c2e98102-2055-48f0-9449-3e7a7f2c0ffe
idmtdi.sys 
Description
Sophos, from time to time, has observed a threat actor deploy variants of Poortry on different machines within a single estate during an attack. These variants contain the same payload, but signed with a different certificate than the driver first seen used during the attack.
This download link contains the malicious driver!
Commands
| Use Case | Privileges | Operating System |
|---|---|---|
| Elevate privileges | kernel | Windows 10 |
Detections
YARA 🏹
Resources
Known Vulnerable Samples
| Property | Value |
|---|---|
| Filename | |
| Creation Timestamp | 2023-06-23 11:18:09 |
| MD5 | 44a0db8d9ea165b2ae5e84b72550a4e7 |
| SHA1 | 3dc2887dbb227d780bf05fd25235d7314a67e9ed |
| SHA256 | 44ebb0f534e7cdfec06d5234358d219798a313219b214d72aa23afc5a57d7ea9 |
| Authentihash MD5 | f706fa9c39f2ac707988e849963c5195 |
| Authentihash SHA1 | 6639afb03930b08009eb7e60d9557b2130cd0421 |
| Authentihash SHA256 | af5a2122b55ee9d8cd3dd49c4ac41bfc9b354912480f06fa7de19829c00c2720 |
| RichPEHeaderHash MD5 | ffdf660eb1ebf020a1d0a55a90712dfb |
| RichPEHeaderHash SHA1 | 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3 |
| RichPEHeaderHash SHA256 | 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6 |
| Company | Tonec Inc. |
| Description | Internet Download Manager TDI Driver |
| Product | Internet Download Manager |
| OriginalFilename | idmtdi.sys |
Certificates
Expand
Certificate 7f67150fbb0d254e474284c7f7819c4f
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 37f3c75288f06dcd39025a0b2a947217 |
| ToBeSigned (TBS) SHA1 | 03f6b4f0c154fd95079939c2be18e9c1b4629ad6 |
| ToBeSigned (TBS) SHA256 | fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1 |
| Subject | C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO |
| ValidFrom | 2013-04-09 00:00:00 |
| ValidTo | 2014-04-09 23:59:59 |
| Signature | b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 7f67150fbb0d254e474284c7f7819c4f |
| Version | 3 |
Certificate 47974d7873a5bcab0d2fb370192fce5e
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | e3a93dc2a8a8a668fdbb286bfe9afab5 |
| ToBeSigned (TBS) SHA1 | 95795d2aa2a554a423bc8c6e5b0a016d14887d35 |
| ToBeSigned (TBS) SHA256 | d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e |
| Subject | C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2 |
| ValidFrom | 2010-02-08 00:00:00 |
| ValidTo | 2020-02-07 23:59:59 |
| Signature | 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 47974d7873a5bcab0d2fb370192fce5e |
| Version | 3 |
Certificate 611fb0a400000000001d
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | a3f222107d4e1085e73b5b589c2f480b |
| ToBeSigned (TBS) SHA1 | b94aa26cd77c48d91a53ac44506cbd255e1d362c |
| ToBeSigned (TBS) SHA256 | a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa |
| Subject | C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA |
| ValidFrom | 2011-02-22 19:31:57 |
| ValidTo | 2021-02-22 19:41:57 |
| Signature | 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611fb0a400000000001d |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- HAL.dll
- ntoskrnl.exe
- HAL.dll
Imported Functions
Expand
- KeInitializeEvent
- HalReturnToFirmware
- ExAllocatePool
- NtQuerySystemInformation
- ExFreePoolWithTag
- IoAllocateMdl
- MmProbeAndLockPages
- MmMapLockedPagesSpecifyCache
- MmUnlockPages
- IoFreeMdl
- KeQueryActiveProcessors
- KeSetSystemAffinityThread
- KeRevertToUserAffinityThread
- DbgPrint
- KeQueryPerformanceCounter
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .!0e
- .Pc\
- .qi'
- .reloc
- .rsrc
Signature
Expand
1
{
2
"Certificates": [
3
{
4
"IsCertificateAuthority": false,
5
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
6
"Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
7
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
8
"Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
9
"TBS": {
10
"MD5": "37f3c75288f06dcd39025a0b2a947217",
11
"SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
12
"SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
13
"SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
14
},
15
