Description
libnicm.sys is a vulnerable driver and more information will be added as found.
- UUID: a0fbd397-64d5-4af2-844b-b096e08a1866
- Created: 2023-05-06
- Author: Nasreddine Bencherchali
- Acknowledgement: |
DownloadBlock
This download link contains the vulnerable driver!
Commands
sc.exe create libnicm.sys binPath=C:\windows\temp\libnicm.sys type=kernel && sc.exe start libnicm.sys
| Use Case | Privileges | Operating System |
|---|
| Elevate privileges | kernel | Windows 10 |
Detections
Sigma 🛡️
Expand
Names
detects loading using name only
Hashes
detects loading using hashes only
Resources
Internal ResearchKnown Vulnerable Samples
Download
Certificates
Expand
Certificate 33000002528b33aaf895f339db000000000252
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 92b6022918bc02eb361b8a02fb1da57d |
| ToBeSigned (TBS) SHA1 | 8ceb945fac0f6d623d464e21740ae6eb60351652 |
| ToBeSigned (TBS) SHA256 | c1446860a1cd9db490d3ea85e9df05df44af8d44e2bb803a2a2018f3b6c41bcb |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation |
| ValidFrom | 2021-09-02 18:32:59 |
| ValidTo | 2022-09-01 18:32:59 |
| Signature | 164937b92c644c4061d4db4097b062bc812c0167605f5a99f847593186d029ab18e888522d744cc45d41dce29d47d2bf91c72992f35c1a5f03ed8c984b89a109430147e54bae0ddff0f523dfc03d5796a2636fc9a24ed66453809a33d134d1a7c9e83b974953893845a84fb668eb3afa179e82a01d7a51a03492911cb591ba118ab8b230e65920c7d2b2f90bd9ae7fc3762f2e4c88162a9f8c186f3163a3c1bef8e0b7d8d04a19673eb677518f01bf0cbaaf29e15c1695d15d134cbd20131ede87f2b5a3c3226abbbab3fec5caa38b7944b8bd31e1f538012f90edc4262ead76d2055b4bd458f8e3e39dffa7260bd9a6bebb62c86ef4f58dd177761d263d9fdc626aed8eca756ab441885ab4a8417a0e1fc63860d32badda0e9a3359b18cd3eb138f33e87582346bbd80c2b966e765751c386b8e59d3a02892da1fd02a8ec9312bbead188e81385e96b4fbced3fcf5545cda9fed8faa494efef4bb4b42e318478c377123e3b8dbacbcb7fd8019dc87946a33b91a0ed6160e02f2078d847ecc5e32ac0a5b003e4d58b41eb591a9f4b1da895b139ea125c1243233922b3dec46eba91425f752ba3261fe762feda2553add6bc5d67ac3c6eb63279f74fc02e2dfcde245b806df392111c7b20564ef7650fa17135b848cbe6c925d724d907732e6e0380e05f0aa11361be21401124fe9c6f1cf2e22c6d979bd3c49e61032a8d51269 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000002528b33aaf895f339db000000000252 |
| Version | 3 |
Certificate 610e90d2000000000003
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | b4ec95434f1d45b8055077cf90540a5f |
| ToBeSigned (TBS) SHA1 | 71f74db41d045d6eaf81a849bbb3e21544edcff4 |
| ToBeSigned (TBS) SHA256 | f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011 |
| ValidFrom | 2011-07-08 20:59:09 |
| ValidTo | 2026-07-08 21:09:09 |
| Signature | 67f286a598e054791a2ed3d87467229b0b9611e163929942967dd2790c90c1655f2e2c3ef8c372d16d83febe3fe80aca3bbf47a9a3f369db63bf2235a5975d6584907d8b465055d80c927cd21a4b1cf33c428b52d0b0fd6be33e072e299be63d1ba5d4b51d779439e2e964c9443d787a23f3137da69074838df4cb2602462ac28a10bba4a9050c9bed68fa682e95a02a3f2a6b5849631f09696e5a9896e483f4c08ff3462bdefc3bd0bd35ef6e25aee5af27edd0ddf30eaf992897984d0e3d0bf20889d61fc33218e2f0c52dce5b9eb449390ac60ac2c6adaee5b2d9db1588514558383271271a7fb1f427f8de2c3a206998b25989686e6fa7b774c3400506a6012a283e823f134d660bc0b34df5e18f7f1c6f157d45a776e5402a65a3c35d526286c31d63369786dfdaf3f8f216a19a27e1cda597d0ee5d6341e35b079c873e067706d106b1751f14be6161b5f0dcc61b04bedf41c70e28eede652fec97f6a15c96d800d6a146bd59f397a5094b481099801fd00029c5b19ba53f45771e35c6d2a2a29f7a7a22fa48951fabfb472380f59ef8bf6bb74b97e2eb75781aecea379979184bffd6b3236875e6affafc8beb0b80ea693baffc30ed044c8edfdf756d63913dd19d564e4fbf805722a1781132217aef410ab13ffba8cca45dc1a1889b5771564e4845c042c99b765b0a80486bfd799fc1bd6d6d6ac95273130d7a50cd |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 610e90d2000000000003 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ExAcquireResourceExclusiveLite
- ExAllocatePoolWithTag
- ExFreePoolWithTag
- strstr
- RtlInitAnsiString
- ExAcquireResourceSharedLite
- ExReleaseResourceLite
- RtlEqualString
- MmUnmapLockedPages
- ProbeForRead
- IoDeleteSymbolicLink
- IoRegisterShutdownNotification
- KeInitializeMutex
- KeLeaveCriticalRegion
- IoDeleteDevice
- ProbeForWrite
- IoFreeMdl
- KeEnterCriticalRegion
- KeReleaseMutex
- ZwCreateFile
- MmMapLockedPagesSpecifyCache
- IoUnregisterShutdownNotification
- ZwClose
- IofCompleteRequest
- IoSetTopLevelIrp
- KeWaitForSingleObject
- MmProbeAndLockPages
- MmUnlockPages
- ExDeleteResourceLite
- IoGetTopLevelIrp
- IoCreateSymbolicLink
- IoCreateDevice
- ExInitializeResourceLite
- NtSetSecurityObject
- DbgPrintEx
- IoAllocateMdl
- RtlCreateSecurityDescriptor
- IoGetCurrentProcess
- ZwCreateKey
- RtlAnsiStringToUnicodeString
- ZwReadFile
- RtlInitUnicodeString
- RtlAppendUnicodeToString
- RtlUnicodeStringToAnsiString
- ZwSetValueKey
- ZwQuerySystemInformation
- RtlInitString
- KeDelayExecutionThread
- RtlFreeUnicodeString
- ZwWaitForSingleObject
- ZwQueryValueKey
