Description
winio64.sys is a vulnerable driver and more information will be added as found.
- UUID: 94eb0694-29ba-4f8e-b763-86c6371db6cc
- Created: 2023-01-09
- Author: Michael Haag
- Acknowledgement: |
DownloadBlock
This download link contains the vulnerable driver!
Commands
sc.exe create winio64.sys binPath=C:\windows\temp\winio64.sys type=kernel && sc.exe start winio64.sys
Use Case | Privileges | Operating System |
---|
Elevate privileges | kernel | Windows 10 |
Detections
Sigma 🛡️
Expand
Names
detects loading using name only
Hashes
detects loading using hashes only
Resources
https://github.com/elastic/protections-artifacts/search?q=VulnDriverKnown Vulnerable Samples
Download
Certificates
Expand
Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
Field | Value |
---|
ToBeSigned (TBS) MD5 | d0785ad36e427c92b19f6826ab1e8020 |
ToBeSigned (TBS) SHA1 | 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 |
ToBeSigned (TBS) SHA256 | c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff |
Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 |
ValidFrom | 2012-12-21 00:00:00 |
ValidTo | 2020-12-30 23:59:59 |
Signature | 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 |
SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
IsCertificateAuthority | True |
SerialNumber | 7e93ebfb7cc64e59ea4b9a77d406fc3b |
Version | 3 |
Certificate 0ecff438c8febf356e04d86a981b1a50
Field | Value |
---|
ToBeSigned (TBS) MD5 | e9d38360b914c8863f6cba3ee58764d3 |
ToBeSigned (TBS) SHA1 | 4cba8eae47b6bf76f20b3504b98b8f062694a89b |
ToBeSigned (TBS) SHA256 | 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 |
Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 |
ValidFrom | 2012-10-18 00:00:00 |
ValidTo | 2020-12-29 23:59:59 |
Signature | 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 |
SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
IsCertificateAuthority | False |
SerialNumber | 0ecff438c8febf356e04d86a981b1a50 |
Version | 3 |
Certificate 6139bb9c000000000033
Field | Value |
---|
ToBeSigned (TBS) MD5 | 5b3304180221a8328ce477b1fd93898f |
ToBeSigned (TBS) SHA1 | 9b7f1e1653a52d801387f1e51d17fabb8d435d0c |
ToBeSigned (TBS) SHA256 | 67070bcf2ee304cedd252a1dd8a7222c1be50fd2d5eabef9446cb633e133d264 |
Subject | C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority |
ValidFrom | 2011-04-15 20:13:19 |
ValidTo | 2021-04-15 20:23:19 |
Signature | 375933ca5e487d489a5be42fdbdb59a8c61f77c0a58747e86508c6672688d95c58e2c631ac0c32b96f7cc58748db2c0a23484d0dcf1116ef60577ed5326e22de373cc7dc16f3c9ce2939fb37daf5e4e741d8a2f82db3498a601f64ef9c1364b3469a82cc650f18550776c9e9337790a644daefa64d551038316f3a58ed31486190c04615b4c0a64e5493c00db524e55017c6d62392226992e0abab297508255399959f50b65b6753aaa2ba905a6ea3e35b5c830e54426dbdb917a8205284b51a4fb24d68d2c28ff8f9ae837c24a6e6c17f9a932f2e550df87bc1be336fab0cd934585c9c40ce284a015529655d5bfd525a54591171470b3eff2c9ae931d9046a33871d2f880fc99aab14a8c20b4f8589ac25490dff54395513d6b84d6bf44aad1833bc8e0052b476c2eccd8beb60d57880844a0eb93d4d560d1b17176f60fcdbd867cd3d4082b55c567f8d274cc76d5da410b57c410c39912f41d2c6310686eb405087d8131e852f10448b7a0361693b29fedfcdd3e07d19ba3b84e34e9ad78c7cd73d9dd7fd50108f06683bd8be3bbbaa284552eadde83a334caf38c715e3e97cee83eb2a1cbdd8fdf5394e7c5f25b39349ca88e56152f0dd14f8394ead47182aefcc6b29493fd7a48e7abd6f6bee675db7b167a60055014532b842fe96fc06b9cecfcff9fb6eab728718451afce3846a414f36714c77eea3191ab87d098c01 |
SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
IsCertificateAuthority | True |
SerialNumber | 6139bb9c000000000033 |
Version | 3 |
Certificate 26
Field | Value |
---|
ToBeSigned (TBS) MD5 | 40b719dc6e7a16f1672333943daca04b |
ToBeSigned (TBS) SHA1 | fbb05f9486d50f8f35013e531f1504e9f62cb3df |
ToBeSigned (TBS) SHA256 | 4997f6bbc707da19c7897e17a916d35dfbd8112bb671ac5d2d9397c690b7ba5c |
Subject | C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Class 3 Primary Intermediate Object CA |
ValidFrom | 2007-10-24 22:03:55 |
ValidTo | 2017-10-24 22:03:55 |
Signature | b8eba5382cab9038cfbe906919952f964e48103545b043712eb90e670f618458ed651ae0d8515c96c4df69cafb62bf35ea4a6923f2f67f60db652925e8ba5ef9485920745c9998fa7ed74eaf43963b88880e81f1d0a6a9af1df5e73e045be8927b624a531d3b7aaf94a20502da0fada1a732166a1d5d88f1ddc5da7e91b00a53124ddbefcdea9f48dfbfb27c0192f9816379a06f0e97d99044a550b8874b5cd89ca27aad4b91f31174e6a82342d4265ca83d85a035ec5308ddb62d1c21c8484ac4c83ab06e2f43e6df64097586fe0e68d26354a066e49eefdb5c74a0a8dc40e97b67d63b3ed286d31621d1e13252a3e6c2e1637e74431abeec29ae56e11811fa650b37340eb44799f86fb4994ed235b04764b5fee9afb69a23c282c838b6d4a42e3421ce03ef4c3841502f0dad40c82827e9eb7c2bd1704e2c8818c87c3f24505dcb5354679fd7a109980b0b8b2169ba72a6127bb05a0e697cc706ba2c7a950f079463235657a5382a63c4206a9e84438fdad8d03fd07d9592132916c0d868cae5fe7598b6f410e17c309eb990292035e31c56b30afd86717cfbbc0b2e8c94e35469c4784d1e0af80f33b9e256d789841c9cdf6fc50b8f998351066b441d6f30bcbef93a190bccfae6bc223f3d5475b80a647f7f65bba29049c3f227f7bbb97eb7688782cd43ec6cacab29c7d040e2bb3a0218315077ae33b1a9a8c62d4570ff |
SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
IsCertificateAuthority | True |
SerialNumber | 26 |
Version | 3 |
Certificate 0f69
Field | Value |
---|
ToBeSigned (TBS) MD5 | f5497dbe7af27561736a3ba6935044e8 |
ToBeSigned (TBS) SHA1 | 50728ba20d7ee0726bb8aa4a9d9659f7c938830f |
ToBeSigned (TBS) SHA256 | e468a80174391ca98a6720033afaec1f31468ac2aeee5938ff0350977ec443fe |
Subject | ??=Hdgwyqp6jNS97z8P, C=US, ST=Indiana, L=Fishers, O=Exacq Technologies, Inc., CN=Exacq Technologies, Inc., emailAddress=info@exacq.com |
ValidFrom | 2014-07-24 18:00:20 |
ValidTo | 2017-07-24 09:00:56 |
Signature | b4fea6e9fcf641e617b115ceca7bf10bbdcce8ed5a6644fe006af7a42a7e67ce269bef720dc937e258a7df51c342f9b00a5202ee5d651f76a3d1a7729cacb3db6a811d17df6042f447a26544de87b59d9d241a7446af330bd89fae3f9a07f8ea86ae276fb5f0c325ac0b7ba62c7e58a551e319daf55bfb4a1cde484b9519fb07f7f4801afe43ed99b6275cc66d36c23d0b1aebf05bebd79a1f16f7084c5bc1b2d935e6868ed0e1ca7100a6ef14af0194439e0e33de20ab71e5fe453c632c6686dbc5ecb969619e8519fd5f79da2ddf35936daa73c0c6216661e290de4d6473b3a1a964917567692568e8365de7ed1e4801749a004b915e58755de83a0e23f2e3 |
SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
IsCertificateAuthority | False |
SerialNumber | 0f69 |
Version | 3 |
Imports
Expand
- ntoskrnl.exe
- HAL.dll
- WDFLDR.SYS
Imported Functions
Expand
- ObfDereferenceObject
- ZwClose
- ZwOpenSection
- ObReferenceObjectByHandle
- ZwUnmapViewOfSection
- KeBugCheckEx
- IoDeleteSymbolicLink
- IoDeleteDevice
- RtlCopyUnicodeString
- IoCreateSymbolicLink
- IoCreateDevice
- IofCompleteRequest
- ZwMapViewOfSection
- RtlInitUnicodeString
- HalTranslateBusAddress
- WdfVersionUnbind
- WdfVersionBind
- WdfVersionBindClass
- WdfVersionUnbindClass
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "6139bb9c000000000033",
"Signature": "375933ca5e487d489a5be42fdbdb59a8c61f77c0a58747e86508c6672688d95c58e2c631ac0c32b96f7cc58748db2c0a23484d0dcf1116ef60577ed5326e22de373cc7dc16f3c9ce2939fb37daf5e4e741d8a2f82db3498a601f64ef9c1364b3469a82cc650f18550776c9e9337790a644daefa64d551038316f3a58ed31486190c04615b4c0a64e5493c00db524e55017c6d62392226992e0abab297508255399959f50b65b6753aaa2ba905a6ea3e35b5c830e54426dbdb917a8205284b51a4fb24d68d2c28ff8f9ae837c24a6e6c17f9a932f2e550df87bc1be336fab0cd934585c9c40ce284a015529655d5bfd525a54591171470b3eff2c9ae931d9046a33871d2f880fc99aab14a8c20b4f8589ac25490dff54395513d6b84d6bf44aad1833bc8e0052b476c2eccd8beb60d57880844a0eb93d4d560d1b17176f60fcdbd867cd3d4082b55c567f8d274cc76d5da410b57c410c39912f41d2c6310686eb405087d8131e852f10448b7a0361693b29fedfcdd3e07d19ba3b84e34e9ad78c7cd73d9dd7fd50108f06683bd8be3bbbaa284552eadde83a334caf38c715e3e97cee83eb2a1cbdd8fdf5394e7c5f25b39349ca88e56152f0dd14f8394ead47182aefcc6b29493fd7a48e7abd6f6bee675db7b167a60055014532b842fe96fc06b9cecfcff9fb6eab728718451afce3846a414f36714c77eea3191ab87d098c01",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority",
"TBS": {
"MD5": "5b3304180221a8328ce477b1fd93898f",
"SHA1": "9b7f1e1653a52d801387f1e51d17fabb8d435d0c",
"SHA256": "67070bcf2ee304cedd252a1dd8a7222c1be50fd2d5eabef9446cb633e133d264",
"SHA384": "be36b1ba9a006afb9eb53263634cb8ca38dd6ca7f95ec56f943324f3a26f9c34c2dff1a3a5c72c88513e23e1f20c8824"
},
"ValidFrom": "2011-04-15 20:13:19",
"ValidTo": "2021-04-15 20:23:19",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "26",
"Signature": "b8eba5382cab9038cfbe906919952f964e48103545b043712eb90e670f618458ed651ae0d8515c96c4df69cafb62bf35ea4a6923f2f67f60db652925e8ba5ef9485920745c9998fa7ed74eaf43963b88880e81f1d0a6a9af1df5e73e045be8927b624a531d3b7aaf94a20502da0fada1a732166a1d5d88f1ddc5da7e91b00a53124ddbefcdea9f48dfbfb27c0192f9816379a06f0e97d99044a550b8874b5cd89ca27aad4b91f31174e6a82342d4265ca83d85a035ec5308ddb62d1c21c8484ac4c83ab06e2f43e6df64097586fe0e68d26354a066e49eefdb5c74a0a8dc40e97b67d63b3ed286d31621d1e13252a3e6c2e1637e74431abeec29ae56e11811fa650b37340eb44799f86fb4994ed235b04764b5fee9afb69a23c282c838b6d4a42e3421ce03ef4c3841502f0dad40c82827e9eb7c2bd1704e2c8818c87c3f24505dcb5354679fd7a109980b0b8b2169ba72a6127bb05a0e697cc706ba2c7a950f079463235657a5382a63c4206a9e84438fdad8d03fd07d9592132916c0d868cae5fe7598b6f410e17c309eb990292035e31c56b30afd86717cfbbc0b2e8c94e35469c4784d1e0af80f33b9e256d789841c9cdf6fc50b8f998351066b441d6f30bcbef93a190bccfae6bc223f3d5475b80a647f7f65bba29049c3f227f7bbb97eb7688782cd43ec6cacab29c7d040e2bb3a0218315077ae33b1a9a8c62d4570ff",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Class 3 Primary Intermediate Object CA",
