Description
LgDCatcher.sys is a vulnerable driver and more information will be added as found.
- UUID: a8e999ee-746f-4788-9102-c1d3d2914f56
- Created: 2023-01-09
- Author: Michael Haag
- Acknowledgement: |
DownloadBlock
This download link contains the vulnerable driver!
Commands
sc.exe create LgDCatcher.sys binPath=C:\windows\temp\LgDCatcher.sys type=kernel && sc.exe start LgDCatcher.sys
| Use Case | Privileges | Operating System |
|---|
| Elevate privileges | kernel | Windows 10 |
Detections
Sigma 🛡️
Expand
Names
detects loading using name only
Hashes
detects loading using hashes only
Resources
https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rulesKnown Vulnerable Samples
Download
Certificates
Expand
Certificate 0409181b5fd5bb66755343b56f955008
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 9359496ca4f021408b9d8923cab8b179 |
| ToBeSigned (TBS) SHA1 | 2aed40d7759997830870769be250199fd609e40e |
| ToBeSigned (TBS) SHA256 | e767799478f64a34b3f53ff3bb9057fe1768f4ab178041b0dcc0ff1e210cba65 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured ID Code Signing CA |
| ValidFrom | 2013-10-22 12:00:00 |
| ValidTo | 2028-10-22 12:00:00 |
| Signature | 3eec0d5a24b3f322d115c82c7c252976a81d5d1c2d3a1ac4ef3061d77e0b60fdc33d0fc4af8bfdef2adf205537b0e1f6d192750f51b46ea58e5ae25e24814e10a4ee3f718e630e134badd75f4479f33614068af79c464e5cff90b11b070e9115fbbaafb551c28d24ae24c6c7272aa129281a3a7128023c2e91a3c02511e29c1447a17a6868af9ba75c205cd971b10c8fbba8f8c512689fcf40cb4044a513f0e6640c25084232b2368a2402fe2f727e1cd7494596e8591de9fa74646bb2eb6643dab3b08cd5e90dddf60120ce9931633d081a18b3819b4fc6931006fc0781fa8bdaf98249f7626ea153fa129418852e9291ea686c4432b266a1e718a49a6451ef |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 0409181b5fd5bb66755343b56f955008 |
| Version | 3 |
Certificate 611cb28a000000000026
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 983a0c315a50542362f2bd6a5d71c8d0 |
| ToBeSigned (TBS) SHA1 | 8047f476001f5cb16a661d2a3fd0c3576168f5e2 |
| ToBeSigned (TBS) SHA256 | 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA |
| ValidFrom | 2011-04-15 19:41:37 |
| ValidTo | 2021-04-15 19:51:37 |
| Signature | 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611cb28a000000000026 |
| Version | 3 |
Certificate 0efd9bd4b4281c6522d96011df46c9c4
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a79bd916766d1d84788c637368712a33 |
| ToBeSigned (TBS) SHA1 | 59253425fe3216db3b4a61d841bb2e5a04b16de4 |
| ToBeSigned (TBS) SHA256 | 1fbfce5177088c54f2e5aaba30cd415afabd5248d49aa440a15963a9e7d2ea23 |
| Subject | C=CN, ST=, L=, O=, CN= |
| ValidFrom | 2020-04-07 00:00:00 |
| ValidTo | 2023-04-12 12:00:00 |
| Signature | a4c49209083ca0c02d22e42e0f174eb979220983298f1fb3ce5f14777b955ebb967d6ab384bc924776ec4d86bab81b19775efbafb8a330efd441e89b696862ab135515ae53e585fe95f42a6029af2a7dc8b2467e7ada564c0de809404746327890d06f247b5ef420978893e616ffa622e3fbdcd37c3147d04b84ce4be2af9d7408e342e39ebf2e77b111b22d824ce50b57c8c3f6adcd11cefa69f9f5d381084fa76f6531fd8c8462d9292f4ad4c0cadb0c293e350b96e847cd5af3c4a9c4d3e22c45c7dc10908af3e41a0e9fadd5fa45ffa88d413a50bd7db8f165d67df655de0e88fe8ab2d7638ebd1eef0c514a18a3e73cd0e2a5f6a56f7c7288b4f30a6673 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 0efd9bd4b4281c6522d96011df46c9c4 |
| Version | 3 |
Certificate 300f6facdd6698747ca94636a7782db9
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 63499ed59a1293b786649470e4ce0bd7 |
| ToBeSigned (TBS) SHA1 | 7309d8eaa65da1f3da7030c08f00a3b0a20fa908 |
| ToBeSigned (TBS) SHA256 | 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937 |
| Subject | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA |
| ValidFrom | 2019-05-02 00:00:00 |
| ValidTo | 2038-01-18 23:59:59 |
| Signature | 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.12 |
| IsCertificateAuthority | True |
| SerialNumber | 300f6facdd6698747ca94636a7782db9 |
| Version | 3 |
Certificate 008c77a0008ff4d1b0c63d9f3a48838d6b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 6efd500ce038df7aa3087c1e63a5eb5c |