- ZwQueryDirectoryFile
- RtlAppendUnicodeStringToString
- RtlCopyString
- MmIsAddressValid
- ZwOpenFile
- ZwQueryInformationFile
- ZwLoadDriver
- ZwOpenKey
- KeBugCheckEx
- __C_specific_handler
Exported Functions
Expand
- NicmCreateInstance
- NicmDeregisterClassFactory
- NicmGetVersion
- NicmRegisterClassFactory
- XTComCreateInstance
- XTComDeregisterClassFactory
- XTComFreeUnusedLibrariesEx
- XTComGetClassObject
- XTComGetVersion
- XTComInitialize
- XTComRegisterClassFactory
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- .edata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000002528b33aaf895f339db000000000252",
"Signature": "164937b92c644c4061d4db4097b062bc812c0167605f5a99f847593186d029ab18e888522d744cc45d41dce29d47d2bf91c72992f35c1a5f03ed8c984b89a109430147e54bae0ddff0f523dfc03d5796a2636fc9a24ed66453809a33d134d1a7c9e83b974953893845a84fb668eb3afa179e82a01d7a51a03492911cb591ba118ab8b230e65920c7d2b2f90bd9ae7fc3762f2e4c88162a9f8c186f3163a3c1bef8e0b7d8d04a19673eb677518f01bf0cbaaf29e15c1695d15d134cbd20131ede87f2b5a3c3226abbbab3fec5caa38b7944b8bd31e1f538012f90edc4262ead76d2055b4bd458f8e3e39dffa7260bd9a6bebb62c86ef4f58dd177761d263d9fdc626aed8eca756ab441885ab4a8417a0e1fc63860d32badda0e9a3359b18cd3eb138f33e87582346bbd80c2b966e765751c386b8e59d3a02892da1fd02a8ec9312bbead188e81385e96b4fbced3fcf5545cda9fed8faa494efef4bb4b42e318478c377123e3b8dbacbcb7fd8019dc87946a33b91a0ed6160e02f2078d847ecc5e32ac0a5b003e4d58b41eb591a9f4b1da895b139ea125c1243233922b3dec46eba91425f752ba3261fe762feda2553add6bc5d67ac3c6eb63279f74fc02e2dfcde245b806df392111c7b20564ef7650fa17135b848cbe6c925d724d907732e6e0380e05f0aa11361be21401124fe9c6f1cf2e22c6d979bd3c49e61032a8d51269",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation",
"TBS": {
"MD5": "92b6022918bc02eb361b8a02fb1da57d",
"SHA1": "8ceb945fac0f6d623d464e21740ae6eb60351652",
"SHA256": "c1446860a1cd9db490d3ea85e9df05df44af8d44e2bb803a2a2018f3b6c41bcb",
"SHA384": "322ed1a62a9f2ed7c7f601e99a8db15371e3ba1039a73c81801165ea987679023bc36f8c357f74354dce65532b71be3c"
},
"ValidFrom": "2021-09-02 18:32:59",
"ValidTo": "2022-09-01 18:32:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610e90d2000000000003",
"Signature": "67f286a598e054791a2ed3d87467229b0b9611e163929942967dd2790c90c1655f2e2c3ef8c372d16d83febe3fe80aca3bbf47a9a3f369db63bf2235a5975d6584907d8b465055d80c927cd21a4b1cf33c428b52d0b0fd6be33e072e299be63d1ba5d4b51d779439e2e964c9443d787a23f3137da69074838df4cb2602462ac28a10bba4a9050c9bed68fa682e95a02a3f2a6b5849631f09696e5a9896e483f4c08ff3462bdefc3bd0bd35ef6e25aee5af27edd0ddf30eaf992897984d0e3d0bf20889d61fc33218e2f0c52dce5b9eb449390ac60ac2c6adaee5b2d9db1588514558383271271a7fb1f427f8de2c3a206998b25989686e6fa7b774c3400506a6012a283e823f134d660bc0b34df5e18f7f1c6f157d45a776e5402a65a3c35d526286c31d63369786dfdaf3f8f216a19a27e1cda597d0ee5d6341e35b079c873e067706d106b1751f14be6161b5f0dcc61b04bedf41c70e28eede652fec97f6a15c96d800d6a146bd59f397a5094b481099801fd00029c5b19ba53f45771e35c6d2a2a29f7a7a22fa48951fabfb472380f59ef8bf6bb74b97e2eb75781aecea379979184bffd6b3236875e6affafc8beb0b80ea693baffc30ed044c8edfdf756d63913dd19d564e4fbf805722a1781132217aef410ab13ffba8cca45dc1a1889b5771564e4845c042c99b765b0a80486bfd799fc1bd6d6d6ac95273130d7a50cd",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011",
"TBS": {
"MD5": "b4ec95434f1d45b8055077cf90540a5f",
"SHA1": "71f74db41d045d6eaf81a849bbb3e21544edcff4",
"SHA256": "f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e",
"SHA384": "25cbac323e740588a1ea3ca39ea907647440884ad75fc4bd99be6c82202aba42e95049fa7b66884977e60b819b21a2a5"
},
"ValidFrom": "2011-07-08 20:59:09",
"ValidTo": "2026-07-08 21:09:09",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011",
"SerialNumber": "33000002528b33aaf895f339db000000000252",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 3825d7faf861af9ef490e726b5d65ad5
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | d6c7684e9aaa508cf268335f83afe040 |
| ToBeSigned (TBS) SHA1 | 18066d20ad92409c567cdfde745279ff71c75226 |
| ToBeSigned (TBS) SHA256 | a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff |
| Subject | C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2 |
| ValidFrom | 2007-06-15 00:00:00 |
| ValidTo | 2012-06-14 23:59:59 |
| Signature | 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 3825d7faf861af9ef490e726b5d65ad5 |
| Version | 3 |
Certificate 47bf1995df8d524643f7db6d480d31a4
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 518d2ea8a21e879c942d504824ac211c |
| ToBeSigned (TBS) SHA1 | 21ce87d827077e61abddf2beba69fde5432ea031 |
| ToBeSigned (TBS) SHA256 | 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7 |
| Subject | C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA |
| ValidFrom | 2003-12-04 00:00:00 |
| ValidTo | 2013-12-03 23:59:59 |
| Signature | 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 47bf1995df8d524643f7db6d480d31a4 |