"TBS": {
"MD5": "40b719dc6e7a16f1672333943daca04b",
"SHA1": "fbb05f9486d50f8f35013e531f1504e9f62cb3df",
"SHA256": "4997f6bbc707da19c7897e17a916d35dfbd8112bb671ac5d2d9397c690b7ba5c",
"SHA384": "f73bf1c578a221661f96516389fd512e150551bab68487c981a2dfbb172419e2d2e5b00f52b50a251b9ff5dcb0be83df"
},
"ValidFrom": "2007-10-24 22:03:55",
"ValidTo": "2017-10-24 22:03:55",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0f69",
"Signature": "b4fea6e9fcf641e617b115ceca7bf10bbdcce8ed5a6644fe006af7a42a7e67ce269bef720dc937e258a7df51c342f9b00a5202ee5d651f76a3d1a7729cacb3db6a811d17df6042f447a26544de87b59d9d241a7446af330bd89fae3f9a07f8ea86ae276fb5f0c325ac0b7ba62c7e58a551e319daf55bfb4a1cde484b9519fb07f7f4801afe43ed99b6275cc66d36c23d0b1aebf05bebd79a1f16f7084c5bc1b2d935e6868ed0e1ca7100a6ef14af0194439e0e33de20ab71e5fe453c632c6686dbc5ecb969619e8519fd5f79da2ddf35936daa73c0c6216661e290de4d6473b3a1a964917567692568e8365de7ed1e4801749a004b915e58755de83a0e23f2e3",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=Hdgwyqp6jNS97z8P, C=US, ST=Indiana, L=Fishers, O=Exacq Technologies, Inc., CN=Exacq Technologies, Inc., emailAddress=info@exacq.com",
"TBS": {
"MD5": "f5497dbe7af27561736a3ba6935044e8",
"SHA1": "50728ba20d7ee0726bb8aa4a9d9659f7c938830f",
"SHA256": "e468a80174391ca98a6720033afaec1f31468ac2aeee5938ff0350977ec443fe",
"SHA384": "5b5ae06ffc6250a52e3085bc0c8da4f74d722ff772535cb5f14588218b3dcad60f5b09c79afb2e189b4f60a11e286f63"
},
"ValidFrom": "2014-07-24 18:00:20",
"ValidTo": "2017-07-24 09:00:56",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Class 3 Primary Intermediate Object CA",
"SerialNumber": "0f69",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 330000001f9800c911029569be00000000001f
Field | Value |
---|
ToBeSigned (TBS) MD5 | adc809facabcdfc353d4e5d9f8956845 |
ToBeSigned (TBS) SHA1 | ec1181c8eafabeee4ba13edd8f260a880474b665 |
ToBeSigned (TBS) SHA256 | cca1b4b3969e9dc0065cfa36ee48648341771a5af94db2d51320d6352c16c85b |
Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
ValidFrom | 2017-10-05 17:44:16 |
ValidTo | 2018-10-05 17:44:16 |
Signature | 5d029dd2c0ca0f997555ec89434d33899bd9a1ed711df775386647a579200c20df265adea863cc62d7e52425677abd190bf3717a12cd237961cdb74793930af7d63c57e4b868dbe09b8f03604a5a2e2b7fda4f9210aca193758f848d353f68f5913887c6e286a88519db9258401e939a2b541ea2b970460afa999f9fd26ba5b7c109d1088a3c2d42873691ff2ccb482289205190d0349c1f5b559f5f84e2bfa45e0152111d2c54ccd7d6212c50b5de6f0add83776bc70b319a108076fde4973d281e0f020f33dd8f7d57501216c6499d40dd8ac64566a564fee1abf5d3667d3b9bc9c904dfba7c0ca42b0d8267b16e8fe257f11c45f2fbe2d9bba0f688d12c4ffb563b68fc1e8be829f600829c49fdac4f