Description
The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable drivers (237 file hashes) accepting firmware access. Six allow kernel memory access. All give full control of the devices to non-admin users. By exploiting the vulnerable drivers, an attacker without the system privilege may erase/alter firmware, and/or elevate privileges. As of the time of writing in October 2023, the filenames of the vulnerable drivers have not been made public until now.
- UUID: 7bb4d807-9a66-48ff-9fb7-82780f3b015e
- Created: 2023-11-02
- Author: Takahiro Haruyama
- Acknowledgement: |
DownloadBlock
This download link contains the vulnerable driver!
Commands
sc.exe create RadHwMgrsys binPath= C:\windows\temp\RadHwMgrsys.sys type=kernel && sc.exe start RadHwMgrsys
| Use Case | Privileges | Operating System |
|---|
| Elevate privileges | kernel | Windows 10 |
Detections
Sigma 🛡️
Expand
Names
detects loading using name only
Hashes
detects loading using hashes only
Resources
https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.htmlKnown Vulnerable Samples
Download
Imports
Expand
Imported Functions
Expand
- IoAttachDeviceToDeviceStack
- IoCreateDevice
- RtlInitUnicodeString
- IoReleaseRemoveLockEx
- KeWaitForSingleObject
- IoDetachDevice
- IoReleaseRemoveLockAndWaitEx
- KeDelayExecutionThread
- MmGetSystemRoutineAddress
- KeCancelTimer
- IoDeleteDevice
- IoAcquireRemoveLockEx
- _except_handler3
- MmUnmapIoSpace
- MmMapIoSpace
- MmGetPhysicalAddress
- KeReleaseMutex
- _vsnprintf
- strstr
- KeTickCount
- KeBugCheckEx
- KeInitializeDpc
- KeInitializeTimer
- IoInitializeRemoveLockEx
- KeInitializeMutex
- KeInitializeEvent
- IofCompleteRequest
- IofCallDriver
- PoStartNextPowerIrp
- PoCallDriver
- DbgPrint
- IoCreateSymbolicLink
- KeSetTimerEx
- IoDeleteSymbolicLink
- ExAllocatePoolWithTag
- ExFreePoolWithTag
- KeSetEvent
- KeGetCurrentIrql
- HalSetBusDataByOffset
- HalGetBusDataByOffset
- WRITE_PORT_ULONG
- WRITE_PORT_USHORT
- READ_PORT_USHORT
- ExAcquireFastMutex
- ExReleaseFastMutex
- WRITE_PORT_UCHAR
- READ_PORT_UCHAR
- HalTranslateBusAddress
- READ_PORT_ULONG
- KeStallExecutionProcessor
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- PAGE
- INIT
- .rsrc
- .reloc
Signature
Expand
Download
Certificates
Expand
Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | d0785ad36e427c92b19f6826ab1e8020 |
| ToBeSigned (TBS) SHA1 | 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 |
| ToBeSigned (TBS) SHA256 | c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 |
| ValidFrom | 2012-12-21 00:00:00 |
| ValidTo | 2020-12-30 23:59:59 |
| Signature | 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 7e93ebfb7cc64e59ea4b9a77d406fc3b |
| Version | 3 |
Certificate 0ecff438c8febf356e04d86a981b1a50
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | e9d38360b914c8863f6cba3ee58764d3 |
| ToBeSigned (TBS) SHA1 | 4cba8eae47b6bf76f20b3504b98b8f062694a89b |
| ToBeSigned (TBS) SHA256 | 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 |
| ValidFrom | 2012-10-18 00:00:00 |
| ValidTo | 2020-12-29 23:59:59 |
| Signature | 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0ecff438c8febf356e04d86a981b1a50 |
| Version | 3 |
Certificate 052d77dc3058212fb02ee74e72ef1bf5
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 4ec91835fedc5ed3d50a9ae6947fd588 |
| ToBeSigned (TBS) SHA1 | 021ebc3c130aeea57308098aba78932d9a155dac |
