73290fcb-a0d7-481e-81a5-65a9859b50f5
pchunter.sys 
Description
Confirmed vulnerable driver from Microsoft Block List
| Use Case | Privileges | Operating System |
|---|---|---|
| Elevate privileges | kernel | Windows |
Detections
YARA 🏹
Expand
Resources
CVE
Known Vulnerable Samples
| Property | Value |
|---|---|
| Filename | |
| Creation Timestamp | 2020-07-29 09:37:31 |
| MD5 | 366bd312aad96a7eb4912688b9e8d268 |
| SHA1 | 8d15036ef8dd0d79d89cc7b02920bd073849a381 |
| SHA256 | 3f20ac5dac9171857fc5791865458fdb6eac4fab837d7eabc42cb0a83cb522fc |
| Authentihash MD5 | c5eb8ca809d54657aebef56f74ec3ab6 |
| Authentihash SHA1 | 16269bb8d638d7753f49f739881fa5f89a535eb1 |
| Authentihash SHA256 | 81b772e718e40e8d1d815cb3b16690c1ebd4e0bc555933db306037cc3341537f |
| RichPEHeaderHash MD5 | 33bde87c8fb9123b7d70d57b8e73020c |
| RichPEHeaderHash SHA1 | 826c38506602b5424cfcbf743ec1c41d53adc22c |
| RichPEHeaderHash SHA256 | ac9127c639427ab4be7575f6d949d2d868707cc9bc7de85f207038fcb303578b |
| Company | 安芯网盾(北京)科技有限公司 |
| Description | 系统信息查看工具 |
Certificates
Expand
Certificate 61204db4000000000027
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 0551bc8c6aa2ca032bc6713830d849a3
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 3e1a270566dbef6f024e8a592eea2b08 |
| ToBeSigned (TBS) SHA1 | 740d462ba0502946e1dc537ab97cf3825631caf9 |
| ToBeSigned (TBS) SHA256 | 3d0941c030b3f19ed3901ab914720a83bba65ac57ad753f65efdb12d628d4bf6 |
| Subject | ??=CN, ??=, ??=Private Organization, serialNumber=91110108MA01JM458L, C=CN, ST=, O=, CN= |
| ValidFrom | 2020-06-30 00:00:00 |
| ValidTo | 2023-07-05 12:00:00 |
| Signature | af7bb35185d70056d33c3268e10d651f0cf79542d8b5d24d553b409983443d3a02d1c84c51d56e007637b5b6b9a2a315b4787579bdcbd6e9b9f11bd3403b3b475218bd8743b1c01135e344c6dd50d8bd8444c3b4abb81e37121fd26c1161347885bfffae9c6c3f9086ee84b09a572db926ccecb2824fcc766f8a996598be644ed4d93e0857f61a54e5711cbc4f9f6d972b39673291f31a2ef738f09cdabf3d1ab66a02918d9b57e457f267e2d70f6f9a33d20b1fd11e281ea2f2f05c41f162fc8baa4af8564015f6168950924d9b7d15a31d9041ba8e5b05e40ccab46568d4e3b7533ef6e872a7e0ab0577b43175a984de8ef0c67d3e350df7855a033869f60d |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0551bc8c6aa2ca032bc6713830d849a3 |
| Version | 3 |
Certificate 03019a023aff58b16bd6d5eae617f066
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | a752afee44f017e8d74e3f3eb7914ae3 |
| ToBeSigned (TBS) SHA1 | 8eca80a6b80e9c69dcef7745748524afb8019e2d |
| ToBeSigned (TBS) SHA256 | 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1 |
| Subject | C=US, O=DigiCert, CN=DigiCert Timestamp Responder |
| ValidFrom | 2014-10-22 00:00:00 |
| ValidTo | 2024-10-22 00:00:00 |
| Signature | 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 03019a023aff58b16bd6d5eae617f066 |
| Version | 3 |
Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | f92649915476229b093c211c2b18e6c4 |
| ToBeSigned (TBS) SHA1 | 2d54c16a8f8b69ccdea48d0603c132f547a5cf75 |
| ToBeSigned (TBS) SHA256 | 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA |
| ValidFrom | 2012-04-18 12:00:00 |
| ValidTo | 2027-04-18 12:00:00 |
| Signature | 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 0dd0e3374ac95bdbfa6b434b2a48ec06 |
| Version | 3 |
Certificate 06fdf9039603adea000aeb3f27bbba1b
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 4e5ad189638cf52ba9cd881d4d44668c |
| ToBeSigned (TBS) SHA1 | cdc115e98d798b33904c820d63cc1e1afc19251d |
| ToBeSigned (TBS) SHA256 | 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1 |
| ValidFrom | 2006-11-10 00:00:00 |
| ValidTo | 2021-11-10 00:00:00 |
| Signature | 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 06fdf9039603adea000aeb3f27bbba1b |
| Version | 3 |
Imports
Expand
- FLTMGR.SYS
- ntoskrnl.exe
- HAL.dll
Imported Functions
Expand
- FltRegisterFilter
- FltUnregisterFilter
- FltStartFiltering