| Version | 3 |
Certificate 4191a15a3978dfcf496566381d4c75c2
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 41011f8d0e7c7a6408334ca387914c61 |
| ToBeSigned (TBS) SHA1 | c7fc1727f5b75a6421a1f95c73bbdb23580c48e5 |
| ToBeSigned (TBS) SHA256 | 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0 |
| Subject | C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA |
| ValidFrom | 2004-07-16 00:00:00 |
| ValidTo | 2014-07-15 23:59:59 |
| Signature | ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 4191a15a3978dfcf496566381d4c75c2 |
| Version | 3 |
Certificate 4808d93b14b8600dbfa18dab5d15310f
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | adddb65a3a360b3c1a55cb33e426f32a |
| ToBeSigned (TBS) SHA1 | 93d9b282265288a94ee4f1a01c5fb3a08badb7ac |
| ToBeSigned (TBS) SHA256 | d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b |
| Subject | C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell, Inc. |
| ValidFrom | 2007-04-04 00:00:00 |
| ValidTo | 2010-04-27 23:59:59 |
| Signature | 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 4808d93b14b8600dbfa18dab5d15310f |
| Version | 3 |
Certificate 610c120600000000001b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 53c41bc1164e09e0cd1617a5bf913efd |
| ToBeSigned (TBS) SHA1 | 93c03aac8951d494ecd5696b1c08658541b18727 |
| ToBeSigned (TBS) SHA256 | 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b |
| Subject | C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority |
| ValidFrom | 2006-05-23 17:01:29 |
| ValidTo | 2016-05-23 17:11:29 |
| Signature | 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 610c120600000000001b |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ExFreePoolWithTag
- RtlInitAnsiString
- ExAcquireResourceSharedLite
- ExReleaseResourceLite
- RtlEqualString
- ExAcquireResourceExclusiveLite
- ExAllocatePoolWithTag
- strstr
- IoFreeMdl
- RtlCreateSecurityDescriptor
- KeEnterCriticalRegion
- KeReleaseMutex
- ZwCreateFile
- MmMapLockedPagesSpecifyCache
- IoUnregisterShutdownNotification
- ZwClose
- IofCompleteRequest
- IoSetTopLevelIrp
- MmUnmapLockedPages
- KeWaitForSingleObject
- ProbeForRead
- MmProbeAndLockPages
- IoDeleteSymbolicLink
- IoRegisterShutdownNotification
- MmUnlockPages
- KeInitializeMutex
- ExDeleteResourceLite
- KeLeaveCriticalRegion
- IoGetTopLevelIrp
- IoCreateSymbolicLink
- IoDeleteDevice
- IoCreateDevice
- ProbeForWrite
- ExInitializeResourceLite
- NtSetSecurityObject
- DbgPrintEx
- IoAllocateMdl
- IoGetCurrentProcess
- ZwLoadDriver
- ZwReadFile
- RtlInitUnicodeString
- ZwOpenKey
- RtlAppendUnicodeToString
- RtlUnicodeStringToAnsiString
- ZwSetValueKey
- ZwQuerySystemInformation
- RtlInitString
- KeDelayExecutionThread
- RtlFreeUnicodeString
- ZwWaitForSingleObject
- ZwQueryValueKey
- ZwQueryDirectoryFile
- RtlAppendUnicodeStringToString
- RtlCopyString
- MmIsAddressValid
- ZwCreateKey
- ZwOpenFile
- RtlAnsiStringToUnicodeString
- ZwQueryInformationFile
- KeBugCheckEx
- __C_specific_handler
Exported Functions
Expand
- NicmCreateInstance
- NicmDeregisterClassFactory
- NicmGetVersion
- NicmRegisterClassFactory
- XTComCreateInstance
- XTComDeregisterClassFactory
- XTComFreeUnusedLibrariesEx
- XTComGetClassObject
- XTComGetVersion
- XTComInitialize
- XTComRegisterClassFactory
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- .edata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000002528b33aaf895f339db000000000252",
"Signature": "164937b92c644c4061d4db4097b062bc812c0167605f5a99f847593186d029ab18e888522d744cc45d41dce29d47d2bf91c72992f35c1a5f03ed8c984b89a109430147e54bae0ddff0f523dfc03d5796a2636fc9a24ed66453809a33d134d1a7c9e83b974953893845a84fb668eb3afa179e82a01d7a51a03492911cb591ba118ab8b230e65920c7d2b2f90bd9ae7fc3762f2e4c88162a9f8c186f3163a3c1bef8e0b7d8d04a19673eb677518f01bf0cbaaf29e15c1695d15d134cbd20131ede87f2b5a3c3226abbbab3fec5caa38b7944b8bd31e1f538012f90edc4262ead76d2055b4bd458f8e3e39dffa7260bd9a6bebb62c86ef4f58dd177761d263d9fdc626aed8eca756ab441885ab4a8417a0e1fc63860d32badda0e9a3359b18cd3eb138f33e87582346bbd80c2b966e765751c386b8e59d3a02892da1fd02a8ec9312bbead188e81385e96b4fbced3fcf5545cda9fed8faa494efef4bb4b42e318478c377123e3b8dbacbcb7fd8019dc87946a33b91a0ed6160e02f2078d847ecc5e32ac0a5b003e4d58b41eb591a9f4b1da895b139ea125c1243233922b3dec46eba91425f752ba3261fe762feda2553add6bc5d67ac3c6eb63279f74fc02e2dfcde245b806df392111c7b20564ef7650fa17135b848cbe6c925d724d907732e6e0380e05f0aa11361be21401124fe9c6f1cf2e22c6d979bd3c49e61032a8d51269",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation",
"TBS": {
"MD5": "92b6022918bc02eb361b8a02fb1da57d",
"SHA1": "8ceb945fac0f6d623d464e21740ae6eb60351652",
"SHA256": "c1446860a1cd9db490d3ea85e9df05df44af8d44e2bb803a2a2018f3b6c41bcb",
"SHA384": "322ed1a62a9f2ed7c7f601e99a8db15371e3ba1039a73c81801165ea987679023bc36f8c357f74354dce65532b71be3c"
},
"ValidFrom": "2021-09-02 18:32:59",