| ToBeSigned (TBS) SHA256 | 2e422275df3b5001343731714f189dff59e11f996cd8af9044445c9717bc4ed4 |
| Subject | C=US, ST=Georgia, L=Duluth, O=NCR Corporation, CN=NCR Corporation |
| ValidFrom | 2014-10-21 00:00:00 |
| ValidTo | 2017-11-19 23:59:59 |
| Signature | b6ae0546b74d187046efd534e763f13a4db98af9802d0a6aaf8ee7907ed06e76a58dbdead745ce4a28aa3591f254170cbbfcab6949f873702387f338692e5ab622db1549930bd1077974f149d604716977e59fa6e580c5cba239d8d14dafe95a363b874b3c613f44e321ed3fb03da3c386bc59d597d17e8223d406d4021d721407918e32ac299f85b7ed14eccc5249a01a53e3864932d16099d2428a051dec6ad35c5b25bb11d7a0564e08603fd1dde05d22da9e993e172f753558084875975a63d6149b863248d9ea67fbb7d06c22b29b5c6b02f43da356f74659f58fee80dacd228110b0149df32bae7dbdd743bb9ea68d4f94c26c8981445e19432bde81be |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 052d77dc3058212fb02ee74e72ef1bf5 |
| Version | 3 |
Certificate 611993e400000000001c
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 78a717e082dcc1cda3458d917e677d14 |
| ToBeSigned (TBS) SHA1 | 4a872e0e51f9b304469cd1dedb496ee9b8b983a4 |
| ToBeSigned (TBS) SHA256 | 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8 |
| Subject | C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5 |
| ValidFrom | 2011-02-22 19:25:17 |
| ValidTo | 2021-02-22 19:35:17 |
| Signature | 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611993e400000000001c |
| Version | 3 |
Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | b30c31a572b0409383ed3fbe17e56e81 |
| ToBeSigned (TBS) SHA1 | 4843a82ed3b1f2bfbee9671960e1940c942f688d |
| ToBeSigned (TBS) SHA256 | 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9 |
| Subject | C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA |
| ValidFrom | 2010-02-08 00:00:00 |
| ValidTo | 2020-02-07 23:59:59 |
| Signature | 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 5200e5aa2556fc1a86ed96c9d44b33c7 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- IoCreateSymbolicLink
- _except_handler3
- IoReleaseRemoveLockEx
- KeWaitForSingleObject
- IoDetachDevice
- IoReleaseRemoveLockAndWaitEx
- KeDelayExecutionThread
- MmGetSystemRoutineAddress
- KeCancelTimer
- IoDeleteSymbolicLink
- IoAcquireRemoveLockEx
- MmUnmapIoSpace
- MmMapIoSpace
- MmGetPhysicalAddress
- KeReleaseMutex
- RtlRandom
- KeQuerySystemTime
- KeRestoreFloatingPointState
- KeSaveFloatingPointState
- KeSetTimerEx
- KeQueryActiveProcessors
- ZwSetInformationThread
- KeInitializeSpinLock
- KeClearEvent
- _allmul
- ZwClose
- ZwSetValueKey
- ZwCreateKey
- ExFreePoolWithTag
- ZwQueryValueKey
- ZwOpenKey
- ExAllocatePoolWithTag
- _vsnprintf
- PsTerminateSystemThread
- ObfDereferenceObject
- ObReferenceObjectByHandle
- PsCreateSystemThread
- KeTickCount
- KeBugCheckEx
- RtlInitUnicodeString
- IoCreateDevice
- IoAttachDeviceToDeviceStack
- IoDeleteDevice
- KeInitializeDpc
- KeInitializeTimer
- IoInitializeRemoveLockEx
- KeInitializeMutex
- KeInitializeEvent
- IofCompleteRequest
- IofCallDriver
- PoStartNextPowerIrp
- PoCallDriver
- KeSetEvent
- swprintf
- _stricmp
- strstr
- DbgPrint
- KeGetCurrentIrql
- KfAcquireSpinLock
- KfReleaseSpinLock
- HalSetBusDataByOffset
- HalGetBusDataByOffset
- WRITE_PORT_ULONG
- WRITE_PORT_USHORT
- READ_PORT_ULONG
- READ_PORT_USHORT
- ExAcquireFastMutex
- ExReleaseFastMutex
- KeStallExecutionProcessor
- WRITE_PORT_UCHAR
- READ_PORT_UCHAR
- HalTranslateBusAddress
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- PAGE
- INIT
- .rsrc
- .reloc
