7b893f79-b5b0-4373-9d29-c53a21fe6fc3

WinFlash64.sys :inline

Description

WinFlash64.sys is a vulnerable driver and more information will be added as found.

  • UUID: 7b893f79-b5b0-4373-9d29-c53a21fe6fc3
  • Created: 2023-05-06
  • Author: Nasreddine Bencherchali
  • Acknowledgement: |

DownloadBlock

This download link contains the vulnerable driver!

Commands

sc.exe create WinFlash64.sys binPath=C:\windows\temp\WinFlash64.sys type=kernel && sc.exe start WinFlash64.sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • Internal Research

  • Known Vulnerable Samples

    PropertyValue
    FilenameWinFlash64.sys
    Creation Timestamp2006-11-09 02:11:41
    MD5a216803d691d92acc44ac77d981aa767
    SHA148be0ec2e8cb90cac2be49ef71e44390a0f648ce
    SHA256316a27e2bdb86222bc7c8af4e5472166b02aec7f3f526901ce939094e5861f6d
    Authentihash MD562fecd37b50c9973478b3c1a02838c22
    Authentihash SHA1a1e4fbc16c0fc98a4c2256f2b0b45c1ece8f8f0b
    Authentihash SHA256ad6360cee0b1b293be38348f0f9deb7221e205516524f437aaf8f468b308cb4e
    RichPEHeaderHash MD5f611e8b47daf79029d2e777e3071d939
    RichPEHeaderHash SHA12dc185768c738521fb43db6d6b100bb04d43177f
    RichPEHeaderHash SHA25666f092383abb8b873a957d01b5079e4f2b52a63770dcf68fff59410500f5974f