"ValidTo": "2022-09-01 18:32:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610e90d2000000000003",
"Signature": "67f286a598e054791a2ed3d87467229b0b9611e163929942967dd2790c90c1655f2e2c3ef8c372d16d83febe3fe80aca3bbf47a9a3f369db63bf2235a5975d6584907d8b465055d80c927cd21a4b1cf33c428b52d0b0fd6be33e072e299be63d1ba5d4b51d779439e2e964c9443d787a23f3137da69074838df4cb2602462ac28a10bba4a9050c9bed68fa682e95a02a3f2a6b5849631f09696e5a9896e483f4c08ff3462bdefc3bd0bd35ef6e25aee5af27edd0ddf30eaf992897984d0e3d0bf20889d61fc33218e2f0c52dce5b9eb449390ac60ac2c6adaee5b2d9db1588514558383271271a7fb1f427f8de2c3a206998b25989686e6fa7b774c3400506a6012a283e823f134d660bc0b34df5e18f7f1c6f157d45a776e5402a65a3c35d526286c31d63369786dfdaf3f8f216a19a27e1cda597d0ee5d6341e35b079c873e067706d106b1751f14be6161b5f0dcc61b04bedf41c70e28eede652fec97f6a15c96d800d6a146bd59f397a5094b481099801fd00029c5b19ba53f45771e35c6d2a2a29f7a7a22fa48951fabfb472380f59ef8bf6bb74b97e2eb75781aecea379979184bffd6b3236875e6affafc8beb0b80ea693baffc30ed044c8edfdf756d63913dd19d564e4fbf805722a1781132217aef410ab13ffba8cca45dc1a1889b5771564e4845c042c99b765b0a80486bfd799fc1bd6d6d6ac95273130d7a50cd",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011",
"TBS": {
"MD5": "b4ec95434f1d45b8055077cf90540a5f",
"SHA1": "71f74db41d045d6eaf81a849bbb3e21544edcff4",
"SHA256": "f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e",
"SHA384": "25cbac323e740588a1ea3ca39ea907647440884ad75fc4bd99be6c82202aba42e95049fa7b66884977e60b819b21a2a5"
},
"ValidFrom": "2011-07-08 20:59:09",
"ValidTo": "2026-07-08 21:09:09",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011",
"SerialNumber": "33000002528b33aaf895f339db000000000252",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 3825d7faf861af9ef490e726b5d65ad5
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | d6c7684e9aaa508cf268335f83afe040 |
| ToBeSigned (TBS) SHA1 | 18066d20ad92409c567cdfde745279ff71c75226 |
| ToBeSigned (TBS) SHA256 | a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff |
| Subject | C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2 |
| ValidFrom | 2007-06-15 00:00:00 |
| ValidTo | 2012-06-14 23:59:59 |
| Signature | 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 3825d7faf861af9ef490e726b5d65ad5 |
| Version | 3 |
Certificate 47bf1995df8d524643f7db6d480d31a4
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 518d2ea8a21e879c942d504824ac211c |
| ToBeSigned (TBS) SHA1 | 21ce87d827077e61abddf2beba69fde5432ea031 |
| ToBeSigned (TBS) SHA256 | 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7 |
| Subject | C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA |
| ValidFrom | 2003-12-04 00:00:00 |
| ValidTo | 2013-12-03 23:59:59 |
| Signature | 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 47bf1995df8d524643f7db6d480d31a4 |
| Version | 3 |
Certificate 4191a15a3978dfcf496566381d4c75c2
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 41011f8d0e7c7a6408334ca387914c61 |
| ToBeSigned (TBS) SHA1 | c7fc1727f5b75a6421a1f95c73bbdb23580c48e5 |
| ToBeSigned (TBS) SHA256 | 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0 |
| Subject | C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA |
| ValidFrom | 2004-07-16 00:00:00 |
| ValidTo | 2014-07-15 23:59:59 |
| Signature | ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 4191a15a3978dfcf496566381d4c75c2 |
| Version | 3 |
Certificate 4808d93b14b8600dbfa18dab5d15310f
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | adddb65a3a360b3c1a55cb33e426f32a |
| ToBeSigned (TBS) SHA1 | 93d9b282265288a94ee4f1a01c5fb3a08badb7ac |
| ToBeSigned (TBS) SHA256 | d98d63f26125a94eb767fdd2526f6c74bfb40cb4d117a1d87ca3ed0d99bd6f0b |
| Subject | C=US, ST=Utah, L=Provo, O=Novell, Inc., OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Novell Products Group, CN=Novell, Inc. |
| ValidFrom | 2007-04-04 00:00:00 |
| ValidTo | 2010-04-27 23:59:59 |
| Signature | 267f71f6ee43755fd6395f85c34bb15a72a6f2a959c2074627d294395fb1aaa4c7bbeff369d735628b233bde7e5c95a0f1837e5ad03704270834ce9c1b07649a256027930f44e064568666b06e7f9dc3cd299b38b0a6766301200ab58434a05a34a369ab99bbbf2aaa6b3603481e0393a80ea09e78a7cf55317a9590c49887f02e1fd948c3b1f6d203e91782ce423d0569f45e7f074205df5f92be6ccd9836641439af4390022242e0ca84aedb0d71c5a50f2dbd1ed30e5ac9c1bda67c694f94f2fe4aa83945ed32e426afe26f44dcb6dcc8186728f86f1a1bddc1ea7dd82b76578a42d1e63bf5f8f348fbcd509094858978e375d277394529df1dd5d78abab2 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 4808d93b14b8600dbfa18dab5d15310f |
| Version | 3 |
Certificate 610c120600000000001b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 53c41bc1164e09e0cd1617a5bf913efd |
| ToBeSigned (TBS) SHA1 | 93c03aac8951d494ecd5696b1c08658541b18727 |
| ToBeSigned (TBS) SHA256 | 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b |
| Subject | C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority |
| ValidFrom | 2006-05-23 17:01:29 |