Signature
Expand
Download
Imports
Expand
Imported Functions
Expand
- IoCreateDevice
- RtlInitUnicodeString
- IoReleaseRemoveLockEx
- KeWaitForSingleObject
- IoDetachDevice
- IoReleaseRemoveLockAndWaitEx
- KeDelayExecutionThread
- MmGetSystemRoutineAddress
- KeCancelTimer
- IoDeleteSymbolicLink
- IoAcquireRemoveLockEx
- _except_handler3
- MmUnmapIoSpace
- MmMapIoSpace
- MmGetPhysicalAddress
- KeReleaseMutex
- IoAttachDeviceToDeviceStack
- KeQueryActiveProcessors
- KeRestoreFloatingPointState
- KeSaveFloatingPointState
- ZwSetInformationThread
- KeClearEvent
- _allmul
- ZwClose
- ZwSetValueKey
- ZwCreateKey
- ExFreePoolWithTag
- ZwQueryValueKey
- ZwOpenKey
- ExAllocatePoolWithTag
- KeTickCount
- KeBugCheckEx
- IoDeleteDevice
- KeInitializeDpc
- KeInitializeTimer
- IoInitializeRemoveLockEx
- KeInitializeMutex
- KeInitializeEvent
- IofCompleteRequest
- IofCallDriver
- PoStartNextPowerIrp
- PoCallDriver
- KeInitializeSpinLock
- IoCreateSymbolicLink
- KeSetTimerEx
- KeSetEvent
- swprintf
- _vsnprintf
- strstr
- _stricmp
- DbgPrint
- KeGetCurrentIrql
- KfAcquireSpinLock
- KfReleaseSpinLock
- HalSetBusDataByOffset
- HalGetBusDataByOffset
- WRITE_PORT_ULONG
- WRITE_PORT_USHORT
- READ_PORT_ULONG
- READ_PORT_USHORT
- ExAcquireFastMutex
- ExReleaseFastMutex
- WRITE_PORT_UCHAR
- READ_PORT_UCHAR
- KeStallExecutionProcessor
- HalTranslateBusAddress
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- PAGE
- INIT
- .rsrc
- .reloc
Signature
Expand
Download
Certificates
Expand
Certificate 3300000057ee4d659a923e7c10000000000057
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | fdc11a5676aed4e9cc0c09eeb7450dfb |
| ToBeSigned (TBS) SHA1 | 4902077d9a05d4231b791d3b05bafa4a79132f03 |
| ToBeSigned (TBS) SHA256 | 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2022-06-07 18:08:06 |
| ValidTo | 2023-06-01 18:08:06 |
| Signature | 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 3300000057ee4d659a923e7c10000000000057 |
| Version | 3 |
Certificate 330000000d690d5d7893d076df00000000000d
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 83f69422963f11c3c340b81712eef319 |
| ToBeSigned (TBS) SHA1 | 0c5e5f24590b53bc291e28583acb78e5adc95601 |
| ToBeSigned (TBS) SHA256 | d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014 |
| ValidFrom | 2014-10-15 20:31:27 |
| ValidTo | 2029-10-15 20:41:27 |
| Signature | 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 330000000d690d5d7893d076df00000000000d |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- IoCreateSymbolicLink
- _except_handler3
- IoReleaseRemoveLockEx
- KeWaitForSingleObject
- IoDetachDevice
- IoReleaseRemoveLockAndWaitEx
- KeDelayExecutionThread
- MmGetSystemRoutineAddress
- KeCancelTimer
- IoDeleteSymbolicLink
- IoAcquireRemoveLockEx
- MmGetPhysicalAddress
- KeReleaseMutex
- RtlRandom
- KeQuerySystemTime
- MmMapIoSpace
- KeRestoreFloatingPointState
- KeSaveFloatingPointState
- swprintf
- KeQueryActiveProcessors
- KeSetTimerEx
- ZwSetInformationThread
- KeInitializeSpinLock
- KeClearEvent
- _allmul
- ZwClose
- ZwWriteFile
- ZwCreateFile
- ZwSetValueKey
- ZwCreateKey
- ExFreePoolWithTag
- ZwQueryValueKey
- ZwOpenKey
- ExAllocatePoolWithTag
- PsTerminateSystemThread
- ObfDereferenceObject
- ObReferenceObjectByHandle
- PsCreateSystemThread
- KeTickCount
- KeBugCheckEx
- RtlInitUnicodeString
- IoCreateDevice
- IoAttachDeviceToDeviceStack
- IoDeleteDevice
- KeInitializeDpc
- KeInitializeTimer