    Download

    Certificates

    Expand
    Certificate 47bf1995df8d524643f7db6d480d31a4
    FieldValue
    ToBeSigned (TBS) MD5518d2ea8a21e879c942d504824ac211c
    ToBeSigned (TBS) SHA121ce87d827077e61abddf2beba69fde5432ea031
    ToBeSigned (TBS) SHA2561ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
    ValidFrom2003-12-04 00:00:00
    ValidTo2013-12-03 23:59:59
    Signature4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47bf1995df8d524643f7db6d480d31a4
    Version3
    Certificate 0de92bf0d4d82988183205095e9a7688
    FieldValue
    ToBeSigned (TBS) MD545c204b8a20f6abb0188d2d38a3fb0c9
    ToBeSigned (TBS) SHA1cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
    ToBeSigned (TBS) SHA256e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
    ValidFrom2003-12-04 00:00:00
    ValidTo2008-12-03 23:59:59
    Signature877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0de92bf0d4d82988183205095e9a7688
    Version3
    Certificate 4191a15a3978dfcf496566381d4c75c2
    FieldValue
    ToBeSigned (TBS) MD541011f8d0e7c7a6408334ca387914c61
    ToBeSigned (TBS) SHA1c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
    ToBeSigned (TBS) SHA25688dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
    ValidFrom2004-07-16 00:00:00
    ValidTo2014-07-15 23:59:59
    Signatureae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber4191a15a3978dfcf496566381d4c75c2
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3
    Certificate 2ca9ca93cd9b19a96ddad68aff3a668d
    FieldValue
    ToBeSigned (TBS) MD547b0f73f8cc709595616e0d6ae88c5db
    ToBeSigned (TBS) SHA183d27f045fa24c61544842dd4a9ac8759fa6900a
    ToBeSigned (TBS) SHA25647a75a2e532e11a257ac26424155874c7254eadf8c3aa2882ebdf1c26c592db7
    SubjectC=US, ST=California, L=Milpitas, O=Phoenix Technology Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=CSS Core Features Development, CN=Phoenix Technology Ltd.
    ValidFrom2006-10-17 00:00:00
    ValidTo2007-10-17 23:59:59
    Signature66da102458b1f7a00e4d83c2b5fc3f96e6c55489b52830af684ef682ba836adeaf11984c59a876a882bf9bf2de527d34872a457e01a02c8bb8c630e41e364b96980b7e774228d49597ba47674b21c4da7d9cccd87bb5af940b761a9b70c64d2d4455d764a0004a9e55cecb4cde90e49481fced746ec91fe2b63f0176df8b7400928964cb53088a06e779021ae79280e58c9d0a7ac19ad0b9ab042e223ea97c13830cc55dcad096dab50f11126be42fe8142814e943a0b408659ff0f155449719c2afbf4c911fd78cba7f91d4ca280b1959a40fc8e7785d58b7a71e5357c946e5ddf20ea489e58877cf26a28691eccdcf20b4a40f353dbaa91e703db89aa7470b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber2ca9ca93cd9b19a96ddad68aff3a668d
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteDevice
    • RtlFreeUnicodeString
    • IoCreateSymbolicLink
    • IoCreateDevice
    • RtlAnsiStringToUnicodeString
    • RtlInitString
    • IofCompleteRequest
    • MmMapLockedPages
    • IoDeleteSymbolicLink
    • RtlInitUnicodeString
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • MmUnmapIoSpace
    • MmMapIoSpace
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "47bf1995df8d524643f7db6d480d31a4",
          "Signature": "4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA",
          "TBS": {
            "MD5": "518d2ea8a21e879c942d504824ac211c",
            "SHA1": "21ce87d827077e61abddf2beba69fde5432ea031",
            "SHA256": "1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7",
            "SHA384": "53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f"
          },
          "ValidFrom": "2003-12-04 00:00:00",
          "ValidTo": "2013-12-03 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0de92bf0d4d82988183205095e9a7688",
