9e87b6b0-00ed-4259-bcd7-05e2c924d58c
BSMEMx64.sys 
Description
BSMEMx64.sys is a vulnerable driver and more information will be added as found.
This download link contains the vulnerable driver!
Commands
sc.exe create BSMEMx64.sys binPath=C:\windows\temp\BSMEMx64.sys type=kernel && sc.exe start BSMEMx64.sys
| Use Case | Privileges | Operating System |
|---|---|---|
| Elevate privileges | kernel | Windows 10 |
Detections
YARA 🏹
Expand
with header and size limitation
without header and size limitation
for renamed driver files
Resources
Known Vulnerable Samples
| Property | Value |
|---|---|
| Filename | BSMEMx64.sys |
| Creation Timestamp | 2012-07-26 03:34:27 |
| MD5 | 49fe3d1f3d5c2e50a0df0f6e8436d778 |
| SHA1 | 9d07df024ec457168bf0be7e0009619f6ac4f13c |
| SHA256 | f929bead59e9424ab90427b379dcdd63fbfe0c4fb5e1792e3a1685541cd5ec65 |
| Authentihash MD5 | 464c033940c536ca2b627ba616f33fd0 |
| Authentihash SHA1 | 59e1a1abd37be9c1e33dd7d47526394d6ecb9c49 |
| Authentihash SHA256 | 20c87381f8f0bf953cb109a5d50a2184c0104cc8ab30e2f94dfba89a5d19b9d8 |
| RichPEHeaderHash MD5 | 4ed2618a21b160612d932949de7cc9c1 |
| RichPEHeaderHash SHA1 | c8532f6c93c3309ef18d1af84e23974e37c416c9 |
| RichPEHeaderHash SHA256 | b6afffab9ad144e0b85cfb4291c424fe49ccb7755d35ecc957a676995d30d30a |
| Company | BIOSTAR Group |
| Description | I/O Interface driver file |
| Product | BIOSTAR I/O driver fle |
| OriginalFilename | BS_I2cIo.sys |
Certificates
Expand
Certificate 79a2a585f9d1154213d9b83ef6b68ded
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | e6d820afb23af20a65cf0b03247ea05e |
| ToBeSigned (TBS) SHA1 | 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7 |
| ToBeSigned (TBS) SHA256 | 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27 |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G3 |
| ValidFrom | 2012-05-01 00:00:00 |
| ValidTo | 2012-12-31 23:59:59 |
| Signature | 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 79a2a585f9d1154213d9b83ef6b68ded |
| Version | 3 |
Certificate 47bf1995df8d524643f7db6d480d31a4
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 518d2ea8a21e879c942d504824ac211c |
| ToBeSigned (TBS) SHA1 | 21ce87d827077e61abddf2beba69fde5432ea031 |
| ToBeSigned (TBS) SHA256 | 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7 |
| Subject | C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA |
| ValidFrom | 2003-12-04 00:00:00 |
| ValidTo | 2013-12-03 23:59:59 |
| Signature | 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 47bf1995df8d524643f7db6d480d31a4 |
| Version | 3 |
Certificate 655226e1b22e18e1590f2985ac22e75c
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 650704c342850095f3288eaf791147d4 |
| ToBeSigned (TBS) SHA1 | 4cdc38c800761463749c3cbd94a12f32e49877bf |
| ToBeSigned (TBS) SHA256 | 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214 |
| Subject | C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2 CA |
| ValidFrom | 2009-05-21 00:00:00 |
| ValidTo | 2019-05-20 23:59:59 |
| Signature | 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 655226e1b22e18e1590f2985ac22e75c |
| Version | 3 |
Certificate 610c120600000000001b
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 53c41bc1164e09e0cd1617a5bf913efd |
| ToBeSigned (TBS) SHA1 | 93c03aac8951d494ecd5696b1c08658541b18727 |
| ToBeSigned (TBS) SHA256 | 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b |
| Subject | C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority |
| ValidFrom | 2006-05-23 17:01:29 |
| ValidTo | 2016-05-23 17:11:29 |
| Signature | 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 610c120600000000001b |
| Version | 3 |
Certificate 124dc5a63cc2bd8265445e912ed07d1f
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | beccd5c41126e0c537cf489954b53feb |
| ToBeSigned (TBS) SHA1 | 109fbb823652c1148c4949cdc860abd5b4ad24e5 |
| ToBeSigned (TBS) SHA256 | aac7608d0bcb286dc9869eb39125b27a960d9533db860cc9e3148149ca149c4a |
| Subject | C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT'L CORP, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=BMA;BMG, CN=BIOSTAR MICROTECH INT'L CORP |
| ValidFrom | 2010-09-19 00:00:00 |
| ValidTo | 2013-10-19 23:59:59 |