- IoInitializeRemoveLockEx
- KeInitializeMutex
- KeInitializeEvent
- IofCompleteRequest
- IofCallDriver
- PoStartNextPowerIrp
- PoCallDriver
- KeSetEvent
- MmUnmapIoSpace
- _vsnprintf
- IoWMIQueryAllData
- IoWMIOpenBlock
- strstr
- _stricmp
- DbgPrint
- KeGetCurrentIrql
- KfAcquireSpinLock
- KfReleaseSpinLock
- HalSetBusDataByOffset
- HalGetBusDataByOffset
- WRITE_PORT_ULONG
- WRITE_PORT_USHORT
- READ_PORT_ULONG
- READ_PORT_USHORT
- ExAcquireFastMutex
- ExReleaseFastMutex
- KeStallExecutionProcessor
- WRITE_PORT_UCHAR
- READ_PORT_UCHAR
- HalTranslateBusAddress
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- PAGE
- INIT
- .rsrc
- .reloc
Signature
Expand
Download
Certificates
Expand
Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | d0785ad36e427c92b19f6826ab1e8020 |
| ToBeSigned (TBS) SHA1 | 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 |
| ToBeSigned (TBS) SHA256 | c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 |
| ValidFrom | 2012-12-21 00:00:00 |
| ValidTo | 2020-12-30 23:59:59 |
| Signature | 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 7e93ebfb7cc64e59ea4b9a77d406fc3b |
| Version | 3 |
Certificate 0ecff438c8febf356e04d86a981b1a50
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | e9d38360b914c8863f6cba3ee58764d3 |
| ToBeSigned (TBS) SHA1 | 4cba8eae47b6bf76f20b3504b98b8f062694a89b |
| ToBeSigned (TBS) SHA256 | 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 |
| ValidFrom | 2012-10-18 00:00:00 |
| ValidTo | 2020-12-29 23:59:59 |
| Signature | 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0ecff438c8febf356e04d86a981b1a50 |
| Version | 3 |
Certificate 052d77dc3058212fb02ee74e72ef1bf5
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 4ec91835fedc5ed3d50a9ae6947fd588 |
| ToBeSigned (TBS) SHA1 | 021ebc3c130aeea57308098aba78932d9a155dac |
| ToBeSigned (TBS) SHA256 | 2e422275df3b5001343731714f189dff59e11f996cd8af9044445c9717bc4ed4 |
| Subject | C=US, ST=Georgia, L=Duluth, O=NCR Corporation, CN=NCR Corporation |
| ValidFrom | 2014-10-21 00:00:00 |
| ValidTo | 2017-11-19 23:59:59 |
| Signature | b6ae0546b74d187046efd534e763f13a4db98af9802d0a6aaf8ee7907ed06e76a58dbdead745ce4a28aa3591f254170cbbfcab6949f873702387f338692e5ab622db1549930bd1077974f149d604716977e59fa6e580c5cba239d8d14dafe95a363b874b3c613f44e321ed3fb03da3c386bc59d597d17e8223d406d4021d721407918e32ac299f85b7ed14eccc5249a01a53e3864932d16099d2428a051dec6ad35c5b25bb11d7a0564e08603fd1dde05d22da9e993e172f753558084875975a63d6149b863248d9ea67fbb7d06c22b29b5c6b02f43da356f74659f58fee80dacd228110b0149df32bae7dbdd743bb9ea68d4f94c26c8981445e19432bde81be |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 052d77dc3058212fb02ee74e72ef1bf5 |
| Version | 3 |
Certificate 611993e400000000001c
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 78a717e082dcc1cda3458d917e677d14 |
| ToBeSigned (TBS) SHA1 | 4a872e0e51f9b304469cd1dedb496ee9b8b983a4 |
| ToBeSigned (TBS) SHA256 | 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8 |
| Subject | C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5 |
| ValidFrom | 2011-02-22 19:25:17 |
| ValidTo | 2021-02-22 19:35:17 |
| Signature | 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611993e400000000001c |
| Version | 3 |
Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | b30c31a572b0409383ed3fbe17e56e81 |
| ToBeSigned (TBS) SHA1 | 4843a82ed3b1f2bfbee9671960e1940c942f688d |