| ToBeSigned (TBS) SHA1 | 1c961712a02fb995c585080eda53a753656ca3ad |
| ToBeSigned (TBS) SHA256 | f60d4f8f7b56499de889264b1e64890694c5b106129d3db068976ed33495577a |
| Subject | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #2 |
| ValidFrom | 2020-10-23 00:00:00 |
| ValidTo | 2032-01-22 23:59:59 |
| Signature | 4a0378904233ec7b1a830936339855bb9d4006306b456af1940e1950ff5b255e3be139c45bbae995903737bddffb64ece582b795cc5755704b4ef4a887dd2285a657bbb82127d4a02a31948a07219e8abda71af50215cb4450998cec3eba0377a6820290c22e93a9be21347563b9e02d0fcf0137cb8da2fab85a9aaea17a9e139319558f09902edfea881716eb69d6e125bd45089780d75420284fca7bb3b3a5d200b0603465c4e3c5c3a5e4ba85aa7a69db75a43e79689a368b43ae36d461723c0e85620da05e70db642f01c7c1a1c72494a3b23c6eb25ea2d0faa8d1b8251c16e6c0d57f681ac46529352a2d88bceaae74d682e7c088b8e14f78f05ccac0405cc29fd5321c2cda3cac36f706529aa3403017b0291699c9aab78849f7e80b2533b53f6daf9f5f0a56df12b1c3eece9177e82013e95c24c7ea440b4ae613841c4deb0db5b886a030a78ba19fb42cccc01623c991e542034b80cee44de62a013ec05e85a024a11740d5dbdbe79810a4f1ea191b8054fa4789e89881a975c00edfd0689479a1a09e8eb6b74266cbd9d96b2f4dd8de3e321e20e4ec9c4d428d9dc73399823744d4262926408e782fb9eefa2ff1f18ffe50b878dd1496de1c0e70b02a856ab16c68e92ae4102b6e21fdd37c9d37e42a06d6c3f1d768e34f0779810813feb2645ee9b13ce6d07823b2092ce22662bf3ba99751ccc7443281b2afcfdf |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.12 |
| IsCertificateAuthority | False |
| SerialNumber | 008c77a0008ff4d1b0c63d9f3a48838d6b |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- fwpkclnt.sys
- NDIS.SYS
- WDFLDR.SYS
Imported Functions
Expand
- ExpInterlockedPushEntrySList
- ExInitializeNPagedLookasideList
- ExDeleteNPagedLookasideList
- MmBuildMdlForNonPagedPool
- MmMapLockedPagesSpecifyCache
- MmUnmapLockedPages
- MmAllocatePagesForMdl
- MmFreePagesFromMdl
- PsCreateSystemThread
- PsTerminateSystemThread
- IoAllocateMdl
- IofCompleteRequest
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- IoFreeMdl
- IoReleaseCancelSpinLock
- ObReferenceObjectByHandle
- ExpInterlockedPopEntrySList
- ZwClose
- ZwOpenKey
- ZwQueryValueKey
- PsGetCurrentProcessId
- ZwSetInformationThread
- RtlLengthSid
- RtlCreateAcl
- RtlAddAccessAllowedAce
- PsLookupProcessByProcessId
- ObOpenObjectByPointer
- ZwSetSecurityObject
- __C_specific_handler
- SeExports
- RtlGetVersion
- _stricmp
- ExAllocatePool
- ZwQuerySystemInformation
- RtlValidSid
- KeGetCurrentIrql
- KeWaitForSingleObject
- ExFreePoolWithTag
- ExQueryDepthSList
- KeSetEvent
- KeInitializeEvent
- RtlSetDaclSecurityDescriptor
- RtlCreateSecurityDescriptor
- RtlAppendUnicodeToString
- MmGetSystemRoutineAddress
- RtlInitUnicodeString
- swprintf_s
- ExUuidCreate
- ExAllocatePoolWithTag
- RtlCopyUnicodeString
- KeReleaseInStackQueuedSpinLock
- KeAcquireInStackQueuedSpinLock
- ObfDereferenceObject
- RtlCompareMemory
- FwpsFreeNetBufferList0
- NdisInitializeEvent
- NdisAdvanceNetBufferDataStart
- NdisGetDataBuffer
- NdisAllocateGenericObject
- NdisFreeNetBufferListPool
- NdisAllocateNetBufferListPool
- NdisWaitEvent
- NdisFreeGenericObject
- NdisRetreatNetBufferDataStart
- WdfVersionUnbind
- WdfVersionBind
- WdfVersionBindClass
- WdfVersionUnbindClass
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "0409181b5fd5bb66755343b56f955008",
"Signature": "3eec0d5a24b3f322d115c82c7c252976a81d5d1c2d3a1ac4ef3061d77e0b60fdc33d0fc4af8bfdef2adf205537b0e1f6d192750f51b46ea58e5ae25e24814e10a4ee3f718e630e134badd75f4479f33614068af79c464e5cff90b11b070e9115fbbaafb551c28d24ae24c6c7272aa129281a3a7128023c2e91a3c02511e29c1447a17a6868af9ba75c205cd971b10c8fbba8f8c512689fcf40cb4044a513f0e6640c25084232b2368a2402fe2f727e1cd7494596e8591de9fa74646bb2eb6643dab3b08cd5e90dddf60120ce9931633d081a18b3819b4fc6931006fc0781fa8bdaf98249f7626ea153fa129418852e9291ea686c4432b266a1e718a49a6451ef",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured ID Code Signing CA",
"TBS": {
"MD5": "9359496ca4f021408b9d8923cab8b179",