- FltGetFileNameInformation
- FltReleaseFileNameInformation
- FltParseFileNameInformation
- FltCreateFile
- FltClose
- NtBuildNumber
- IoGetCurrentProcess
- ProbeForRead
- ObfDereferenceObject
- MmIsAddressValid
- PsLookupProcessByProcessId
- KeStackAttachProcess
- KeUnstackDetachProcess
- ObReferenceObjectByHandle
- ZwClose
- IoFileObjectType
- RtlInitUnicodeString
- ZwCreateKey
- ZwSetValueKey
- ExGetPreviousMode
- _wcsicmp
- KeInitializeMutex
- KeReleaseMutex
- KeWaitForSingleObject
- ExAllocatePool
- ExFreePoolWithTag
- PsGetCurrentProcessId
- KeInitializeEvent
- KeSetEvent
- MmProbeAndLockPages
- MmUnlockPages
- MmBuildMdlForNonPagedPool
- IoAllocateIrp
- IoAllocateMdl
- IoCreateFile
- IoFreeIrp
- IoFreeMdl
- ZwOpenSymbolicLinkObject
- MmUserProbeAddress
- IoGetFileObjectGenericMapping
- ObCreateObject
- SeCreateAccessState
- ObOpenObjectByPointer
- MmGetSystemRoutineAddress
- NtFsControlFile
- NtDeviceIoControlFile
- swprintf
- ExAllocatePoolWithQuotaTag
- KeBugCheckEx
- ExAllocatePoolWithTag
- ObQueryNameString
- MmSectionObjectType
- PsLookupThreadByThreadId
- wcsncat
- wcsrchr
- KeDelayExecutionThread
- MmMapIoSpace
- MmUnmapIoSpace
- PsGetVersion
- IoAttachDevice
- IoAttachDeviceToDeviceStack
- IofCompleteRequest
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- ObReferenceObjectByPointer
- ZwOpenFile
- ZwLoadDriver
- ZwUnloadDriver
- ZwCreateSection
- ZwOpenSection
- ZwMapViewOfSection
- ZwDeleteKey
- ZwDeleteValueKey
- ZwEnumerateKey
- ZwEnumerateValueKey
- ZwQueryKey
- IoAttachDeviceByPointer
- MmMapLockedPagesSpecifyCache
- MmUnmapLockedPages
- MmSystemRangeStart
- __C_specific_handler
- ProbeForWrite
- ZwQuerySymbolicLinkObject
- HalGetAdapter
- HalGetBusDataByOffset
- HalAllocateCrashDumpRegisters
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0551bc8c6aa2ca032bc6713830d849a3",
"Signature": "af7bb35185d70056d33c3268e10d651f0cf79542d8b5d24d553b409983443d3a02d1c84c51d56e007637b5b6b9a2a315b4787579bdcbd6e9b9f11bd3403b3b475218bd8743b1c01135e344c6dd50d8bd8444c3b4abb81e37121fd26c1161347885bfffae9c6c3f9086ee84b09a572db926ccecb2824fcc766f8a996598be644ed4d93e0857f61a54e5711cbc4f9f6d972b39673291f31a2ef738f09cdabf3d1ab66a02918d9b57e457f267e2d70f6f9a33d20b1fd11e281ea2f2f05c41f162fc8baa4af8564015f6168950924d9b7d15a31d9041ba8e5b05e40ccab46568d4e3b7533ef6e872a7e0ab0577b43175a984de8ef0c67d3e350df7855a033869f60d",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=Private Organization, serialNumber=91110108MA01JM458L, C=CN, ST=, O=, CN=",
"TBS": {
"MD5": "3e1a270566dbef6f024e8a592eea2b08",
"SHA1": "740d462ba0502946e1dc537ab97cf3825631caf9",
"SHA256": "3d0941c030b3f19ed3901ab914720a83bba65ac57ad753f65efdb12d628d4bf6",
"SHA384": "a251e658b68090e4d93dc64c7b90f55537db16e46c9bde91b638ce59d1047cf1bad1fb7c76b18ad75ba8cfece1ed8521"
},
"ValidFrom": "2020-06-30 00:00:00",
"ValidTo": "2023-07-05 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "03019a023aff58b16bd6d5eae617f066",
"Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
"TBS": {
"MD5": "a752afee44f017e8d74e3f3eb7914ae3",
"SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
"SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
"SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
},
"ValidFrom": "2014-10-22 00:00:00",
"ValidTo": "2024-10-22 00:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
"Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
"TBS": {
"MD5": "4e5ad189638cf52ba9cd881d4d44668c",
"SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
"SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
"SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
},
"ValidFrom": "2006-11-10 00:00:00",
"ValidTo": "2021-11-10 00:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "0551bc8c6aa2ca032bc6713830d849a3",
"Version": 1
}
],
"SignerInfo": ""
}
last_updated: 2024-09-26