb82bd97768eba0cb40e451d75d969e94d0548af804aafc04ca02fd
    RichPEHeaderHash MD5704ff674d65cee070ccb97324955d0af
    RichPEHeaderHash SHA1c83a46f6adfb07de81e62046c7a9d8bd95c36dcf
    RichPEHeaderHash SHA256586df7c43db7e44e51d3eef5aad1a38022c5f6d3598b05a47eec523d5ad74b2b

    Download

    Certificates

    Expand
    Certificate 0a005d2e2bcd4137168217d8c727747c
    FieldValue
    ToBeSigned (TBS) MD54d213d99215f488050faaa39765656d1
    ToBeSigned (TBS) SHA10308508b5a3fcd330bbf28931f8e1a9c93c3ee69
    ToBeSigned (TBS) SHA256ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2
    SubjectC=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology Ltd., CN=Beijing JoinHope Image Technology Ltd.
    ValidFrom2014-05-16 00:00:00
    ValidTo2015-05-16 23:59:59
    Signaturee896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0a005d2e2bcd4137168217d8c727747c
    Version3
    Certificate 611993e400000000001c
    FieldValue
    ToBeSigned (TBS) MD578a717e082dcc1cda3458d917e677d14
    ToBeSigned (TBS) SHA14a872e0e51f9b304469cd1dedb496ee9b8b983a4
    ToBeSigned (TBS) SHA256317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
    ValidFrom2011-02-22 19:25:17
    ValidTo2021-02-22 19:35:17
    Signature812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611993e400000000001c
    Version3
    Certificate 1eb132d57e7968960df26e854eb0dda6
    FieldValue
    ToBeSigned (TBS) MD55ab6e3eff526144c0498d28f2e8744cc
    ToBeSigned (TBS) SHA17ab94f2c92d6886a876615876fb3c7d996cc0ea3
    ToBeSigned (TBS) SHA256ff83ab76196af2d3172c0be1ab23720770de769bed8daf815a059ca46df241af
    SubjectC=CN, O=JemmyLoveJenny PKI Service, OU=timestamp.pki.jemmylovejenny.tk, CN=Fake TimeStamp Responder
    ValidFrom2000-01-01 00:00:00
    ValidTo2099-12-31 23:59:59
    Signature21ce1a74cffdc5be464c890b9ae11fe6f037b1145a8a3be179136f33eb4e74650c0d22055a26096e231fdc9be25bcfbe8d8d590d84d2443e19d0d8bb163e7d492162ba8f1ee020445d0338d6cf96bc7543da921f04874ae92a524585895d0f358b045c941ab49b34f287579f7d7aaa70122b519c8bb604c7f072ea20fb5e1b1c2c048f4c7e42dc6ee7caab6de80627c32632d0ea2756277ca3c98c2fa58a9d07364017c29844e99cac28cefc4d4bca807da970d2bdf548cec8844b5f72541940835e827c447773ed5b4e8114c2cf04d39bc2f2dc8c2ba8a6e67687e76b7805971e8b87096474fcac24da030e8d591f9edae5644199a235280d05761143af1292
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber1eb132d57e7968960df26e854eb0dda6
    Version3
    Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
    FieldValue
    ToBeSigned (TBS) MD5b30c31a572b0409383ed3fbe17e56e81
    ToBeSigned (TBS) SHA14843a82ed3b1f2bfbee9671960e1940c942f688d
    ToBeSigned (TBS) SHA25603cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber5200e5aa2556fc1a86ed96c9d44b33c7
    Version3
    Certificate 1eb132d57e796896
    FieldValue
    ToBeSigned (TBS) MD5953110dc4528bb8653d24128ec59f13b
    ToBeSigned (TBS) SHA13a111b3ec6c092f7181132509479ba73bc3c828f
    ToBeSigned (TBS) SHA2563434a95dfbfdb4b2cdff9d76632bcfc1d8c9a2b805596ed3f8af1c97f61643b1
    SubjectC=CN, O=JemmyLoveJenny PKI Service, OU=pki.jemmylovejenny.tk, CN=JemmyLoveJenny SHA1 TimeStamping Services CA
    ValidFrom2000-01-01 00:00:00
    ValidTo2099-12-31 23:59:59
    Signature7a25039f8882f1960adb0b6781366e4e15e38a1b13b332e864e5b39e93128f9400648246af7f78526380ebc32a670c0d7184c0172442e5bdbb7873dac548349bbb5681f1f0b2e5fb7230153f95caaa5d7aeeb64cdc6f4cb9505f4b62b2e61f7b8856c43e91be32fc9918cd4ace9060388c8ef39c745adb7cbe0943353ae6c7e8f9e3a9a26da5fab1e43d7fafc02fa8433e1d9a3f3981c78f70c040e03c74258d5abca8231e3bff819e85f52d422dd507879f4e922b52f4ea358e887d8d3deb4bc81d5b3c42ae13aac56364c929da045225104ed04f3a041c9677cc731acbc153746b1f5e968cb468f52ab576515f967ce0159331e1ac575f27f4faf159ec70c3825d7366eb08f579909cab42adf8fe71c14f71d19326dad89dcd763ed3c4aad601c34aa8fa5ea6f16843d15692198c1c79f92c1d1feadeecae329206d02133c625875839baa3265b8e635a43c192755dfd260f0ffe7f2e320be8713639c0204fde54d92c59cb12c253b837e7fcbb3f1a47d7a1066a9568e1b5d9ddf1dc69da4bb6e5965dc72f35c5e8d78eca195cd7b18e41a12bb4eb4de8fc938b919c509871fcd1f808938bb5de8da978371b64ce5269a983f03d937c28a547ad3defd5d24c032fa67493cd00e9f0f835a3c22948ff71ec8c29eb66906ead31e09c6bd3fe0137bfcec27cd8bcbefed081fb2df4ee70ebe2d7c4b2a19419c2f3d79df8344236
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber1eb132d57e796896
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • fwpkclnt.sys
    • WDFLDR.SYS