"ValidFrom": "2013-04-09 00:00:00",
16
"ValidTo": "2014-04-09 23:59:59",
17
"Version": 3
18
},
19
{
20
"IsCertificateAuthority": true,
21
"SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
22
"Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
23
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
24
"Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
25
"TBS": {
26
"MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
27
"SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
28
"SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
29
"SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
30
},
31
"ValidFrom": "2010-02-08 00:00:00",
32
"ValidTo": "2020-02-07 23:59:59",
33
"Version": 3
34
},
35
{
36
"IsCertificateAuthority": true,
37
"SerialNumber": "611fb0a400000000001d",
38
"Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
39
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
40
"Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
41
"TBS": {
42
"MD5": "a3f222107d4e1085e73b5b589c2f480b",
43
"SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
44
"SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
45
"SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
46
},
47
"ValidFrom": "2011-02-22 19:31:57",
48
"ValidTo": "2021-02-22 19:41:57",
49
"Version": 3
50
}
51
],
52
"CertificatesInfo": "",
53
"Signer": [
54
{
55
"Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
56
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
57
"Version": 1
58
}
59
],
60
"SignerInfo": ""
61
}
not set
| Property | Value |
|---|---|
| Filename | |
| Creation Timestamp | 2024-08-09 07:59:20 |
| MD5 | 66d0f20927a7acc0f6821d73f468c647 |
| SHA1 | e179f62fb4f074284945f3ab90406d2d3f19ee73 |
| SHA256 | 08c4b75a9b715647a60b946f3743c4e49a6f5c36c1bc889e741d658508dc50c0 |
| Authentihash MD5 | d7548fde7f3b5958b096876578154dbc |
| Authentihash SHA1 | 5934b4583513046dbb5c5dd56e56dafaf2162af7 |
| Authentihash SHA256 | 2e6b039e10d2b93fbce625ecb7bf04b38eac69b96385fc3b28541c8da78fd8ad |
| RichPEHeaderHash MD5 | 0aa427f4ccc6e84d37c6e781da65e484 |
| RichPEHeaderHash SHA1 | 080cd8a498eccf8478fc81dbb719a25464947eee |
| RichPEHeaderHash SHA256 | 9e1bc00124c20f1de4dcd2e06a2ca018d3e5732b6fedccac185afe5c90ed45a2 |
Certificates
Expand
Certificate 7f67150fbb0d254e474284c7f7819c4f
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 37f3c75288f06dcd39025a0b2a947217 |
| ToBeSigned (TBS) SHA1 | 03f6b4f0c154fd95079939c2be18e9c1b4629ad6 |
| ToBeSigned (TBS) SHA256 | fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1 |
| Subject | C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO |
| ValidFrom | 2013-04-09 00:00:00 |
| ValidTo | 2014-04-09 23:59:59 |
| Signature | b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 7f67150fbb0d254e474284c7f7819c4f |
| Version | 3 |
Certificate 47974d7873a5bcab0d2fb370192fce5e
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | e3a93dc2a8a8a668fdbb286bfe9afab5 |
| ToBeSigned (TBS) SHA1 | 95795d2aa2a554a423bc8c6e5b0a016d14887d35 |
| ToBeSigned (TBS) SHA256 | d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e |
| Subject | C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2 |
| ValidFrom | 2010-02-08 00:00:00 |
| ValidTo | 2020-02-07 23:59:59 |
| Signature | 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 47974d7873a5bcab0d2fb370192fce5e |
| Version | 3 |
Certificate 611fb0a400000000001d
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | a3f222107d4e1085e73b5b589c2f480b |
| ToBeSigned (TBS) SHA1 | b94aa26cd77c48d91a53ac44506cbd255e1d362c |
| ToBeSigned (TBS) SHA256 | a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa |
| Subject | C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA |
| ValidFrom | 2011-02-22 19:31:57 |
| ValidTo | 2021-02-22 19:41:57 |
| Signature | 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611fb0a400000000001d |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- ntoskrnl.exe
- hal.dll
Imported Functions
Expand
- RtlInitUnicodeString
- RtlGetVersion
- ZwCreateFile
- ZwClose
- wcsncpy
- RtlQueryRegistryValues
- RtlCopyUnicodeString
- RtlAppendUnicodeStringToString
- DbgPrint