"SHA1": "2aed40d7759997830870769be250199fd609e40e",
"SHA256": "e767799478f64a34b3f53ff3bb9057fe1768f4ab178041b0dcc0ff1e210cba65",
"SHA384": "5cb7e7b4f1dbccd48d10db7e71b6f8c05fcb4bcb0085a6fefcfa0c2148f9a594e59f56ac4304004f3b398e259035c40c"
},
"ValidFrom": "2013-10-22 12:00:00",
"ValidTo": "2028-10-22 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "611cb28a000000000026",
"Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
"TBS": {
"MD5": "983a0c315a50542362f2bd6a5d71c8d0",
"SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
"SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
"SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
},
"ValidFrom": "2011-04-15 19:41:37",
"ValidTo": "2021-04-15 19:51:37",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0efd9bd4b4281c6522d96011df46c9c4",
"Signature": "a4c49209083ca0c02d22e42e0f174eb979220983298f1fb3ce5f14777b955ebb967d6ab384bc924776ec4d86bab81b19775efbafb8a330efd441e89b696862ab135515ae53e585fe95f42a6029af2a7dc8b2467e7ada564c0de809404746327890d06f247b5ef420978893e616ffa622e3fbdcd37c3147d04b84ce4be2af9d7408e342e39ebf2e77b111b22d824ce50b57c8c3f6adcd11cefa69f9f5d381084fa76f6531fd8c8462d9292f4ad4c0cadb0c293e350b96e847cd5af3c4a9c4d3e22c45c7dc10908af3e41a0e9fadd5fa45ffa88d413a50bd7db8f165d67df655de0e88fe8ab2d7638ebd1eef0c514a18a3e73cd0e2a5f6a56f7c7288b4f30a6673",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=CN, ST=, L=, O=, CN=",
"TBS": {
"MD5": "a79bd916766d1d84788c637368712a33",
"SHA1": "59253425fe3216db3b4a61d841bb2e5a04b16de4",
"SHA256": "1fbfce5177088c54f2e5aaba30cd415afabd5248d49aa440a15963a9e7d2ea23",
"SHA384": "9f5c4429ac557572a26c0f0439d346ee956f6b626cbdd45caa8afe715b3aa84fdc327679c8a0486e0278ca5b806da41a"
},
"ValidFrom": "2020-04-07 00:00:00",
"ValidTo": "2023-04-12 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "300f6facdd6698747ca94636a7782db9",
"Signature": "6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
"Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA",
"TBS": {
"MD5": "63499ed59a1293b786649470e4ce0bd7",
"SHA1": "7309d8eaa65da1f3da7030c08f00a3b0a20fa908",
"SHA256": "8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937",
"SHA384": "5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811"
},
"ValidFrom": "2019-05-02 00:00:00",
"ValidTo": "2038-01-18 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "008c77a0008ff4d1b0c63d9f3a48838d6b",
"Signature": "4a0378904233ec7b1a830936339855bb9d4006306b456af1940e1950ff5b255e3be139c45bbae995903737bddffb64ece582b795cc5755704b4ef4a887dd2285a657bbb82127d4a02a31948a07219e8abda71af50215cb4450998cec3eba0377a6820290c22e93a9be21347563b9e02d0fcf0137cb8da2fab85a9aaea17a9e139319558f09902edfea881716eb69d6e125bd45089780d75420284fca7bb3b3a5d200b0603465c4e3c5c3a5e4ba85aa7a69db75a43e79689a368b43ae36d461723c0e85620da05e70db642f01c7c1a1c72494a3b23c6eb25ea2d0faa8d1b8251c16e6c0d57f681ac46529352a2d88bceaae74d682e7c088b8e14f78f05ccac0405cc29fd5321c2cda3cac36f706529aa3403017b0291699c9aab78849f7e80b2533b53f6daf9f5f0a56df12b1c3eece9177e82013e95c24c7ea440b4ae613841c4deb0db5b886a030a78ba19fb42cccc01623c991e542034b80cee44de62a013ec05e85a024a11740d5dbdbe79810a4f1ea191b8054fa4789e89881a975c00edfd0689479a1a09e8eb6b74266cbd9d96b2f4dd8de3e321e20e4ec9c4d428d9dc73399823744d4262926408e782fb9eefa2ff1f18ffe50b878dd1496de1c0e70b02a856ab16c68e92ae4102b6e21fdd37c9d37e42a06d6c3f1d768e34f0779810813feb2645ee9b13ce6d07823b2092ce22662bf3ba99751ccc7443281b2afcfdf",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
"Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #2",
"TBS": {
"MD5": "6efd500ce038df7aa3087c1e63a5eb5c",
"SHA1": "1c961712a02fb995c585080eda53a753656ca3ad",
"SHA256": "f60d4f8f7b56499de889264b1e64890694c5b106129d3db068976ed33495577a",
"SHA384": "031fdf7c078e205b4d3ffaff40de36f48f91f87c3b0005b482ff614b320f5e47785045cb87a3e6a75085c24ae8409498"
},
"ValidFrom": "2020-10-23 00:00:00",
"ValidTo": "2032-01-22 23:59:59",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured ID Code Signing CA",