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • PsCreateSystemThread
    • ZwClose
    • ZwOpenProcess
    • ZwWaitForSingleObject
    • RtlIpv4AddressToStringA
    • ZwCreateFile
    • ZwWriteFile
    • ZwDeleteFile
    • ZwOpenSymbolicLinkObject
    • ZwQuerySymbolicLinkObject
    • RtlUnicodeStringToAnsiString
    • ExAllocatePool
    • RtlFreeAnsiString
    • _vsnprintf
    • _vsnwprintf
    • KeInitializeEvent
    • KeWaitForSingleObject
    • RtlRandomEx
    • RtlCopyUnicodeString
    • KeEnterCriticalRegion
    • KeLeaveCriticalRegion
    • ExInitializeResourceLite
    • ExAcquireResourceExclusiveLite
    • ExReleaseResourceLite
    • KeBugCheckEx
    • KeReleaseInStackQueuedSpinLock
    • KeAcquireInStackQueuedSpinLock
    • _strlwr
    • IoWMIRegistrationControl
    • MmGetSystemRoutineAddress
    • RtlCompareMemory
    • ExSystemTimeToLocalTime
    • RtlTimeToTimeFields
    • RtlAppendUnicodeToString
    • RtlAppendUnicodeStringToString
    • RtlInitUnicodeString
    • FwpsAcquireWritableLayerDataPointer0
    • FwpsReleaseClassifyHandle0
    • FwpsAcquireClassifyHandle0
    • FwpsCalloutRegister1
    • FwpsApplyModifiedLayerData0
    • WdfVersionBindClass
    • WdfVersionBind
    • WdfVersionUnbind
    • WdfVersionUnbindClass