- KeInitializeEvent
- ExAllocatePool
- ExAllocatePoolWithTag
- ExFreePoolWithTag
- ExInitializeNPagedLookasideList
- PsCreateSystemThread
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoGetCurrentProcess
- IoRegisterShutdownNotification
- ZwOpenKey
- ZwEnumerateKey
- ZwQueryKey
- MmIsAddressValid
- PsSetLoadImageNotifyRoutine
- ZwQueryDirectoryFile
- wcscmp
- _strlwr
- RtlInitAnsiString
- RtlUnicodeStringToAnsiString
- RtlFreeAnsiString
- ZwQueryValueKey
- strstr
- _strupr
- wcsncat
- wcsncmp
- wcsrchr
- wcsstr
- _wcsicmp
- _wcslwr
- RtlAnsiStringToUnicodeString
- RtlEqualUnicodeString
- RtlFreeUnicodeString
- RtlTimeToTimeFields
- KeSetEvent
- KeDelayExecutionThread
- KeWaitForSingleObject
- KeAcquireSpinLockRaiseToDpc
- KeReleaseSpinLock
- KeQueryTimeIncrement
- ExSystemTimeToLocalTime
- MmProbeAndLockPages
- MmUnlockPages
- MmMapLockedPagesSpecifyCache
- MmUnmapLockedPages
- PsGetVersion
- IoAllocateMdl
- IofCompleteRequest
- IoFreeIrp
- IoFreeMdl
- IoGetDeviceObjectPointer
- ObfDereferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwDeleteFile
- sprintf
- swprintf
- _snwprintf
- rand
- srand
- ObReferenceObjectByName
- __C_specific_handler
- IoDriverObjectType
- ProbeForRead
- PsTerminateSystemThread
- ExQueryDepthSList
- ExpInterlockedPopEntrySList
- ExpInterlockedPushEntrySList
- ExDeleteNPagedLookasideList
- strncpy
- _vsnprintf
- RtlInitString
- ZwOpenFile
- ZwCreateSection
- ZwMapViewOfSection
- RtlCompareString
- PsGetCurrentProcessId
- PsLookupProcessByProcessId
- RtlImageNtHeader
- PsGetProcessPeb
- strchr
- _wcsupr
- RtlWriteRegistryValue
- RtlDeleteRegistryValue
- ZwCreateKey
- ZwDeleteKey
- ZwEnumerateValueKey
- atoi
- mbstowcs
- __chkstk
- strncmp
- _strnicmp
- strrchr
- ExAcquireFastMutex
- ExReleaseFastMutex
- _snprintf
- ObfReferenceObject
- IoAllocateIrp
- IoBuildDeviceIoControlRequest
- IofCallDriver
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- RtlCompareUnicodeString
- MmGetSystemRoutineAddress
- IoCreateFile
- IoGetFileObjectGenericMapping
- ObQueryNameString
- ZwOpenDirectoryObject
- ObCreateObject
- SeCreateAccessState
- IoFileObjectType
- PsThreadType
- RtlAppendUnicodeToString
- RtlCompareMemory
- IoUnregisterShutdownNotification
- ZwOpenSymbolicLinkObject
- ZwQuerySymbolicLinkObject
- PsSetCreateProcessNotifyRoutine
- PsSetCreateProcessNotifyRoutineEx
- ZwOpenProcess
- ZwQuerySystemInformation
- RtlImageDirectoryEntryToData
- RtlCreateSecurityDescriptor
- RtlSetDaclSecurityDescriptor
- IoStopTimer
- PsRemoveLoadImageNotifyRoutine
- RtlLengthSid
- RtlCreateAcl
- RtlAddAccessAllowedAce
- IoGetDeviceAttachmentBaseRef
- ZwSetSecurityObject
- SeExports
- _stricmp
- NtOpenProcess
- ZwQueryObject
- ZwDuplicateObject
- PsLookupThreadByThreadId
- ZwOpenThread
- ZwUnloadKey
- ZwLoadKey
- ZwUnmapViewOfSection
- ZwSetValueKey
- ObSetHandleAttributes
- KeStackAttachProcess
- KeUnstackDetachProcess
- PsInitialSystemProcess
- ZwAllocateVirtualMemory
- PsIsThreadTerminating
- KeInitializeApc
- KeInsertQueueApc
- ExInitializePagedLookasideList
- ExDeletePagedLookasideList
- CmRegisterCallback
- CmUnRegisterCallback
- KeAcquireInStackQueuedSpinLock
- KeReleaseInStackQueuedSpinLock
- KeClearEvent
- KeBugCheckEx
- RtlUnicodeStringToInteger
- MmAllocatePagesForMdl
- MmFreePagesFromMdl
- MmAllocateContiguousMemory
- MmFreeContiguousMemory
- MmMapViewInSystemSpace
- MmUnmapViewInSystemSpace
- MmSectionObjectType
- RtlCaptureContext
- KeCapturePersistentThreadState
- MmSystemRangeStart
- IoDeviceObjectType
- KeRevertToUserAffinityThread
- KeSetSystemAffinityThread
- KeCancelTimer
- KeNumberProcessors
- IoAllocateMdl
- MmProbeAndLockPages
- MmMapLockedPagesSpecifyCache
- MmUnlockPages
- IoFreeMdl
- ExAllocatePool
- ExFreePool
- NtQuerySystemInformation
- HalMakeBeep
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .vvd0
- .vvd1
- .reloc
Signature
Expand
1
{
2
"Certificates": [
3
{
4
"IsCertificateAuthority": false,
5
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
6
"Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
7
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
8
"Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