| ValidTo | 2016-05-23 17:11:29 |
| Signature | 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 610c120600000000001b |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- RtlEqualString
- RtlInitAnsiString
- strstr
- ExReleaseResourceLite
- ExAcquireResourceExclusiveLite
- ExAcquireResourceSharedLite
- ExInitializeResourceLite
- ExDeleteResourceLite
- ZwClose
- NtSetSecurityObject
- ZwCreateFile
- RtlCreateSecurityDescriptor
- IoSetTopLevelIrp
- IoGetTopLevelIrp
- IofCompleteRequest
- IoDeleteDevice
- IoDeleteSymbolicLink
- KeReleaseMutex
- KeWaitForSingleObject
- KeLeaveCriticalRegion
- IoFreeMdl
- MmUnlockPages
- MmUnmapLockedPages
- MmMapLockedPagesSpecifyCache
- MmProbeAndLockPages
- IoAllocateMdl
- ProbeForWrite
- ProbeForRead
- KeEnterCriticalRegion
- IoUnregisterShutdownNotification
- IoCreateSymbolicLink
- IoRegisterShutdownNotification
- IoCreateDevice
- KeInitializeMutex
- DbgPrintEx
- IoGetCurrentProcess
- KeDelayExecutionThread
- RtlAnsiStringToUnicodeString
- RtlFreeUnicodeString
- ZwSetValueKey
- RtlInitUnicodeString
- ZwCreateKey
- RtlAppendUnicodeStringToString
- memset
- ZwQuerySystemInformation
- RtlUnicodeStringToAnsiString
- ZwQueryValueKey
- ZwOpenKey
- ZwOpenFile
- RtlCopyString
- MmIsAddressValid
- ZwWaitForSingleObject
- ZwReadFile
- ZwQueryInformationFile
- RtlInitString
- ZwQueryDirectoryFile
- ZwLoadDriver
- RtlAppendUnicodeToString
- KeTickCount
- KeBugCheckEx
- RtlUnwind
Exported Functions
Expand
- NicmCreateInstance
- NicmDeregisterClassFactory
- NicmGetVersion
- NicmRegisterClassFactory
- XTComCreateInstance
- XTComDeregisterClassFactory
- XTComFreeUnusedLibrariesEx
- XTComGetClassObject
- XTComGetVersion
- XTComInitialize
- XTComRegisterClassFactory
Sections
Expand
- .text
- .rdata
- .data
- .edata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000002528b33aaf895f339db000000000252",
"Signature": "164937b92c644c4061d4db4097b062bc812c0167605f5a99f847593186d029ab18e888522d744cc45d41dce29d47d2bf91c72992f35c1a5f03ed8c984b89a109430147e54bae0ddff0f523dfc03d5796a2636fc9a24ed66453809a33d134d1a7c9e83b974953893845a84fb668eb3afa179e82a01d7a51a03492911cb591ba118ab8b230e65920c7d2b2f90bd9ae7fc3762f2e4c88162a9f8c186f3163a3c1bef8e0b7d8d04a19673eb677518f01bf0cbaaf29e15c1695d15d134cbd20131ede87f2b5a3c3226abbbab3fec5caa38b7944b8bd31e1f538012f90edc4262ead76d2055b4bd458f8e3e39dffa7260bd9a6bebb62c86ef4f58dd177761d263d9fdc626aed8eca756ab441885ab4a8417a0e1fc63860d32badda0e9a3359b18cd3eb138f33e87582346bbd80c2b966e765751c386b8e59d3a02892da1fd02a8ec9312bbead188e81385e96b4fbced3fcf5545cda9fed8faa494efef4bb4b42e318478c377123e3b8dbacbcb7fd8019dc87946a33b91a0ed6160e02f2078d847ecc5e32ac0a5b003e4d58b41eb591a9f4b1da895b139ea125c1243233922b3dec46eba91425f752ba3261fe762feda2553add6bc5d67ac3c6eb63279f74fc02e2dfcde245b806df392111c7b20564ef7650fa17135b848cbe6c925d724d907732e6e0380e05f0aa11361be21401124fe9c6f1cf2e22c6d979bd3c49e61032a8d51269",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation",
"TBS": {
"MD5": "92b6022918bc02eb361b8a02fb1da57d",
"SHA1": "8ceb945fac0f6d623d464e21740ae6eb60351652",
"SHA256": "c1446860a1cd9db490d3ea85e9df05df44af8d44e2bb803a2a2018f3b6c41bcb",
"SHA384": "322ed1a62a9f2ed7c7f601e99a8db15371e3ba1039a73c81801165ea987679023bc36f8c357f74354dce65532b71be3c"
},
"ValidFrom": "2021-09-02 18:32:59",
"ValidTo": "2022-09-01 18:32:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610e90d2000000000003",
"Signature": "67f286a598e054791a2ed3d87467229b0b9611e163929942967dd2790c90c1655f2e2c3ef8c372d16d83febe3fe80aca3bbf47a9a3f369db63bf2235a5975d6584907d8b465055d80c927cd21a4b1cf33c428b52d0b0fd6be33e072e299be63d1ba5d4b51d779439e2e964c9443d787a23f3137da69074838df4cb2602462ac28a10bba4a9050c9bed68fa682e95a02a3f2a6b5849631f09696e5a9896e483f4c08ff3462bdefc3bd0bd35ef6e25aee5af27edd0ddf30eaf992897984d0e3d0bf20889d61fc33218e2f0c52dce5b9eb449390ac60ac2c6adaee5b2d9db1588514558383271271a7fb1f427f8de2c3a206998b25989686e6fa7b774c3400506a6012a283e823f134d660bc0b34df5e18f7f1c6f157d45a776e5402a65a3c35d526286c31d63369786dfdaf3f8f216a19a27e1cda597d0ee5d6341e35b079c873e067706d106b1751f14be6161b5f0dcc61b04bedf41c70e28eede652fec97f6a15c96d800d6a146bd59f397a5094b481099801fd00029c5b19ba53f45771e35c6d2a2a29f7a7a22fa48951fabfb472380f59ef8bf6bb74b97e2eb75781aecea379979184bffd6b3236875e6affafc8beb0b80ea693baffc30ed044c8edfdf756d63913dd19d564e4fbf805722a1781132217aef410ab13ffba8cca45dc1a1889b5771564e4845c042c99b765b0a80486bfd799fc1bd6d6d6ac95273130d7a50cd",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011",
"TBS": {
"MD5": "b4ec95434f1d45b8055077cf90540a5f",
"SHA1": "71f74db41d045d6eaf81a849bbb3e21544edcff4",
"SHA256": "f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e",
"SHA384": "25cbac323e740588a1ea3ca39ea907647440884ad75fc4bd99be6c82202aba42e95049fa7b66884977e60b819b21a2a5"
},
"ValidFrom": "2011-07-08 20:59:09",