          "Signature": "877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer",
          "TBS": {
            "MD5": "45c204b8a20f6abb0188d2d38a3fb0c9",
            "SHA1": "cdf3a3c5c2eda4c29621f30fd3154f9f8c765739",
            "SHA256": "e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77",
            "SHA384": "ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223"
          },
          "ValidFrom": "2003-12-04 00:00:00",
          "ValidTo": "2008-12-03 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "4191a15a3978dfcf496566381d4c75c2",
          "Signature": "ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA",
          "TBS": {
            "MD5": "41011f8d0e7c7a6408334ca387914c61",
            "SHA1": "c7fc1727f5b75a6421a1f95c73bbdb23580c48e5",
            "SHA256": "88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0",
            "SHA384": "a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459"
          },
          "ValidFrom": "2004-07-16 00:00:00",
          "ValidTo": "2014-07-15 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610c120600000000001b",
          "Signature": "01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority",
          "TBS": {
            "MD5": "53c41bc1164e09e0cd1617a5bf913efd",
            "SHA1": "93c03aac8951d494ecd5696b1c08658541b18727",
            "SHA256": "40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b",
            "SHA384": "f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8"
          },
          "ValidFrom": "2006-05-23 17:01:29",
          "ValidTo": "2016-05-23 17:11:29",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "2ca9ca93cd9b19a96ddad68aff3a668d",
          "Signature": "66da102458b1f7a00e4d83c2b5fc3f96e6c55489b52830af684ef682ba836adeaf11984c59a876a882bf9bf2de527d34872a457e01a02c8bb8c630e41e364b96980b7e774228d49597ba47674b21c4da7d9cccd87bb5af940b761a9b70c64d2d4455d764a0004a9e55cecb4cde90e49481fced746ec91fe2b63f0176df8b7400928964cb53088a06e779021ae79280e58c9d0a7ac19ad0b9ab042e223ea97c13830cc55dcad096dab50f11126be42fe8142814e943a0b408659ff0f155449719c2afbf4c911fd78cba7f91d4ca280b1959a40fc8e7785d58b7a71e5357c946e5ddf20ea489e58877cf26a28691eccdcf20b4a40f353dbaa91e703db89aa7470b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=California, L=Milpitas, O=Phoenix Technology Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=CSS Core Features Development, CN=Phoenix Technology Ltd.",
          "TBS": {
            "MD5": "47b0f73f8cc709595616e0d6ae88c5db",
            "SHA1": "83d27f045fa24c61544842dd4a9ac8759fa6900a",
            "SHA256": "47a75a2e532e11a257ac26424155874c7254eadf8c3aa2882ebdf1c26c592db7",
            "SHA384": "47b81b4771455e9cd188c0b7354dd8b1db838d9efa8f9019b1e8c74768c2d421118e6997bb6d025d7bcbe80851caaa2e"
          },
          "ValidFrom": "2006-10-17 00:00:00",
          "ValidTo": "2007-10-17 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA",
          "SerialNumber": "2ca9ca93cd9b19a96ddad68aff3a668d",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameWinFlash64.sys
    Creation Timestamp2005-11-22 18:14:16
    MD5bf2a954160cb155df0df433929e9102b
    SHA17a1689cde189378e7db84456212b0e438f9bf90a
    SHA2568797d9afc7a6bb0933f100a8acbb5d0666ec691779d522ac66c66817155b1c0d
    Authentihash MD5066fa975190d01fa5a8e99b0d5f3a5ae
    Authentihash SHA10086ddd495c6c89c9b7732f2a2b58c06a82f31bc
    Authentihash SHA25663041a13d1658e22fecc34706e98ab08b54b94e7d028bf2b1308ff85995a01c3
    RichPEHeaderHash MD50c9e08d5cf93fb4262a36e966a86de52
    RichPEHeaderHash SHA1a3315f5e172b18139ce5319aedd7b29e7df79266
    RichPEHeaderHash SHA256f7700767767d65fddd999cffbbd8096cbca748f75bf714ab6d7f16252d41c936