757ea24e774d000ef3caa359f1a34ef54c77a3c0c11fc3a5849efd089b301356ff4c88a811abfdadeac18a64f61ea2d79146c18c0d3f066abc0b0fa9e803a8a3e99a960be0c4b40a7a36a7d2880ff89a17f7db91181f67dd134ae7751ac0bcdf047c262834fe3ad8ca28e2f74c3ad7f370b6f184fb58001f1b12c1aa214117f3b253162d2a29a5096d6620324c63c5e32a3cf7384664a09a978dbbebe0b6e34d1aaa1b959e620b0e37750322453dcd172537bd90717c9c9508ad1f3b9281091562c62a2a3004b89d35ee7cb6ea1927b32ffac4bdeaa1b596c5a136e0dd4498fbd3c3a6f17c4ee2668ab03229a4a013 |
SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
IsCertificateAuthority | False |
SerialNumber | 330000001f9800c911029569be00000000001f |
Version | 3 |
Certificate 330000000d690d5d7893d076df00000000000d
Field | Value |
---|
ToBeSigned (TBS) MD5 | 83f69422963f11c3c340b81712eef319 |
ToBeSigned (TBS) SHA1 | 0c5e5f24590b53bc291e28583acb78e5adc95601 |
ToBeSigned (TBS) SHA256 | d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae |
Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014 |
ValidFrom | 2014-10-15 20:31:27 |
ValidTo | 2029-10-15 20:41:27 |
Signature | 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f |
SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
IsCertificateAuthority | True |
SerialNumber | 330000000d690d5d7893d076df00000000000d |
Version | 3 |
Imports
Expand
Imported Functions
Expand
- RtlInitUnicodeString
- IoDeleteDevice
- ZwUnmapViewOfSection
- ZwClose
- IofCompleteRequest
- ObReferenceObjectByHandle
- ZwMapViewOfSection
- ObfDereferenceObject
- IoCreateDevice
- RtlAssert
- ZwOpenSection
- DbgPrint
- KeBugCheckEx
- IoCreateSymbolicLink
- IoDeleteSymbolicLink
- HalTranslateBusAddress
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "6139bb9c000000000033",
"Signature": "375933ca5e487d489a5be42fdbdb59a8c61f77c0a58747e86508c6672688d95c58e2c631ac0c32b96f7cc58748db2c0a23484d0dcf1116ef60577ed5326e22de373cc7dc16f3c9ce2939fb37daf5e4e741d8a2f82db3498a601f64ef9c1364b3469a82cc650f18550776c9e9337790a644daefa64d551038316f3a58ed31486190c04615b4c0a64e5493c00db524e55017c6d62392226992e0abab297508255399959f50b65b6753aaa2ba905a6ea3e35b5c830e54426dbdb917a8205284b51a4fb24d68d2c28ff8f9ae837c24a6e6c17f9a932f2e550df87bc1be336fab0cd934585c9c40ce284a015529655d5bfd525a54591171470b3eff2c9ae931d9046a33871d2f880fc99aab14a8c20b4f8589ac25490dff54395513d6b84d6bf44aad1833bc8e0052b476c2eccd8beb60d57880844a0eb93d4d560d1b17176f60fcdbd867cd3d4082b55c567f8d274cc76d5da410b57c410c39912f41d2c6310686eb405087d8131e852f10448b7a0361693b29fedfcdd3e07d19ba3b84e34e9ad78c7cd73d9dd7fd50108f06683bd8be3bbbaa284552eadde83a334caf38c715e3e97cee83eb2a1cbdd8fdf5394e7c5f25b39349ca88e56152f0dd14f8394ead47182aefcc6b29493fd7a48e7abd6f6bee675db7b167a60055014532b842fe96fc06b9cecfcff9fb6eab728718451afce3846a414f36714c77eea3191ab87d098c01",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority",
"TBS": {
"MD5": "5b3304180221a8328ce477b1fd93898f",
"SHA1": "9b7f1e1653a52d801387f1e51d17fabb8d435d0c",
"SHA256": "67070bcf2ee304cedd252a1dd8a7222c1be50fd2d5eabef9446cb633e133d264",