"ValidTo": "2026-07-08 21:09:09",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011",
"SerialNumber": "33000002528b33aaf895f339db000000000252",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 33000002528b33aaf895f339db000000000252
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 92b6022918bc02eb361b8a02fb1da57d |
| ToBeSigned (TBS) SHA1 | 8ceb945fac0f6d623d464e21740ae6eb60351652 |
| ToBeSigned (TBS) SHA256 | c1446860a1cd9db490d3ea85e9df05df44af8d44e2bb803a2a2018f3b6c41bcb |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation |
| ValidFrom | 2021-09-02 18:32:59 |
| ValidTo | 2022-09-01 18:32:59 |
| Signature | 164937b92c644c4061d4db4097b062bc812c0167605f5a99f847593186d029ab18e888522d744cc45d41dce29d47d2bf91c72992f35c1a5f03ed8c984b89a109430147e54bae0ddff0f523dfc03d5796a2636fc9a24ed66453809a33d134d1a7c9e83b974953893845a84fb668eb3afa179e82a01d7a51a03492911cb591ba118ab8b230e65920c7d2b2f90bd9ae7fc3762f2e4c88162a9f8c186f3163a3c1bef8e0b7d8d04a19673eb677518f01bf0cbaaf29e15c1695d15d134cbd20131ede87f2b5a3c3226abbbab3fec5caa38b7944b8bd31e1f538012f90edc4262ead76d2055b4bd458f8e3e39dffa7260bd9a6bebb62c86ef4f58dd177761d263d9fdc626aed8eca756ab441885ab4a8417a0e1fc63860d32badda0e9a3359b18cd3eb138f33e87582346bbd80c2b966e765751c386b8e59d3a02892da1fd02a8ec9312bbead188e81385e96b4fbced3fcf5545cda9fed8faa494efef4bb4b42e318478c377123e3b8dbacbcb7fd8019dc87946a33b91a0ed6160e02f2078d847ecc5e32ac0a5b003e4d58b41eb591a9f4b1da895b139ea125c1243233922b3dec46eba91425f752ba3261fe762feda2553add6bc5d67ac3c6eb63279f74fc02e2dfcde245b806df392111c7b20564ef7650fa17135b848cbe6c925d724d907732e6e0380e05f0aa11361be21401124fe9c6f1cf2e22c6d979bd3c49e61032a8d51269 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000002528b33aaf895f339db000000000252 |
| Version | 3 |
Certificate 610e90d2000000000003
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | b4ec95434f1d45b8055077cf90540a5f |
| ToBeSigned (TBS) SHA1 | 71f74db41d045d6eaf81a849bbb3e21544edcff4 |
| ToBeSigned (TBS) SHA256 | f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011 |
| ValidFrom | 2011-07-08 20:59:09 |
| ValidTo | 2026-07-08 21:09:09 |
| Signature | 67f286a598e054791a2ed3d87467229b0b9611e163929942967dd2790c90c1655f2e2c3ef8c372d16d83febe3fe80aca3bbf47a9a3f369db63bf2235a5975d6584907d8b465055d80c927cd21a4b1cf33c428b52d0b0fd6be33e072e299be63d1ba5d4b51d779439e2e964c9443d787a23f3137da69074838df4cb2602462ac28a10bba4a9050c9bed68fa682e95a02a3f2a6b5849631f09696e5a9896e483f4c08ff3462bdefc3bd0bd35ef6e25aee5af27edd0ddf30eaf992897984d0e3d0bf20889d61fc33218e2f0c52dce5b9eb449390ac60ac2c6adaee5b2d9db1588514558383271271a7fb1f427f8de2c3a206998b25989686e6fa7b774c3400506a6012a283e823f134d660bc0b34df5e18f7f1c6f157d45a776e5402a65a3c35d526286c31d63369786dfdaf3f8f216a19a27e1cda597d0ee5d6341e35b079c873e067706d106b1751f14be6161b5f0dcc61b04bedf41c70e28eede652fec97f6a15c96d800d6a146bd59f397a5094b481099801fd00029c5b19ba53f45771e35c6d2a2a29f7a7a22fa48951fabfb472380f59ef8bf6bb74b97e2eb75781aecea379979184bffd6b3236875e6affafc8beb0b80ea693baffc30ed044c8edfdf756d63913dd19d564e4fbf805722a1781132217aef410ab13ffba8cca45dc1a1889b5771564e4845c042c99b765b0a80486bfd799fc1bd6d6d6ac95273130d7a50cd |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 610e90d2000000000003 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ExAcquireResourceExclusiveLite
- ExAllocatePoolWithTag
- ExFreePoolWithTag
- strstr
- RtlInitAnsiString
- ExAcquireResourceSharedLite
- ExReleaseResourceLite
- RtlEqualString
- MmUnmapLockedPages
- ProbeForRead
- IoDeleteSymbolicLink
- IoRegisterShutdownNotification
- KeInitializeMutex
- KeLeaveCriticalRegion
- IoDeleteDevice
- ProbeForWrite
- IoFreeMdl
- KeEnterCriticalRegion
- KeReleaseMutex
- ZwCreateFile
- MmMapLockedPagesSpecifyCache
- IoUnregisterShutdownNotification
- ZwClose
- IofCompleteRequest
- IoSetTopLevelIrp
- KeWaitForSingleObject
- MmProbeAndLockPages
- MmUnlockPages
- ExDeleteResourceLite
- IoGetTopLevelIrp
- IoCreateSymbolicLink
- IoCreateDevice
- ExInitializeResourceLite
- NtSetSecurityObject
- DbgPrintEx
- IoAllocateMdl
- RtlCreateSecurityDescriptor
- IoGetCurrentProcess
- ZwCreateKey
- RtlAnsiStringToUnicodeString
- ZwReadFile
- RtlInitUnicodeString
- RtlAppendUnicodeToString
- RtlUnicodeStringToAnsiString
- ZwSetValueKey
- ZwQuerySystemInformation
- RtlInitString
- KeDelayExecutionThread
- RtlFreeUnicodeString
- ZwWaitForSingleObject
- ZwQueryValueKey
- ZwQueryDirectoryFile
- RtlAppendUnicodeStringToString
- RtlCopyString
- MmIsAddressValid
- ZwOpenFile
- ZwQueryInformationFile
- ZwLoadDriver
- ZwOpenKey
- KeBugCheckEx
- __C_specific_handler
Exported Functions
Expand
- NicmCreateInstance
- NicmDeregisterClassFactory
- NicmGetVersion
- NicmRegisterClassFactory
- XTComCreateInstance
- XTComDeregisterClassFactory
- XTComFreeUnusedLibrariesEx
- XTComGetClassObject
- XTComGetVersion
- XTComInitialize
- XTComRegisterClassFactory