| Signature | 06b346c5f71bba225d131ad7b037d6c016703a8f3d89746a2d49e5641a0ccd4034c78e4a5a756380d88cf8321b3c886cb5e2656c16c03cff1588b126a7d206fd98fd7e2d61cc80998dfb58d4652112aa258506f779543fcc0b72c06f2174f11bb01017a5c49ae4b31fd913cee75241022e7c5bd14ffff2dbe5f9c211b1a8b3bd9cc3cb5648712c5b57397f136c105148021299be4d99ba1c29d611adb10695d4565a697efe03e6c95d869883c63dffb2fac5f3db7612608f6ee7a59646031231292c7904d69bd997c266ad2f1bca7e35453a08e53d8d9e302b9bbeeca812c64f03bc641cdeb7c5ba70999724f7d92918f1f8a8657f95290cc16ee0e281a785e7 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 124dc5a63cc2bd8265445e912ed07d1f |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- HAL.dll
Imported Functions
Expand
- KeInitializeEvent
- ExAllocatePoolWithTag
- ExFreePoolWithTag
- ObfDereferenceObject
- KeWaitForSingleObject
- ExInterlockedInsertTailList
- RtlTimeToTimeFields
- PsTerminateSystemThread
- ZwWriteFile
- ExInterlockedRemoveHeadList
- KeSetPriorityThread
- ZwCreateFile
- RtlInitUnicodeString
- PsCreateSystemThread
- IoCreateSymbolicLink
- IoCreateDevice
- IoDeleteSymbolicLink
- IoStartNextPacket
- IoReleaseCancelSpinLock
- IoAcquireCancelSpinLock
- MmUnmapIoSpace
- MmMapIoSpace
- KeRemoveEntryDeviceQueue
- IoStartPacket
- IofCompleteRequest
- ObReferenceObjectByHandle
- ZwClose
- IoDeleteDevice
- KeSetEvent
- HalSetBusDataByOffset
- HalTranslateBusAddress
- HalGetBusDataByOffset
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- PAGE
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "79a2a585f9d1154213d9b83ef6b68ded",
"Signature": "1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G3",
"TBS": {
"MD5": "e6d820afb23af20a65cf0b03247ea05e",
"SHA1": "7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7",
"SHA256": "7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27",
"SHA384": "7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa"
},
"ValidFrom": "2012-05-01 00:00:00",
"ValidTo": "2012-12-31 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "47bf1995df8d524643f7db6d480d31a4",
"Signature": "4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA",
"TBS": {
"MD5": "518d2ea8a21e879c942d504824ac211c",
"SHA1": "21ce87d827077e61abddf2beba69fde5432ea031",
"SHA256": "1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7",
"SHA384": "53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f"
},
"ValidFrom": "2003-12-04 00:00:00",
"ValidTo": "2013-12-03 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "655226e1b22e18e1590f2985ac22e75c",
"Signature": "8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2 CA",
"TBS": {
"MD5": "650704c342850095f3288eaf791147d4",
"SHA1": "4cdc38c800761463749c3cbd94a12f32e49877bf",
"SHA256": "07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214",
"SHA384": "2a271d052213438467d09d60eaa4010c8642fff3eb0070e0cf9969428713c8fdc066b90996d594dd3136f5bd0af5a22a"
},
"ValidFrom": "2009-05-21 00:00:00",
"ValidTo": "2019-05-20 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610c120600000000001b",
"Signature": "01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority",
"TBS": {
"MD5": "53c41bc1164e09e0cd1617a5bf913efd",
"SHA1": "93c03aac8951d494ecd5696b1c08658541b18727",
"SHA256": "40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b",
"SHA384": "f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8"
},
"ValidFrom": "2006-05-23 17:01:29",
"ValidTo": "2016-05-23 17:11:29",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "124dc5a63cc2bd8265445e912ed07d1f",
"Signature": "06b346c5f71bba225d131ad7b037d6c016703a8f3d89746a2d49e5641a0ccd4034c78e4a5a756380d88cf8321b3c886cb5e2656c16c03cff1588b126a7d206fd98fd7e2d61cc80998dfb58d4652112aa258506f779543fcc0b72c06f2174f11bb01017a5c49ae4b31fd913cee75241022e7c5bd14ffff2dbe5f9c211b1a8b3bd9cc3cb5648712c5b57397f136c105148021299be4d99ba1c29d611adb10695d4565a697efe03e6c95d869883c63dffb2fac5f3db7612608f6ee7a59646031231292c7904d69bd997c266ad2f1bca7e35453a08e53d8d9e302b9bbeeca812c64f03bc641cdeb7c5ba70999724f7d92918f1f8a8657f95290cc16ee0e281a785e7",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=TW, ST=TAIPEI HSIEN, L=HSIN TIEN, O=BIOSTAR MICROTECH INT\u0027L CORP, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=BMA;BMG, CN=BIOSTAR MICROTECH INT\u0027L CORP",
"TBS": {
"MD5": "beccd5c41126e0c537cf489954b53feb",
"SHA1": "109fbb823652c1148c4949cdc860abd5b4ad24e5",
"SHA256": "aac7608d0bcb286dc9869eb39125b27a960d9533db860cc9e3148149ca149c4a",
"SHA384": "16a03de40518fd3ffcee724d218effca4edfd9abf66d374d45ef3310ccf7e5be707f27588306b4c1bf28172a7d281869"
},
"ValidFrom": "2010-09-19 00:00:00",
"ValidTo": "2013-10-19 23:59:59",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2 CA",
"SerialNumber": "124dc5a63cc2bd8265445e912ed07d1f",
"Version": 1
}
],
"SignerInfo": ""
}
last_updated: 2024-09-26