| ToBeSigned (TBS) SHA256 | 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9 |
| Subject | C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA |
| ValidFrom | 2010-02-08 00:00:00 |
| ValidTo | 2020-02-07 23:59:59 |
| Signature | 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 5200e5aa2556fc1a86ed96c9d44b33c7 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- RtlInitUnicodeString
- IoDeleteDevice
- KeSetEvent
- MmGetSystemRoutineAddress
- KeInitializeEvent
- KeInitializeDpc
- IoReleaseRemoveLockEx
- IoDetachDevice
- KeInitializeTimer
- KeSetTimerEx
- KeDelayExecutionThread
- PoStartNextPowerIrp
- IofCompleteRequest
- IoReleaseRemoveLockAndWaitEx
- KeWaitForSingleObject
- IoAttachDeviceToDeviceStack
- PoCallDriver
- IoCreateSymbolicLink
- IoInitializeRemoveLockEx
- IoCreateDevice
- KeCancelTimer
- DbgPrint
- IofCallDriver
- ExAcquireFastMutex
- MmGetPhysicalAddress
- MmMapIoSpace
- KeReleaseMutex
- RtlRandom
- KeQueryActiveProcessors
- swprintf
- KeReleaseSpinLock
- ZwSetInformationThread
- KeAcquireSpinLockRaiseToDpc
- KeClearEvent
- ExAllocatePoolWithTag
- ZwCreateKey
- ExFreePoolWithTag
- ZwSetValueKey
- ZwQueryValueKey
- ZwClose
- ZwOpenKey
- _vsnprintf
- PsCreateSystemThread
- PsTerminateSystemThread
- ObReferenceObjectByHandle
- ObfDereferenceObject
- KeBugCheckEx
- KeInitializeMutex
- ExReleaseFastMutex
- IoDeleteSymbolicLink
- MmUnmapIoSpace
- IoAcquireRemoveLockEx
- _stricmp
- strstr
- __C_specific_handler
- HalSetBusDataByOffset
- HalTranslateBusAddress
- KeStallExecutionProcessor
- HalGetBusDataByOffset
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- PAGE
- INIT
- .rsrc
- .reloc
Signature
Expand
Download
Certificates
Expand
Certificate 0d424ae0be3a88ff604021ce1400f0dd
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | c0189c338449a42fe8358c2c1fbecc60 |
| ToBeSigned (TBS) SHA1 | b8ac0ee6875594b80ad86a6df6dd1fa3048c187c |
| ToBeSigned (TBS) SHA256 | a43de6baf968a942da017b70769fdb65b3cfb1bbca1f9174da26a7d8aae78ec5 |
| Subject | C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2021 |
| ValidFrom | 2021-01-01 00:00:00 |
| ValidTo | 2031-01-06 00:00:00 |
| Signature | 481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 0d424ae0be3a88ff604021ce1400f0dd |
| Version | 3 |
Certificate 0ccd588d98ef92c984668dd925028a5a
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 9cbe98d11c2841cb53918871ade1e650 |
| ToBeSigned (TBS) SHA1 | 40fedcc9e4ff9a555f8b2de0c3af80e6595832f3 |
| ToBeSigned (TBS) SHA256 | 46052421da2dfa5a2ebbd382dc55cec0ce68f0bc492aaad269256cf10996901b |
| Subject | C=US, ST=Georgia, L=Atlanta, O=NCR Corporation, CN=NCR Corporation |
| ValidFrom | 2020-11-04 00:00:00 |
| ValidTo | 2023-12-12 23:59:59 |
| Signature | 4d55b7aeb5d2a5d0d57011d7737f9335b10f8a0c5dbd4df8ee165240aca58253c158eb39ff8c6de2d3581bf5223cbc8cafd41d644818a671357a801414ed8bfd7527ecc733e80dfb66591a8496da4b7c6eee9609edda6a68c0511cd58cdc7c632977bbaf0cd171bda99bfa32d8479efcdd7424b718a70fac3413019c98f1f47bd6bc9c96efd583ccb21c74b11ca06e1843336bd9bded749fd968d882e5b81c5418c7fc23e4a5fd53836819773310297d2c96193f0395b5fc45fb153eebf099c2c16600c146246de9d8d489807ab8faf0d81edbbb4410d67357f937a984eb458f832337c11aca1d3dd6305b607d173854e7a8e25e79d8220a621d62a3d1c1037b |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 0ccd588d98ef92c984668dd925028a5a |
| Version | 3 |
Certificate 0409181b5fd5bb66755343b56f955008
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 9359496ca4f021408b9d8923cab8b179 |