"SerialNumber": "0efd9bd4b4281c6522d96011df46c9c4",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 611cb28a000000000026
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 983a0c315a50542362f2bd6a5d71c8d0 |
| ToBeSigned (TBS) SHA1 | 8047f476001f5cb16a661d2a3fd0c3576168f5e2 |
| ToBeSigned (TBS) SHA256 | 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA |
| ValidFrom | 2011-04-15 19:41:37 |
| ValidTo | 2021-04-15 19:51:37 |
| Signature | 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611cb28a000000000026 |
| Version | 3 |
Certificate 0dd7d4a785990584d8c0837659173272
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 559c170b8f735dd1ba8c3946354c4fa5 |
| ToBeSigned (TBS) SHA1 | e7432e65001ca5e56478ee25ae9906981432ee75 |
| ToBeSigned (TBS) SHA256 | 1c6140780d5210fb89e1dd3005184e03dc52740266a921035b1f836b5af0d32a |
| Subject | C=CN, ST=, L=, O=, CN= |
| ValidFrom | 2020-04-07 00:00:00 |
| ValidTo | 2023-04-12 12:00:00 |
| Signature | 056b54cd71b6206297f5e781cbdd5fd3e1d00efd8902ba8fa5e88fa99f3e4de7f620d29685cd48f2e229845102cae6eeaf3dd16087873576b35af8bde8b369baf14d6956c881d4d55c730734db3029c84b83eabed46aeaf79daacc1821220e82886a9b499923225ac471a3df7389ab99693d7a950c07f7fcb4da549ed53c462676b259c867b31f317552cbdbeb331b537ec9b3ca4ab68c26a47aede38fd3a33253655442c4a6113cd16669660e55088a03650dc6c1c5fe52aabd613651e5f0a45096bfc3baeafc386bbe75b53909d4974cc360a491cb19090b681bca3dda039ee52b5bd5fdf1ff157625ad1f54db0e14b571e00d7119bfbd667df0cd517e77bd |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0dd7d4a785990584d8c0837659173272 |
| Version | 3 |
Certificate 03019a023aff58b16bd6d5eae617f066
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a752afee44f017e8d74e3f3eb7914ae3 |
| ToBeSigned (TBS) SHA1 | 8eca80a6b80e9c69dcef7745748524afb8019e2d |
| ToBeSigned (TBS) SHA256 | 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1 |
| Subject | C=US, O=DigiCert, CN=DigiCert Timestamp Responder |
| ValidFrom | 2014-10-22 00:00:00 |
| ValidTo | 2024-10-22 00:00:00 |
| Signature | 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 03019a023aff58b16bd6d5eae617f066 |
| Version | 3 |
Certificate 0fa8490615d700a0be2176fdc5ec6dbd
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a9a31555bbc92b6033975c5428fb3679 |
| ToBeSigned (TBS) SHA1 | 47f4b9898631773231b32844ec0d49990ac4eb1e |
| ToBeSigned (TBS) SHA256 | c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1 |
| ValidFrom | 2011-02-11 12:00:00 |
| ValidTo | 2026-02-10 12:00:00 |
| Signature | 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 0fa8490615d700a0be2176fdc5ec6dbd |
| Version | 3 |
Certificate 06fdf9039603adea000aeb3f27bbba1b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 4e5ad189638cf52ba9cd881d4d44668c |
| ToBeSigned (TBS) SHA1 | cdc115e98d798b33904c820d63cc1e1afc19251d |
| ToBeSigned (TBS) SHA256 | 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1 |
| ValidFrom | 2006-11-10 00:00:00 |
| ValidTo | 2021-11-10 00:00:00 |
| Signature | 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 06fdf9039603adea000aeb3f27bbba1b |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- fwpkclnt.sys
- NDIS.SYS
- WDFLDR.SYS
Imported Functions
Expand
- RtlValidSid
- RtlCompareMemory
- RtlGetVersion
- SeExports
- __C_specific_handler
- ZwSetSecurityObject
- ObOpenObjectByPointer
- PsLookupProcessByProcessId
- RtlAddAccessAllowedAce
- RtlCreateAcl
- RtlLengthSid
- ZwSetInformationThread
- PsGetCurrentProcessId
- ZwQueryValueKey
- ZwOpenKey
- ZwClose
- ObfDereferenceObject
- ObReferenceObjectByHandle
- IoReleaseCancelSpinLock
- IoFreeMdl
- IoDeleteSymbolicLink
- IoDeleteDevice
- IoCreateSymbolicLink
- IoCreateDevice
- IofCompleteRequest
- IoAllocateMdl
- KeAcquireInStackQueuedSpinLock
- PsCreateSystemThread
- MmFreePagesFromMdl
- MmAllocatePagesForMdl
- MmUnmapLockedPages
- MmMapLockedPagesSpecifyCache
- MmBuildMdlForNonPagedPool
- ExDeleteNPagedLookasideList
- ExInitializeNPagedLookasideList
- ExpInterlockedPushEntrySList