    Download

    Certificates

    Expand
    Certificate 47bf1995df8d524643f7db6d480d31a4
    FieldValue
    ToBeSigned (TBS) MD5518d2ea8a21e879c942d504824ac211c
    ToBeSigned (TBS) SHA121ce87d827077e61abddf2beba69fde5432ea031
    ToBeSigned (TBS) SHA2561ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
    ValidFrom2003-12-04 00:00:00
    ValidTo2013-12-03 23:59:59
    Signature4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47bf1995df8d524643f7db6d480d31a4
    Version3
    Certificate 0de92bf0d4d82988183205095e9a7688
    FieldValue
    ToBeSigned (TBS) MD545c204b8a20f6abb0188d2d38a3fb0c9
    ToBeSigned (TBS) SHA1cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
    ToBeSigned (TBS) SHA256e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
    ValidFrom2003-12-04 00:00:00
    ValidTo2008-12-03 23:59:59
    Signature877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0de92bf0d4d82988183205095e9a7688
    Version3
    Certificate 4191a15a3978dfcf496566381d4c75c2
    FieldValue
    ToBeSigned (TBS) MD541011f8d0e7c7a6408334ca387914c61
    ToBeSigned (TBS) SHA1c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
    ToBeSigned (TBS) SHA25688dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
    ValidFrom2004-07-16 00:00:00
    ValidTo2014-07-15 23:59:59
    Signatureae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber4191a15a3978dfcf496566381d4c75c2
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3
    Certificate 226a266fde87a6d82d69d22ba10dce2f
    FieldValue
    ToBeSigned (TBS) MD58d6e9b2b7b3354b41c443655b723f844
    ToBeSigned (TBS) SHA15836b80ddac629024f98b948f5160fd2d9012176
    ToBeSigned (TBS) SHA256da103ae61a236502e0e1b7119c8f73be07ef1eab21d822c676813aa6a81d0a34
    SubjectC=TW, ST=TAIWAN, L=TAIPEI, O=Universal ABIT Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=R&D DIV. TECH.SUPP.DEPT, CN=Universal ABIT Co., Ltd.
    ValidFrom2006-07-19 00:00:00
    ValidTo2007-07-19 23:59:59
    Signature72879dd41a0938989ce82b000bdea2326d4885c8c604fb6ec746303afda5ee11102860f7f94ffb67b5e49b8288d3775cbb244a5ef88a021987a48f4801691176d2fdf7092cc116f097e90fbe35d2415f7a64cdb1c1649c0de4bcb81a9e92796d34129ed6b5abe91b2a4a921895f6c1342afb5944338a5140de94c3a997033dabd6b14631bd78371cfdf0e10c0ef63c4310581f547febc19b6887c973a901a47d9d978644527fd2f1dcf0d5fd78f6c1d715ddf01ec40d5d30afa081a896c6d78897c507f361d63c9a702735b373588517ff2663a4a0c0aa91a0ce1446942d35cfd4e98f893fc3390948d3863f3731901e274988753f550c66bce31372052f96d2
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber226a266fde87a6d82d69d22ba10dce2f
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteDevice
    • RtlFreeUnicodeString
    • IoCreateSymbolicLink
    • IoCreateDevice
    • RtlAnsiStringToUnicodeString
    • RtlInitString
    • IofCompleteRequest
    • MmMapLockedPages
    • IoDeleteSymbolicLink
    • RtlInitUnicodeString
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • MmUnmapIoSpace
    • MmMapIoSpace