"SHA384": "be36b1ba9a006afb9eb53263634cb8ca38dd6ca7f95ec56f943324f3a26f9c34c2dff1a3a5c72c88513e23e1f20c8824"
},
"ValidFrom": "2011-04-15 20:13:19",
"ValidTo": "2021-04-15 20:23:19",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "26",
"Signature": "b8eba5382cab9038cfbe906919952f964e48103545b043712eb90e670f618458ed651ae0d8515c96c4df69cafb62bf35ea4a6923f2f67f60db652925e8ba5ef9485920745c9998fa7ed74eaf43963b88880e81f1d0a6a9af1df5e73e045be8927b624a531d3b7aaf94a20502da0fada1a732166a1d5d88f1ddc5da7e91b00a53124ddbefcdea9f48dfbfb27c0192f9816379a06f0e97d99044a550b8874b5cd89ca27aad4b91f31174e6a82342d4265ca83d85a035ec5308ddb62d1c21c8484ac4c83ab06e2f43e6df64097586fe0e68d26354a066e49eefdb5c74a0a8dc40e97b67d63b3ed286d31621d1e13252a3e6c2e1637e74431abeec29ae56e11811fa650b37340eb44799f86fb4994ed235b04764b5fee9afb69a23c282c838b6d4a42e3421ce03ef4c3841502f0dad40c82827e9eb7c2bd1704e2c8818c87c3f24505dcb5354679fd7a109980b0b8b2169ba72a6127bb05a0e697cc706ba2c7a950f079463235657a5382a63c4206a9e84438fdad8d03fd07d9592132916c0d868cae5fe7598b6f410e17c309eb990292035e31c56b30afd86717cfbbc0b2e8c94e35469c4784d1e0af80f33b9e256d789841c9cdf6fc50b8f998351066b441d6f30bcbef93a190bccfae6bc223f3d5475b80a647f7f65bba29049c3f227f7bbb97eb7688782cd43ec6cacab29c7d040e2bb3a0218315077ae33b1a9a8c62d4570ff",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Class 3 Primary Intermediate Object CA",
"TBS": {
"MD5": "40b719dc6e7a16f1672333943daca04b",
"SHA1": "fbb05f9486d50f8f35013e531f1504e9f62cb3df",
"SHA256": "4997f6bbc707da19c7897e17a916d35dfbd8112bb671ac5d2d9397c690b7ba5c",
"SHA384": "f73bf1c578a221661f96516389fd512e150551bab68487c981a2dfbb172419e2d2e5b00f52b50a251b9ff5dcb0be83df"
},
"ValidFrom": "2007-10-24 22:03:55",
"ValidTo": "2017-10-24 22:03:55",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0f69",
"Signature": "b4fea6e9fcf641e617b115ceca7bf10bbdcce8ed5a6644fe006af7a42a7e67ce269bef720dc937e258a7df51c342f9b00a5202ee5d651f76a3d1a7729cacb3db6a811d17df6042f447a26544de87b59d9d241a7446af330bd89fae3f9a07f8ea86ae276fb5f0c325ac0b7ba62c7e58a551e319daf55bfb4a1cde484b9519fb07f7f4801afe43ed99b6275cc66d36c23d0b1aebf05bebd79a1f16f7084c5bc1b2d935e6868ed0e1ca7100a6ef14af0194439e0e33de20ab71e5fe453c632c6686dbc5ecb969619e8519fd5f79da2ddf35936daa73c0c6216661e290de4d6473b3a1a964917567692568e8365de7ed1e4801749a004b915e58755de83a0e23f2e3",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=Hdgwyqp6jNS97z8P, C=US, ST=Indiana, L=Fishers, O=Exacq Technologies, Inc., CN=Exacq Technologies, Inc., emailAddress=info@exacq.com",
"TBS": {
"MD5": "f5497dbe7af27561736a3ba6935044e8",
"SHA1": "50728ba20d7ee0726bb8aa4a9d9659f7c938830f",
"SHA256": "e468a80174391ca98a6720033afaec1f31468ac2aeee5938ff0350977ec443fe",
"SHA384": "5b5ae06ffc6250a52e3085bc0c8da4f74d722ff772535cb5f14588218b3dcad60f5b09c79afb2e189b4f60a11e286f63"
},
"ValidFrom": "2014-07-24 18:00:20",
"ValidTo": "2017-07-24 09:00:56",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Class 3 Primary Intermediate Object CA",
"SerialNumber": "0f69",
"Version": 1
}
],
"SignerInfo": ""
}
source
last_updated: 2024-09-26