- ExpInterlockedPopEntrySList
- ExQueryDepthSList
- ExFreePoolWithTag
- PsTerminateSystemThread
- KeInitializeSpinLock
- KeWaitForSingleObject
- KeSetEvent
- KeInitializeEvent
- RtlSetDaclSecurityDescriptor
- RtlCreateSecurityDescriptor
- RtlAppendUnicodeToString
- MmGetSystemRoutineAddress
- RtlInitUnicodeString
- RtlCopyUnicodeString
- swprintf_s
- ExUuidCreate
- ExAllocatePoolWithTag
- KeReleaseInStackQueuedSpinLock
- FwpsDiscardClonedStreamData0
- FwpsCloneStreamData0
- FwpsRedirectHandleDestroy0
- FwpsCompleteClassify0
- FwpsFlowRemoveContext0
- FwpmBfeStateUnsubscribeChanges0
- FwpmBfeStateSubscribeChanges0
- FwpmBfeStateGet0
- FwpsCopyStreamDataToBuffer0
- FwpsStreamInjectAsync0
- FwpsInjectNetworkReceiveAsync0
- FwpsInjectTransportReceiveAsync0
- FwpsInjectTransportSendAsync0
- FwpsConstructIpHeaderForTransportPacket0
- FwpsInjectNetworkSendAsync0
- FwpsFreeCloneNetBufferList0
- FwpsFreeNetBufferList0
- FwpsAllocateNetBufferAndNetBufferList0
- FwpsInjectionHandleDestroy0
- FwpsInjectionHandleCreate0
- FwpsFlowAbort0
- FwpmFilterAdd0
- FwpmCalloutAdd0
- FwpmSubLayerDestroyEnumHandle0
- FwpmSubLayerEnum0
- FwpmSubLayerCreateEnumHandle0
- FwpmSubLayerDeleteByKey0
- FwpmSubLayerAdd0
- FwpmProviderContextDeleteByKey0
- FwpmProviderAdd0
- FwpmTransactionAbort0
- FwpmTransactionCommit0
- FwpmTransactionBegin0
- FwpmEngineClose0
- FwpmEngineOpen0
- FwpmFreeMemory0
- FwpsRedirectHandleCreate0
- FwpsQueryPacketInjectionState0
- FwpsApplyModifiedLayerData0
- FwpsAcquireWritableLayerDataPointer0
- FwpsReleaseClassifyHandle0
- FwpsAcquireClassifyHandle0
- FwpsFlowAssociateContext0
- FwpsCalloutUnregisterByKey0
- FwpsCalloutRegister1
- FwpsPendClassify0
- NdisAllocateNetBufferListPool
- NdisAdvanceNetBufferDataStart
- NdisGetDataBuffer
- NdisAllocateGenericObject
- NdisFreeGenericObject
- NdisInitializeEvent
- NdisFreeNetBufferListPool
- NdisRetreatNetBufferDataStart
- NdisWaitEvent
- WdfVersionUnbind
- WdfVersionBindClass
- WdfVersionUnbindClass
- WdfVersionBind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "0409181b5fd5bb66755343b56f955008",
"Signature": "3eec0d5a24b3f322d115c82c7c252976a81d5d1c2d3a1ac4ef3061d77e0b60fdc33d0fc4af8bfdef2adf205537b0e1f6d192750f51b46ea58e5ae25e24814e10a4ee3f718e630e134badd75f4479f33614068af79c464e5cff90b11b070e9115fbbaafb551c28d24ae24c6c7272aa129281a3a7128023c2e91a3c02511e29c1447a17a6868af9ba75c205cd971b10c8fbba8f8c512689fcf40cb4044a513f0e6640c25084232b2368a2402fe2f727e1cd7494596e8591de9fa74646bb2eb6643dab3b08cd5e90dddf60120ce9931633d081a18b3819b4fc6931006fc0781fa8bdaf98249f7626ea153fa129418852e9291ea686c4432b266a1e718a49a6451ef",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured ID Code Signing CA",
"TBS": {
"MD5": "9359496ca4f021408b9d8923cab8b179",
"SHA1": "2aed40d7759997830870769be250199fd609e40e",
"SHA256": "e767799478f64a34b3f53ff3bb9057fe1768f4ab178041b0dcc0ff1e210cba65",
"SHA384": "5cb7e7b4f1dbccd48d10db7e71b6f8c05fcb4bcb0085a6fefcfa0c2148f9a594e59f56ac4304004f3b398e259035c40c"
},
"ValidFrom": "2013-10-22 12:00:00",
"ValidTo": "2028-10-22 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "611cb28a000000000026",
"Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
"TBS": {
"MD5": "983a0c315a50542362f2bd6a5d71c8d0",
"SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
"SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
"SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
},
"ValidFrom": "2011-04-15 19:41:37",
"ValidTo": "2021-04-15 19:51:37",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0efd9bd4b4281c6522d96011df46c9c4",
"Signature": "a4c49209083ca0c02d22e42e0f174eb979220983298f1fb3ce5f14777b955ebb967d6ab384bc924776ec4d86bab81b19775efbafb8a330efd441e89b696862ab135515ae53e585fe95f42a6029af2a7dc8b2467e7ada564c0de809404746327890d06f247b5ef420978893e616ffa622e3fbdcd37c3147d04b84ce4be2af9d7408e342e39ebf2e77b111b22d824ce50b57c8c3f6adcd11cefa69f9f5d381084fa76f6531fd8c8462d9292f4ad4c0cadb0c293e350b96e847cd5af3c4a9c4d3e22c45c7dc10908af3e41a0e9fadd5fa45ffa88d413a50bd7db8f165d67df655de0e88fe8ab2d7638ebd1eef0c514a18a3e73cd0e2a5f6a56f7c7288b4f30a6673",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=CN, ST=, L=, O=, CN=",