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- .edata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000002528b33aaf895f339db000000000252",
"Signature": "164937b92c644c4061d4db4097b062bc812c0167605f5a99f847593186d029ab18e888522d744cc45d41dce29d47d2bf91c72992f35c1a5f03ed8c984b89a109430147e54bae0ddff0f523dfc03d5796a2636fc9a24ed66453809a33d134d1a7c9e83b974953893845a84fb668eb3afa179e82a01d7a51a03492911cb591ba118ab8b230e65920c7d2b2f90bd9ae7fc3762f2e4c88162a9f8c186f3163a3c1bef8e0b7d8d04a19673eb677518f01bf0cbaaf29e15c1695d15d134cbd20131ede87f2b5a3c3226abbbab3fec5caa38b7944b8bd31e1f538012f90edc4262ead76d2055b4bd458f8e3e39dffa7260bd9a6bebb62c86ef4f58dd177761d263d9fdc626aed8eca756ab441885ab4a8417a0e1fc63860d32badda0e9a3359b18cd3eb138f33e87582346bbd80c2b966e765751c386b8e59d3a02892da1fd02a8ec9312bbead188e81385e96b4fbced3fcf5545cda9fed8faa494efef4bb4b42e318478c377123e3b8dbacbcb7fd8019dc87946a33b91a0ed6160e02f2078d847ecc5e32ac0a5b003e4d58b41eb591a9f4b1da895b139ea125c1243233922b3dec46eba91425f752ba3261fe762feda2553add6bc5d67ac3c6eb63279f74fc02e2dfcde245b806df392111c7b20564ef7650fa17135b848cbe6c925d724d907732e6e0380e05f0aa11361be21401124fe9c6f1cf2e22c6d979bd3c49e61032a8d51269",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation",
"TBS": {
"MD5": "92b6022918bc02eb361b8a02fb1da57d",
"SHA1": "8ceb945fac0f6d623d464e21740ae6eb60351652",
"SHA256": "c1446860a1cd9db490d3ea85e9df05df44af8d44e2bb803a2a2018f3b6c41bcb",
"SHA384": "322ed1a62a9f2ed7c7f601e99a8db15371e3ba1039a73c81801165ea987679023bc36f8c357f74354dce65532b71be3c"
},
"ValidFrom": "2021-09-02 18:32:59",
"ValidTo": "2022-09-01 18:32:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610e90d2000000000003",
"Signature": "67f286a598e054791a2ed3d87467229b0b9611e163929942967dd2790c90c1655f2e2c3ef8c372d16d83febe3fe80aca3bbf47a9a3f369db63bf2235a5975d6584907d8b465055d80c927cd21a4b1cf33c428b52d0b0fd6be33e072e299be63d1ba5d4b51d779439e2e964c9443d787a23f3137da69074838df4cb2602462ac28a10bba4a9050c9bed68fa682e95a02a3f2a6b5849631f09696e5a9896e483f4c08ff3462bdefc3bd0bd35ef6e25aee5af27edd0ddf30eaf992897984d0e3d0bf20889d61fc33218e2f0c52dce5b9eb449390ac60ac2c6adaee5b2d9db1588514558383271271a7fb1f427f8de2c3a206998b25989686e6fa7b774c3400506a6012a283e823f134d660bc0b34df5e18f7f1c6f157d45a776e5402a65a3c35d526286c31d63369786dfdaf3f8f216a19a27e1cda597d0ee5d6341e35b079c873e067706d106b1751f14be6161b5f0dcc61b04bedf41c70e28eede652fec97f6a15c96d800d6a146bd59f397a5094b481099801fd00029c5b19ba53f45771e35c6d2a2a29f7a7a22fa48951fabfb472380f59ef8bf6bb74b97e2eb75781aecea379979184bffd6b3236875e6affafc8beb0b80ea693baffc30ed044c8edfdf756d63913dd19d564e4fbf805722a1781132217aef410ab13ffba8cca45dc1a1889b5771564e4845c042c99b765b0a80486bfd799fc1bd6d6d6ac95273130d7a50cd",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011",
"TBS": {
"MD5": "b4ec95434f1d45b8055077cf90540a5f",
"SHA1": "71f74db41d045d6eaf81a849bbb3e21544edcff4",
"SHA256": "f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e",
"SHA384": "25cbac323e740588a1ea3ca39ea907647440884ad75fc4bd99be6c82202aba42e95049fa7b66884977e60b819b21a2a5"
},
"ValidFrom": "2011-07-08 20:59:09",
"ValidTo": "2026-07-08 21:09:09",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011",
"SerialNumber": "33000002528b33aaf895f339db000000000252",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 330000036ce57eeb5d1cc2be1700000000036c
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 7ece739fdaa27d96b67f587db04186a7 |
| ToBeSigned (TBS) SHA1 | b8701efa0ab12b8fea2293c9cff8772ecca084d0 |
| ToBeSigned (TBS) SHA256 | c1392bdcbb0b50215fca8c78f25c2d857e515dce06c87ce86527c88c91d5d7e4 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Publisher |
| ValidFrom | 2022-01-27 19:31:19 |
| ValidTo | 2023-01-26 19:31:19 |
| Signature | 941777115fcaf24c60c4a8c891758c491887aa5e9f0902a704191e75dd6f99be3d14a24aa35b1f2a1c1c42dde08da3fa75a73edbf7b5ae0fe94b3716e43b838ff30149e19c51b8b87cc53377ae08bfc0f54c7fafa398db43e839de108493510bc34d0fe998a44fcd0a11b0dc0c7315421dac79ab09ca47f847f9fa88e15d57a564f7b074664409c0ce01c697b2dcfd31676fc908fbc6bb928f82170f0b5a54f52f4327797278b78188b87e37b192b493d00eaf661e30f12b9e67fbd1df9cc5843e6a1c68b45d4f62423450cdc990fab2367d7f57719cb8272f59d4f300284a36d88adfc976cb08c6b0da33d5e988be0e1a3cef2a9669b5227a5b8d027f804908 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 330000036ce57eeb5d1cc2be1700000000036c |
| Version | 3 |
Certificate 61077656000000000008
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 30a3f0b64324ed7f465e7fc618cb69e7 |
| ToBeSigned (TBS) SHA1 | 002de3561519b662c5e3f5faba1b92c403fb7c41 |
| ToBeSigned (TBS) SHA256 | 4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 |
| ValidFrom | 2011-10-19 18:41:42 |
| ValidTo | 2026-10-19 18:51:42 |
| Signature | 14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 61077656000000000008 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ExAcquireResourceExclusiveLite
- ExAllocatePoolWithTag