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • .gfids
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "0a005d2e2bcd4137168217d8c727747c",
      "Signature": "e896f8811ed9938fcbdc8c37f8c029045bb36722791c608d7d59f1d50b9e8923777b3ce973553c8164d7445f038c3720516d74f2f95fd734cd1349c1e6cf17f1c9042f069fb94350f7cd8f36f676fd175742d32adbc5d143423e3bc38bea71f9d021110303529d578ba7aab16d53c61642cf1f7e16964718a083182429d4347a09ea0047d9e53bad112ca5a5a14a180539ceb64000a677709bb70e9e3aea68158977072e7f130f1f99b08c2593b4003523f3f6cd441a7e4d8e88f3a2b871e6a03627dd3dadd97487df1dc5b93119ec65b60d1e4e0248a1978ee7480c08b8b8e54d890e7941aa852cf65d731cf0a6cf66584a0d0fba70d6697ee22a8d859919f4",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=CN, ST=Beijing, L=Beijing, O=Beijing JoinHope Image Technology Ltd., CN=Beijing JoinHope Image Technology Ltd.",
      "TBS": {
        "MD5": "4d213d99215f488050faaa39765656d1",
        "SHA1": "0308508b5a3fcd330bbf28931f8e1a9c93c3ee69",
        "SHA256": "ea947432de238a25fdb7892e436f4ef44f30ab16ae9e1eb914860f4808b25ef2",
        "SHA384": "430e932514f35ed55f31f050f33bcc0b9244fd83c6d1d28ee240306e54292e93b5894ef4eb9c09bf84cdc8068c6a7230"
      },
      "ValidFrom": "2014-05-16 00:00:00",
      "ValidTo": "2015-05-16 23:59:59",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "611993e400000000001c",
      "Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
      "TBS": {
        "MD5": "78a717e082dcc1cda3458d917e677d14",
        "SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
        "SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
        "SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
      },
      "ValidFrom": "2011-02-22 19:25:17",
      "ValidTo": "2021-02-22 19:35:17",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "1eb132d57e7968960df26e854eb0dda6",
      "Signature": "21ce1a74cffdc5be464c890b9ae11fe6f037b1145a8a3be179136f33eb4e74650c0d22055a26096e231fdc9be25bcfbe8d8d590d84d2443e19d0d8bb163e7d492162ba8f1ee020445d0338d6cf96bc7543da921f04874ae92a524585895d0f358b045c941ab49b34f287579f7d7aaa70122b519c8bb604c7f072ea20fb5e1b1c2c048f4c7e42dc6ee7caab6de80627c32632d0ea2756277ca3c98c2fa58a9d07364017c29844e99cac28cefc4d4bca807da970d2bdf548cec8844b5f72541940835e827c447773ed5b4e8114c2cf04d39bc2f2dc8c2ba8a6e67687e76b7805971e8b87096474fcac24da030e8d591f9edae5644199a235280d05761143af1292",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=CN, O=JemmyLoveJenny PKI Service, OU=timestamp.pki.jemmylovejenny.tk, CN=Fake TimeStamp Responder",
      "TBS": {
        "MD5": "5ab6e3eff526144c0498d28f2e8744cc",
        "SHA1": "7ab94f2c92d6886a876615876fb3c7d996cc0ea3",
        "SHA256": "ff83ab76196af2d3172c0be1ab23720770de769bed8daf815a059ca46df241af",
        "SHA384": "9990f7fd996aa8f520b4d64eee4060d0009b6cd517416b7300245df65cb15eb72ab985f520bc02346c544d46ad172ae5"
      },
      "ValidFrom": "2000-01-01 00:00:00",
      "ValidTo": "2099-12-31 23:59:59",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
      "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
      "TBS": {
        "MD5": "b30c31a572b0409383ed3fbe17e56e81",
        "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
        "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
        "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
      },
      "ValidFrom": "2010-02-08 00:00:00",
      "ValidTo": "2020-02-07 23:59:59",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "1eb132d57e796896",
      "Signature": "7a25039f8882f1960adb0b6781366e4e15e38a1b13b332e864e5b39e93128f9400648246af7f78526380ebc32a670c0d7184c0172442e5bdbb7873dac548349bbb5681f1f0b2e5fb7230153f95caaa5d7aeeb64cdc6f4cb9505f4b62b2e61f7b8856c43e91be32fc9918cd4ace9060388c8ef39c745adb7cbe0943353ae6c7e8f9e3a9a26da5fab1e43d7fafc02fa8433e1d9a3f3981c78f70c040e03c74258d5abca8231e3bff819e85f52d422dd507879f4e922b52f4ea358e887d8d3deb4bc81d5b3c42ae13aac56364c929da045225104ed04f3a041c9677cc731acbc153746b1f5e968cb468f52ab576515f967ce0159331e1ac575f27f4faf159ec70c3825d7366eb08f579909cab42adf8fe71c14f71d19326dad89dcd763ed3c4aad601c34aa8fa5ea6f16843d15692198c1c79f92c1d1feadeecae329206d02133c625875839baa3265b8e635a43c192755dfd260f0ffe7f2e320be8713639c0204fde54d92c59cb12c253b837e7fcbb3f1a47d7a1066a9568e1b5d9ddf1dc69da4bb6e5965dc72f35c5e8d78eca195cd7b18e41a12bb4eb4de8fc938b919c509871fcd1f808938bb5de8da978371b64ce5269a983f03d937c28a547ad3defd5d24c032fa67493cd00e9f0f835a3c22948ff71ec8c29eb66906ead31e09c6bd3fe0137bfcec27cd8bcbefed081fb2df4ee70ebe2d7c4b2a19419c2f3d79df8344236",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=CN, O=JemmyLoveJenny PKI Service, OU=pki.jemmylovejenny.tk, CN=JemmyLoveJenny SHA1 TimeStamping Services CA",
      "TBS": {
        "MD5": "953110dc4528bb8653d24128ec59f13b",
        "SHA1": "3a111b3ec6c092f7181132509479ba73bc3c828f",
        "SHA256": "3434a95dfbfdb4b2cdff9d76632bcfc1d8c9a2b805596ed3f8af1c97f61643b1",
        "SHA384": "41c54e667a7ccaab3d4b6288e8c78789163e4adce5029f5e43de2a25ea9ad07bd3f4679538ebc301477917f46cfb8788"
      },
      "ValidFrom": "2000-01-01 00:00:00",
      "ValidTo": "2099-12-31 23:59:59",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
      "SerialNumber": "0a005d2e2bcd4137168217d8c727747c",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

    source

    last_updated: 2024-04-09