"TBS": {
"MD5": "a79bd916766d1d84788c637368712a33",
"SHA1": "59253425fe3216db3b4a61d841bb2e5a04b16de4",
"SHA256": "1fbfce5177088c54f2e5aaba30cd415afabd5248d49aa440a15963a9e7d2ea23",
"SHA384": "9f5c4429ac557572a26c0f0439d346ee956f6b626cbdd45caa8afe715b3aa84fdc327679c8a0486e0278ca5b806da41a"
},
"ValidFrom": "2020-04-07 00:00:00",
"ValidTo": "2023-04-12 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "300f6facdd6698747ca94636a7782db9",
"Signature": "6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
"Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA",
"TBS": {
"MD5": "63499ed59a1293b786649470e4ce0bd7",
"SHA1": "7309d8eaa65da1f3da7030c08f00a3b0a20fa908",
"SHA256": "8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937",
"SHA384": "5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811"
},
"ValidFrom": "2019-05-02 00:00:00",
"ValidTo": "2038-01-18 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "008c77a0008ff4d1b0c63d9f3a48838d6b",
"Signature": "4a0378904233ec7b1a830936339855bb9d4006306b456af1940e1950ff5b255e3be139c45bbae995903737bddffb64ece582b795cc5755704b4ef4a887dd2285a657bbb82127d4a02a31948a07219e8abda71af50215cb4450998cec3eba0377a6820290c22e93a9be21347563b9e02d0fcf0137cb8da2fab85a9aaea17a9e139319558f09902edfea881716eb69d6e125bd45089780d75420284fca7bb3b3a5d200b0603465c4e3c5c3a5e4ba85aa7a69db75a43e79689a368b43ae36d461723c0e85620da05e70db642f01c7c1a1c72494a3b23c6eb25ea2d0faa8d1b8251c16e6c0d57f681ac46529352a2d88bceaae74d682e7c088b8e14f78f05ccac0405cc29fd5321c2cda3cac36f706529aa3403017b0291699c9aab78849f7e80b2533b53f6daf9f5f0a56df12b1c3eece9177e82013e95c24c7ea440b4ae613841c4deb0db5b886a030a78ba19fb42cccc01623c991e542034b80cee44de62a013ec05e85a024a11740d5dbdbe79810a4f1ea191b8054fa4789e89881a975c00edfd0689479a1a09e8eb6b74266cbd9d96b2f4dd8de3e321e20e4ec9c4d428d9dc73399823744d4262926408e782fb9eefa2ff1f18ffe50b878dd1496de1c0e70b02a856ab16c68e92ae4102b6e21fdd37c9d37e42a06d6c3f1d768e34f0779810813feb2645ee9b13ce6d07823b2092ce22662bf3ba99751ccc7443281b2afcfdf",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
"Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #2",
"TBS": {
"MD5": "6efd500ce038df7aa3087c1e63a5eb5c",
"SHA1": "1c961712a02fb995c585080eda53a753656ca3ad",
"SHA256": "f60d4f8f7b56499de889264b1e64890694c5b106129d3db068976ed33495577a",
"SHA384": "031fdf7c078e205b4d3ffaff40de36f48f91f87c3b0005b482ff614b320f5e47785045cb87a3e6a75085c24ae8409498"
},
"ValidFrom": "2020-10-23 00:00:00",
"ValidTo": "2032-01-22 23:59:59",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured ID Code Signing CA",
"SerialNumber": "0efd9bd4b4281c6522d96011df46c9c4",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 611cb28a000000000026
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 983a0c315a50542362f2bd6a5d71c8d0 |
| ToBeSigned (TBS) SHA1 | 8047f476001f5cb16a661d2a3fd0c3576168f5e2 |
| ToBeSigned (TBS) SHA256 | 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA |
| ValidFrom | 2011-04-15 19:41:37 |
| ValidTo | 2021-04-15 19:51:37 |
| Signature | 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611cb28a000000000026 |
| Version | 3 |
Certificate 0dd7d4a785990584d8c0837659173272
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 559c170b8f735dd1ba8c3946354c4fa5 |
| ToBeSigned (TBS) SHA1 | e7432e65001ca5e56478ee25ae9906981432ee75 |
| ToBeSigned (TBS) SHA256 | 1c6140780d5210fb89e1dd3005184e03dc52740266a921035b1f836b5af0d32a |
| Subject | C=CN, ST=, L=, O=, CN= |
| ValidFrom | 2020-04-07 00:00:00 |
| ValidTo | 2023-04-12 12:00:00 |