- ExFreePoolWithTag
- strstr
- RtlInitAnsiString
- ExAcquireResourceSharedLite
- ExReleaseResourceLite
- RtlEqualString
- MmUnmapLockedPages
- ProbeForRead
- IoDeleteSymbolicLink
- IoRegisterShutdownNotification
- KeInitializeMutex
- KeLeaveCriticalRegion
- IoDeleteDevice
- ProbeForWrite
- IoFreeMdl
- KeEnterCriticalRegion
- KeReleaseMutex
- ZwCreateFile
- MmMapLockedPagesSpecifyCache
- IoUnregisterShutdownNotification
- ZwClose
- IofCompleteRequest
- IoSetTopLevelIrp
- KeWaitForSingleObject
- MmProbeAndLockPages
- MmUnlockPages
- ExDeleteResourceLite
- IoGetTopLevelIrp
- IoCreateSymbolicLink
- IoCreateDevice
- ExInitializeResourceLite
- NtSetSecurityObject
- DbgPrintEx
- IoAllocateMdl
- RtlCreateSecurityDescriptor
- IoGetCurrentProcess
- ZwCreateKey
- RtlAnsiStringToUnicodeString
- ZwReadFile
- RtlInitUnicodeString
- RtlAppendUnicodeToString
- RtlUnicodeStringToAnsiString
- ZwSetValueKey
- ZwQuerySystemInformation
- RtlInitString
- KeDelayExecutionThread
- RtlFreeUnicodeString
- ZwWaitForSingleObject
- ZwQueryValueKey
- ZwQueryDirectoryFile
- RtlAppendUnicodeStringToString
- RtlCopyString
- MmIsAddressValid
- ZwOpenFile
- ZwQueryInformationFile
- ZwLoadDriver
- ZwOpenKey
- KeBugCheckEx
- __C_specific_handler
Exported Functions
Expand
- NicmCreateInstance
- NicmDeregisterClassFactory
- NicmGetVersion
- NicmRegisterClassFactory
- XTComCreateInstance
- XTComDeregisterClassFactory
- XTComFreeUnusedLibrariesEx
- XTComGetClassObject
- XTComGetVersion
- XTComInitialize
- XTComRegisterClassFactory
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- .edata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000002528b33aaf895f339db000000000252",
"Signature": "164937b92c644c4061d4db4097b062bc812c0167605f5a99f847593186d029ab18e888522d744cc45d41dce29d47d2bf91c72992f35c1a5f03ed8c984b89a109430147e54bae0ddff0f523dfc03d5796a2636fc9a24ed66453809a33d134d1a7c9e83b974953893845a84fb668eb3afa179e82a01d7a51a03492911cb591ba118ab8b230e65920c7d2b2f90bd9ae7fc3762f2e4c88162a9f8c186f3163a3c1bef8e0b7d8d04a19673eb677518f01bf0cbaaf29e15c1695d15d134cbd20131ede87f2b5a3c3226abbbab3fec5caa38b7944b8bd31e1f538012f90edc4262ead76d2055b4bd458f8e3e39dffa7260bd9a6bebb62c86ef4f58dd177761d263d9fdc626aed8eca756ab441885ab4a8417a0e1fc63860d32badda0e9a3359b18cd3eb138f33e87582346bbd80c2b966e765751c386b8e59d3a02892da1fd02a8ec9312bbead188e81385e96b4fbced3fcf5545cda9fed8faa494efef4bb4b42e318478c377123e3b8dbacbcb7fd8019dc87946a33b91a0ed6160e02f2078d847ecc5e32ac0a5b003e4d58b41eb591a9f4b1da895b139ea125c1243233922b3dec46eba91425f752ba3261fe762feda2553add6bc5d67ac3c6eb63279f74fc02e2dfcde245b806df392111c7b20564ef7650fa17135b848cbe6c925d724d907732e6e0380e05f0aa11361be21401124fe9c6f1cf2e22c6d979bd3c49e61032a8d51269",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation",
"TBS": {
"MD5": "92b6022918bc02eb361b8a02fb1da57d",
"SHA1": "8ceb945fac0f6d623d464e21740ae6eb60351652",
"SHA256": "c1446860a1cd9db490d3ea85e9df05df44af8d44e2bb803a2a2018f3b6c41bcb",
"SHA384": "322ed1a62a9f2ed7c7f601e99a8db15371e3ba1039a73c81801165ea987679023bc36f8c357f74354dce65532b71be3c"
},
"ValidFrom": "2021-09-02 18:32:59",
"ValidTo": "2022-09-01 18:32:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610e90d2000000000003",
"Signature": "67f286a598e054791a2ed3d87467229b0b9611e163929942967dd2790c90c1655f2e2c3ef8c372d16d83febe3fe80aca3bbf47a9a3f369db63bf2235a5975d6584907d8b465055d80c927cd21a4b1cf33c428b52d0b0fd6be33e072e299be63d1ba5d4b51d779439e2e964c9443d787a23f3137da69074838df4cb2602462ac28a10bba4a9050c9bed68fa682e95a02a3f2a6b5849631f09696e5a9896e483f4c08ff3462bdefc3bd0bd35ef6e25aee5af27edd0ddf30eaf992897984d0e3d0bf20889d61fc33218e2f0c52dce5b9eb449390ac60ac2c6adaee5b2d9db1588514558383271271a7fb1f427f8de2c3a206998b25989686e6fa7b774c3400506a6012a283e823f134d660bc0b34df5e18f7f1c6f157d45a776e5402a65a3c35d526286c31d63369786dfdaf3f8f216a19a27e1cda597d0ee5d6341e35b079c873e067706d106b1751f14be6161b5f0dcc61b04bedf41c70e28eede652fec97f6a15c96d800d6a146bd59f397a5094b481099801fd00029c5b19ba53f45771e35c6d2a2a29f7a7a22fa48951fabfb472380f59ef8bf6bb74b97e2eb75781aecea379979184bffd6b3236875e6affafc8beb0b80ea693baffc30ed044c8edfdf756d63913dd19d564e4fbf805722a1781132217aef410ab13ffba8cca45dc1a1889b5771564e4845c042c99b765b0a80486bfd799fc1bd6d6d6ac95273130d7a50cd",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011",
"TBS": {
"MD5": "b4ec95434f1d45b8055077cf90540a5f",
"SHA1": "71f74db41d045d6eaf81a849bbb3e21544edcff4",
"SHA256": "f6f717a43ad9abddc8cefdde1c505462535e7d1307e630f9544a2d14fe8bf26e",
"SHA384": "25cbac323e740588a1ea3ca39ea907647440884ad75fc4bd99be6c82202aba42e95049fa7b66884977e60b819b21a2a5"
},
"ValidFrom": "2011-07-08 20:59:09",
"ValidTo": "2026-07-08 21:09:09",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011",
"SerialNumber": "33000002528b33aaf895f339db000000000252",
"Version": 1
}
],
"SignerInfo": ""
}
source
last_updated: 2024-09-26