| ToBeSigned (TBS) SHA1 | 2aed40d7759997830870769be250199fd609e40e |
| ToBeSigned (TBS) SHA256 | e767799478f64a34b3f53ff3bb9057fe1768f4ab178041b0dcc0ff1e210cba65 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured ID Code Signing CA |
| ValidFrom | 2013-10-22 12:00:00 |
| ValidTo | 2028-10-22 12:00:00 |
| Signature | 3eec0d5a24b3f322d115c82c7c252976a81d5d1c2d3a1ac4ef3061d77e0b60fdc33d0fc4af8bfdef2adf205537b0e1f6d192750f51b46ea58e5ae25e24814e10a4ee3f718e630e134badd75f4479f33614068af79c464e5cff90b11b070e9115fbbaafb551c28d24ae24c6c7272aa129281a3a7128023c2e91a3c02511e29c1447a17a6868af9ba75c205cd971b10c8fbba8f8c512689fcf40cb4044a513f0e6640c25084232b2368a2402fe2f727e1cd7494596e8591de9fa74646bb2eb6643dab3b08cd5e90dddf60120ce9931633d081a18b3819b4fc6931006fc0781fa8bdaf98249f7626ea153fa129418852e9291ea686c4432b266a1e718a49a6451ef |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 0409181b5fd5bb66755343b56f955008 |
| Version | 3 |
Certificate 0aa125d6d6321b7e41e405da3697c215
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8d26184fc613f89aba1cefb30fce1b53 |
| ToBeSigned (TBS) SHA1 | 63a7e376bad5ec2e419d514a403bcf46c8d31d95 |
| ToBeSigned (TBS) SHA256 | 56b5f0d9db578e3f142921daa387902722a76700375c7e1c4ae0ba004bacaa0c |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured ID Timestamping CA |
| ValidFrom | 2016-01-07 12:00:00 |
| ValidTo | 2031-01-07 12:00:00 |
| Signature | 719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 0aa125d6d6321b7e41e405da3697c215 |
| Version | 3 |
Certificate 611cb28a000000000026
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 983a0c315a50542362f2bd6a5d71c8d0 |
| ToBeSigned (TBS) SHA1 | 8047f476001f5cb16a661d2a3fd0c3576168f5e2 |
| ToBeSigned (TBS) SHA256 | 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA |
| ValidFrom | 2011-04-15 19:41:37 |
| ValidTo | 2021-04-15 19:51:37 |
| Signature | 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611cb28a000000000026 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- RtlInitUnicodeString
- IoDeleteDevice
- KeSetEvent
- MmGetSystemRoutineAddress
- KeInitializeEvent
- KeInitializeDpc
- IoReleaseRemoveLockEx
- IoDetachDevice
- KeInitializeTimer
- KeSetTimerEx
- KeDelayExecutionThread
- PoStartNextPowerIrp
- IofCompleteRequest
- IoReleaseRemoveLockAndWaitEx
- KeWaitForSingleObject
- IoAttachDeviceToDeviceStack
- PoCallDriver
- IoCreateSymbolicLink
- IoInitializeRemoveLockEx
- IoCreateDevice
- KeCancelTimer
- DbgPrint
- IofCallDriver
- MmGetPhysicalAddress
- ExAcquireFastMutex
- RtlRandom
- KeQueryActiveProcessors
- swprintf
- KeReleaseSpinLock
- MmUnmapIoSpace
- MmMapIoSpace
- ZwSetInformationThread
- KeAcquireSpinLockRaiseToDpc
- KeClearEvent
- ZwCreateFile
- ZwClose
- ZwWriteFile
- ExAllocatePoolWithTag
- ZwCreateKey
- ExFreePoolWithTag
- ZwSetValueKey
- ZwQueryValueKey
- ZwOpenKey
- PsCreateSystemThread
- PsTerminateSystemThread
- ObReferenceObjectByHandle
- ObfDereferenceObject
- KeBugCheckEx
- KeInitializeMutex
- ExReleaseFastMutex
- IoDeleteSymbolicLink
- KeReleaseMutex
- IoAcquireRemoveLockEx
- _stricmp
- IoWMIQueryAllData
- strstr
- IoWMIOpenBlock
- _vsnprintf
- __C_specific_handler
- HalSetBusDataByOffset
- HalTranslateBusAddress
- KeStallExecutionProcessor
- HalGetBusDataByOffset
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- PAGE
- INIT
- .rsrc
- .reloc
Signature
Expand
source
last_updated: 2024-09-26