| Signature | 056b54cd71b6206297f5e781cbdd5fd3e1d00efd8902ba8fa5e88fa99f3e4de7f620d29685cd48f2e229845102cae6eeaf3dd16087873576b35af8bde8b369baf14d6956c881d4d55c730734db3029c84b83eabed46aeaf79daacc1821220e82886a9b499923225ac471a3df7389ab99693d7a950c07f7fcb4da549ed53c462676b259c867b31f317552cbdbeb331b537ec9b3ca4ab68c26a47aede38fd3a33253655442c4a6113cd16669660e55088a03650dc6c1c5fe52aabd613651e5f0a45096bfc3baeafc386bbe75b53909d4974cc360a491cb19090b681bca3dda039ee52b5bd5fdf1ff157625ad1f54db0e14b571e00d7119bfbd667df0cd517e77bd |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0dd7d4a785990584d8c0837659173272 |
| Version | 3 |
Certificate 03019a023aff58b16bd6d5eae617f066
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a752afee44f017e8d74e3f3eb7914ae3 |
| ToBeSigned (TBS) SHA1 | 8eca80a6b80e9c69dcef7745748524afb8019e2d |
| ToBeSigned (TBS) SHA256 | 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1 |
| Subject | C=US, O=DigiCert, CN=DigiCert Timestamp Responder |
| ValidFrom | 2014-10-22 00:00:00 |
| ValidTo | 2024-10-22 00:00:00 |
| Signature | 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 03019a023aff58b16bd6d5eae617f066 |
| Version | 3 |
Certificate 0fa8490615d700a0be2176fdc5ec6dbd
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a9a31555bbc92b6033975c5428fb3679 |
| ToBeSigned (TBS) SHA1 | 47f4b9898631773231b32844ec0d49990ac4eb1e |
| ToBeSigned (TBS) SHA256 | c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1 |
| ValidFrom | 2011-02-11 12:00:00 |
| ValidTo | 2026-02-10 12:00:00 |
| Signature | 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 0fa8490615d700a0be2176fdc5ec6dbd |
| Version | 3 |
Certificate 06fdf9039603adea000aeb3f27bbba1b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 4e5ad189638cf52ba9cd881d4d44668c |
| ToBeSigned (TBS) SHA1 | cdc115e98d798b33904c820d63cc1e1afc19251d |
| ToBeSigned (TBS) SHA256 | 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1 |
| ValidFrom | 2006-11-10 00:00:00 |
| ValidTo | 2021-11-10 00:00:00 |
| Signature | 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 06fdf9039603adea000aeb3f27bbba1b |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- HAL.dll
- TDI.SYS
Imported Functions
Expand
- IoCreateSymbolicLink
- IoCreateDevice
- IoDeleteSymbolicLink
- IofCompleteRequest
- ZwClose
- ObfDereferenceObject
- ObOpenObjectByPointer
- PsLookupProcessByProcessId
- MmGetSystemRoutineAddress
- RtlInitUnicodeString
- IoDetachDevice
- IofCallDriver
- IoFreeMdl
- memcpy
- MmBuildMdlForNonPagedPool
- IoBuildDeviceIoControlRequest
- IoAllocateMdl
- RtlDowncaseUnicodeString
- PsGetCurrentProcessId
- KeWaitForSingleObject
- KeInitializeEvent
- KeInsertQueueDpc
- IoReleaseCancelSpinLock
- ObReferenceObjectByHandle
- IoDeleteDevice
- MmMapLockedPagesSpecifyCache
- IoAllocateIrp
- KeInitializeTimer
- KeInitializeDpc
- RtlAppendUnicodeToString
- IoAttachDeviceToDeviceStack
- IoGetDeviceObjectPointer
- KeSetTimer
- MmUnmapLockedPages
- MmFreePagesFromMdl
- MmAllocatePagesForMdl
- ZwQueryValueKey
- ZwOpenKey
- ZwSetSecurityObject
- RtlSetDaclSecurityDescriptor
- RtlCreateSecurityDescriptor
- RtlAddAccessAllowedAce
- RtlCreateAcl
- SeExports
- RtlLengthSid
- KeTickCount
- KeBugCheckEx
- RtlUnwind
- _aullrem
- ExFreePoolWithTag
- memset
- IoFreeIrp
- ExAllocatePoolWithTag
- KfAcquireSpinLock
- KfReleaseSpinLock
- TdiMapUserRequest
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "0409181b5fd5bb66755343b56f955008",
"Signature": "3eec0d5a24b3f322d115c82c7c252976a81d5d1c2d3a1ac4ef3061d77e0b60fdc33d0fc4af8bfdef2adf205537b0e1f6d192750f51b46ea58e5ae25e24814e10a4ee3f718e630e134badd75f4479f33614068af79c464e5cff90b11b070e9115fbbaafb551c28d24ae24c6c7272aa129281a3a7128023c2e91a3c02511e29c1447a17a6868af9ba75c205cd971b10c8fbba8f8c512689fcf40cb4044a513f0e6640c25084232b2368a2402fe2f727e1cd7494596e8591de9fa74646bb2eb6643dab3b08cd5e90dddf60120ce9931633d081a18b3819b4fc6931006fc0781fa8bdaf98249f7626ea153fa129418852e9291ea686c4432b266a1e718a49a6451ef",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured ID Code Signing CA",
"TBS": {
"MD5": "9359496ca4f021408b9d8923cab8b179",
"SHA1": "2aed40d7759997830870769be250199fd609e40e",
"SHA256": "e767799478f64a34b3f53ff3bb9057fe1768f4ab178041b0dcc0ff1e210cba65",