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "47bf1995df8d524643f7db6d480d31a4",
          "Signature": "4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA",
          "TBS": {
            "MD5": "518d2ea8a21e879c942d504824ac211c",
            "SHA1": "21ce87d827077e61abddf2beba69fde5432ea031",
            "SHA256": "1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7",
            "SHA384": "53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f"
          },
          "ValidFrom": "2003-12-04 00:00:00",
          "ValidTo": "2013-12-03 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0de92bf0d4d82988183205095e9a7688",
          "Signature": "877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer",
          "TBS": {
            "MD5": "45c204b8a20f6abb0188d2d38a3fb0c9",
            "SHA1": "cdf3a3c5c2eda4c29621f30fd3154f9f8c765739",
            "SHA256": "e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77",
            "SHA384": "ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223"
          },
          "ValidFrom": "2003-12-04 00:00:00",
          "ValidTo": "2008-12-03 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "4191a15a3978dfcf496566381d4c75c2",
          "Signature": "ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA",
          "TBS": {
            "MD5": "41011f8d0e7c7a6408334ca387914c61",
            "SHA1": "c7fc1727f5b75a6421a1f95c73bbdb23580c48e5",
            "SHA256": "88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0",
            "SHA384": "a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459"
          },
          "ValidFrom": "2004-07-16 00:00:00",
          "ValidTo": "2014-07-15 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610c120600000000001b",
          "Signature": "01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority",
          "TBS": {
            "MD5": "53c41bc1164e09e0cd1617a5bf913efd",
            "SHA1": "93c03aac8951d494ecd5696b1c08658541b18727",
            "SHA256": "40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b",
            "SHA384": "f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8"
          },
          "ValidFrom": "2006-05-23 17:01:29",
          "ValidTo": "2016-05-23 17:11:29",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "2ca9ca93cd9b19a96ddad68aff3a668d",
          "Signature": "66da102458b1f7a00e4d83c2b5fc3f96e6c55489b52830af684ef682ba836adeaf11984c59a876a882bf9bf2de527d34872a457e01a02c8bb8c630e41e364b96980b7e774228d49597ba47674b21c4da7d9cccd87bb5af940b761a9b70c64d2d4455d764a0004a9e55cecb4cde90e49481fced746ec91fe2b63f0176df8b7400928964cb53088a06e779021ae79280e58c9d0a7ac19ad0b9ab042e223ea97c13830cc55dcad096dab50f11126be42fe8142814e943a0b408659ff0f155449719c2afbf4c911fd78cba7f91d4ca280b1959a40fc8e7785d58b7a71e5357c946e5ddf20ea489e58877cf26a28691eccdcf20b4a40f353dbaa91e703db89aa7470b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=California, L=Milpitas, O=Phoenix Technology Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=CSS Core Features Development, CN=Phoenix Technology Ltd.",
          "TBS": {
            "MD5": "47b0f73f8cc709595616e0d6ae88c5db",
            "SHA1": "83d27f045fa24c61544842dd4a9ac8759fa6900a",
            "SHA256": "47a75a2e532e11a257ac26424155874c7254eadf8c3aa2882ebdf1c26c592db7",
            "SHA384": "47b81b4771455e9cd188c0b7354dd8b1db838d9efa8f9019b1e8c74768c2d421118e6997bb6d025d7bcbe80851caaa2e"
          },
          "ValidFrom": "2006-10-17 00:00:00",
          "ValidTo": "2007-10-17 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA",
          "SerialNumber": "2ca9ca93cd9b19a96ddad68aff3a668d",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameWinFlash64.sys
    Creation Timestamp2009-06-24 00:53:27
    MD5bc6ff00fb3a14437c94b37ac9a2101d4
    SHA1d5326fea00bcde2ef7155acf3285c245c9fb4ece
    SHA2568bda0108de82ebeae82f43108046c5feb6f042e312fa0115475a9e32274fae59
    Authentihash MD532c5590f86eda2c188d19fa91107e3b7
    Authentihash SHA1d3bc762eaebf1ea4f291aeb614dd7e1d3c027a39
    Authentihash SHA256bddf1750dc00725c1384b34740e798b4f5f70218ab71ac62a5a96773b377df5a
    RichPEHeaderHash MD5e45555d3e32b95a48e57c427a5597932
    RichPEHeaderHash SHA1db8a20a54bc6f571ca43e0bc2788aa04204db9e9
    RichPEHeaderHash SHA256d30a5037cb0cb3db5c1476f497c13de3be584ef147122d66c2731e7a1db1d24a