"SHA384": "5cb7e7b4f1dbccd48d10db7e71b6f8c05fcb4bcb0085a6fefcfa0c2148f9a594e59f56ac4304004f3b398e259035c40c"
},
"ValidFrom": "2013-10-22 12:00:00",
"ValidTo": "2028-10-22 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "611cb28a000000000026",
"Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
"TBS": {
"MD5": "983a0c315a50542362f2bd6a5d71c8d0",
"SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
"SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
"SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
},
"ValidFrom": "2011-04-15 19:41:37",
"ValidTo": "2021-04-15 19:51:37",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0efd9bd4b4281c6522d96011df46c9c4",
"Signature": "a4c49209083ca0c02d22e42e0f174eb979220983298f1fb3ce5f14777b955ebb967d6ab384bc924776ec4d86bab81b19775efbafb8a330efd441e89b696862ab135515ae53e585fe95f42a6029af2a7dc8b2467e7ada564c0de809404746327890d06f247b5ef420978893e616ffa622e3fbdcd37c3147d04b84ce4be2af9d7408e342e39ebf2e77b111b22d824ce50b57c8c3f6adcd11cefa69f9f5d381084fa76f6531fd8c8462d9292f4ad4c0cadb0c293e350b96e847cd5af3c4a9c4d3e22c45c7dc10908af3e41a0e9fadd5fa45ffa88d413a50bd7db8f165d67df655de0e88fe8ab2d7638ebd1eef0c514a18a3e73cd0e2a5f6a56f7c7288b4f30a6673",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=CN, ST=, L=, O=, CN=",
"TBS": {
"MD5": "a79bd916766d1d84788c637368712a33",
"SHA1": "59253425fe3216db3b4a61d841bb2e5a04b16de4",
"SHA256": "1fbfce5177088c54f2e5aaba30cd415afabd5248d49aa440a15963a9e7d2ea23",
"SHA384": "9f5c4429ac557572a26c0f0439d346ee956f6b626cbdd45caa8afe715b3aa84fdc327679c8a0486e0278ca5b806da41a"
},
"ValidFrom": "2020-04-07 00:00:00",
"ValidTo": "2023-04-12 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "300f6facdd6698747ca94636a7782db9",
"Signature": "6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
"Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA",
"TBS": {
"MD5": "63499ed59a1293b786649470e4ce0bd7",
"SHA1": "7309d8eaa65da1f3da7030c08f00a3b0a20fa908",
"SHA256": "8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937",
"SHA384": "5dbc5eae13908fee4c4e5216f87e3e87208fff0d1052f5fa9f0856a429d6a6c422c625f2318f2f29aea26ece09c1e811"
},
"ValidFrom": "2019-05-02 00:00:00",
"ValidTo": "2038-01-18 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "008c77a0008ff4d1b0c63d9f3a48838d6b",
"Signature": "4a0378904233ec7b1a830936339855bb9d4006306b456af1940e1950ff5b255e3be139c45bbae995903737bddffb64ece582b795cc5755704b4ef4a887dd2285a657bbb82127d4a02a31948a07219e8abda71af50215cb4450998cec3eba0377a6820290c22e93a9be21347563b9e02d0fcf0137cb8da2fab85a9aaea17a9e139319558f09902edfea881716eb69d6e125bd45089780d75420284fca7bb3b3a5d200b0603465c4e3c5c3a5e4ba85aa7a69db75a43e79689a368b43ae36d461723c0e85620da05e70db642f01c7c1a1c72494a3b23c6eb25ea2d0faa8d1b8251c16e6c0d57f681ac46529352a2d88bceaae74d682e7c088b8e14f78f05ccac0405cc29fd5321c2cda3cac36f706529aa3403017b0291699c9aab78849f7e80b2533b53f6daf9f5f0a56df12b1c3eece9177e82013e95c24c7ea440b4ae613841c4deb0db5b886a030a78ba19fb42cccc01623c991e542034b80cee44de62a013ec05e85a024a11740d5dbdbe79810a4f1ea191b8054fa4789e89881a975c00edfd0689479a1a09e8eb6b74266cbd9d96b2f4dd8de3e321e20e4ec9c4d428d9dc73399823744d4262926408e782fb9eefa2ff1f18ffe50b878dd1496de1c0e70b02a856ab16c68e92ae4102b6e21fdd37c9d37e42a06d6c3f1d768e34f0779810813feb2645ee9b13ce6d07823b2092ce22662bf3ba99751ccc7443281b2afcfdf",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
"Subject": "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #2",
"TBS": {
"MD5": "6efd500ce038df7aa3087c1e63a5eb5c",
"SHA1": "1c961712a02fb995c585080eda53a753656ca3ad",
"SHA256": "f60d4f8f7b56499de889264b1e64890694c5b106129d3db068976ed33495577a",
"SHA384": "031fdf7c078e205b4d3ffaff40de36f48f91f87c3b0005b482ff614b320f5e47785045cb87a3e6a75085c24ae8409498"
},
"ValidFrom": "2020-10-23 00:00:00",
"ValidTo": "2032-01-22 23:59:59",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured ID Code Signing CA",
"SerialNumber": "0efd9bd4b4281c6522d96011df46c9c4",
"Version": 1
}
],
"SignerInfo": ""
}
source
last_updated: 2024-09-26