    Download

    Certificates

    Expand
    Certificate 3825d7faf861af9ef490e726b5d65ad5
    FieldValue
    ToBeSigned (TBS) MD5d6c7684e9aaa508cf268335f83afe040
    ToBeSigned (TBS) SHA118066d20ad92409c567cdfde745279ff71c75226
    ToBeSigned (TBS) SHA256a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2
    ValidFrom2007-06-15 00:00:00
    ValidTo2012-06-14 23:59:59
    Signature50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber3825d7faf861af9ef490e726b5d65ad5
    Version3
    Certificate 47bf1995df8d524643f7db6d480d31a4
    FieldValue
    ToBeSigned (TBS) MD5518d2ea8a21e879c942d504824ac211c
    ToBeSigned (TBS) SHA121ce87d827077e61abddf2beba69fde5432ea031
    ToBeSigned (TBS) SHA2561ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
    ValidFrom2003-12-04 00:00:00
    ValidTo2013-12-03 23:59:59
    Signature4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47bf1995df8d524643f7db6d480d31a4
    Version3
    Certificate 4191a15a3978dfcf496566381d4c75c2
    FieldValue
    ToBeSigned (TBS) MD541011f8d0e7c7a6408334ca387914c61
    ToBeSigned (TBS) SHA1c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
    ToBeSigned (TBS) SHA25688dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
    ValidFrom2004-07-16 00:00:00
    ValidTo2014-07-15 23:59:59
    Signatureae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber4191a15a3978dfcf496566381d4c75c2
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3
    Certificate 55272d7780471b989f3def09bb221c53
    FieldValue
    ToBeSigned (TBS) MD5e25e721298ff095a569a15965845ad33
    ToBeSigned (TBS) SHA1241fbb78e76a1bed275262fa03b82141602acce0
    ToBeSigned (TBS) SHA256a854ee1ec235e308c5493d99dda2703087298f201bfcb177c872c07cbe8fe68b
    SubjectC=US, ST=California, L=Milpitas, O=Phoenix Technology Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=CSS Core Features Development, CN=Phoenix Technology Ltd.
    ValidFrom2008-11-14 00:00:00
    ValidTo2009-11-14 23:59:59
    Signatureaddfb0156ef6ad5c431dffc5ef41cefa457136306d15d84146668cbe5be0f54450614be60c40f7b9ecf7b16b10fe5bcaeff5e31433abd8e218e5cfac8ecb246b3d59d8b3aa0b5ae88feab0b12dd24dc2f4cb51fec3a2a302f67903a652d52197b07e77410d4e480d0f2c3003e150f5da93bd09c91977fbc8d7652f4f5bb7c06d672dbda83f7458f6cb52719cd7f393395e1b036a9701608eccb8c1d2f42ccbee6e53e5fc342b9d5b65aac07d35b2d3b69fb8f51184699a46ac6d3ce7de8fa73353f74f58572f5d982d0d56ce29321d35633de97a04f99d73969c4c0b3bce7cdb95ec67c0b78deee1c5af17e49e9d4978db7f4063c9670adf5094c3e5a730d4fe
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber55272d7780471b989f3def09bb221c53
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteDevice
    • RtlFreeUnicodeString
    • IoCreateSymbolicLink
    • IoCreateDevice
    • RtlAnsiStringToUnicodeString
    • RtlInitString
    • IofCompleteRequest
    • MmMapLockedPages
    • IoDeleteSymbolicLink
    • RtlInitUnicodeString
    • MmFreeContiguousMemorySpecifyCache
    • MmGetPhysicalAddress
    • MmAllocateContiguousMemorySpecifyCache
    • MmFreeContiguousMemory
    • MmUnmapIoSpace
    • MmMapIoSpace
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "47bf1995df8d524643f7db6d480d31a4",
          "Signature": "4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA",
          "TBS": {
            "MD5": "518d2ea8a21e879c942d504824ac211c",
            "SHA1": "21ce87d827077e61abddf2beba69fde5432ea031",
            "SHA256": "1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7",
            "SHA384": "53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f"
          },
          "ValidFrom": "2003-12-04 00:00:00",
          "ValidTo": "2013-12-03 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0de92bf0d4d82988183205095e9a7688",
          "Signature": "877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer",
          "TBS": {
            "MD5": "45c204b8a20f6abb0188d2d38a3fb0c9",
            "SHA1": "cdf3a3c5c2eda4c29621f30fd3154f9f8c765739",
            "SHA256": "e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77",
            "SHA384": "ee9c75832cb252218b3201619852209df490d2ef7a5f7a28afdb37f1c1dd56f4604898838e558f615b1c798d4a488223"
          },
          "ValidFrom": "2003-12-04 00:00:00",
          "ValidTo": "2008-12-03 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "4191a15a3978dfcf496566381d4c75c2",
          "Signature": "ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA",
          "TBS": {
            "MD5": "41011f8d0e7c7a6408334ca387914c61",
            "SHA1": "c7fc1727f5b75a6421a1f95c73bbdb23580c48e5",
            "SHA256": "88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0",
            "SHA384": "a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459"
          },
          "ValidFrom": "2004-07-16 00:00:00",
          "ValidTo": "2014-07-15 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610c120600000000001b",
          "Signature": "01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority",
          "TBS": {
            "MD5": "53c41bc1164e09e0cd1617a5bf913efd",
            "SHA1": "93c03aac8951d494ecd5696b1c08658541b18727",
            "SHA256": "40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b",
            "SHA384": "f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8"
          },
          "ValidFrom": "2006-05-23 17:01:29",
          "ValidTo": "2016-05-23 17:11:29",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "2ca9ca93cd9b19a96ddad68aff3a668d",
          "Signature": "66da102458b1f7a00e4d83c2b5fc3f96e6c55489b52830af684ef682ba836adeaf11984c59a876a882bf9bf2de527d34872a457e01a02c8bb8c630e41e364b96980b7e774228d49597ba47674b21c4da7d9cccd87bb5af940b761a9b70c64d2d4455d764a0004a9e55cecb4cde90e49481fced746ec91fe2b63f0176df8b7400928964cb53088a06e779021ae79280e58c9d0a7ac19ad0b9ab042e223ea97c13830cc55dcad096dab50f11126be42fe8142814e943a0b408659ff0f155449719c2afbf4c911fd78cba7f91d4ca280b1959a40fc8e7785d58b7a71e5357c946e5ddf20ea489e58877cf26a28691eccdcf20b4a40f353dbaa91e703db89aa7470b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=California, L=Milpitas, O=Phoenix Technology Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=CSS Core Features Development, CN=Phoenix Technology Ltd.",
          "TBS": {
            "MD5": "47b0f73f8cc709595616e0d6ae88c5db",
            "SHA1": "83d27f045fa24c61544842dd4a9ac8759fa6900a",
            "SHA256": "47a75a2e532e11a257ac26424155874c7254eadf8c3aa2882ebdf1c26c592db7",
            "SHA384": "47b81b4771455e9cd188c0b7354dd8b1db838d9efa8f9019b1e8c74768c2d421118e6997bb6d025d7bcbe80851caaa2e"
          },
          "ValidFrom": "2006-10-17 00:00:00",
          "ValidTo": "2007-10-17 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA",
          "SerialNumber": "2ca9ca93cd9b19a96ddad68aff3a668d",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    source

    last_updated: 2024-09-26