9
"TBS": {
10
"MD5": "37f3c75288f06dcd39025a0b2a947217",
11
"SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
12
"SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
13
"SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
14
},
15
"ValidFrom": "2013-04-09 00:00:00",
16
"ValidTo": "2014-04-09 23:59:59",
17
"Version": 3
18
},
19
{
20
"IsCertificateAuthority": true,
21
"SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
22
"Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
23
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
24
"Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
25
"TBS": {
26
"MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
27
"SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
28
"SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
29
"SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
30
},
31
"ValidFrom": "2010-02-08 00:00:00",
32
"ValidTo": "2020-02-07 23:59:59",
33
"Version": 3
34
},
35
{
36
"IsCertificateAuthority": true,
37
"SerialNumber": "611fb0a400000000001d",
38
"Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
39
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
40
"Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
41
"TBS": {
42
"MD5": "a3f222107d4e1085e73b5b589c2f480b",
43
"SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
44
"SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
45
"SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
46
},
47
"ValidFrom": "2011-02-22 19:31:57",
48
"ValidTo": "2021-02-22 19:41:57",
49
"Version": 3
50
}
51
],
52
"CertificatesInfo": "",
53
"Signer": [
54
{
55
"Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
56
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
57
"Version": 1
58
}
59
],
60
"SignerInfo": ""
61
}
not set
| Property | Value |
|---|---|
| Filename | |
| Creation Timestamp | 2011-01-06 11:22:51 |
| MD5 | cf1bc2fb73f82c43e05541100808a217 |
| SHA1 | c99b1093d11469729796ab5743c4bb1d16e3b975 |
| SHA256 | 94b87b1cdaf1d86c2bc4eacef45608d0f16fdd3b981b88cdddc16b6bc64fe25d |
| Authentihash MD5 | 458a279f1f8d6f5d687e2a2a9e31bad2 |
| Authentihash SHA1 | a183c6b212bca915e6deb0d4dfae3fe4b970cd52 |
| Authentihash SHA256 | 289761eef2976b001879181b97324408e849729dbf41403fb73ee85565667012 |
| RichPEHeaderHash MD5 | ffdf660eb1ebf020a1d0a55a90712dfb |
| RichPEHeaderHash SHA1 | 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3 |
| RichPEHeaderHash SHA256 | 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6 |
| Company | CrowdStrike, Inc. |
| Description | CrowdStrike Falcon Sensor Driver |
| Product | CrowdStrike Falcon Sensor |
| OriginalFilename | CSAgent.sys |
Certificates
Expand
Certificate 7f67150fbb0d254e474284c7f7819c4f
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 37f3c75288f06dcd39025a0b2a947217 |
| ToBeSigned (TBS) SHA1 | 03f6b4f0c154fd95079939c2be18e9c1b4629ad6 |
| ToBeSigned (TBS) SHA256 | fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1 |
| Subject | C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO |
| ValidFrom | 2013-04-09 00:00:00 |
| ValidTo | 2014-04-09 23:59:59 |
| Signature | b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 7f67150fbb0d254e474284c7f7819c4f |
| Version | 3 |
Certificate 47974d7873a5bcab0d2fb370192fce5e
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | e3a93dc2a8a8a668fdbb286bfe9afab5 |
| ToBeSigned (TBS) SHA1 | 95795d2aa2a554a423bc8c6e5b0a016d14887d35 |
| ToBeSigned (TBS) SHA256 | d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e |
| Subject | C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2 |
| ValidFrom | 2010-02-08 00:00:00 |
| ValidTo | 2020-02-07 23:59:59 |
| Signature | 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 47974d7873a5bcab0d2fb370192fce5e |
| Version | 3 |
Certificate 611fb0a400000000001d
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | a3f222107d4e1085e73b5b589c2f480b |
| ToBeSigned (TBS) SHA1 | b94aa26cd77c48d91a53ac44506cbd255e1d362c |
| ToBeSigned (TBS) SHA256 | a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa |
| Subject | C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA |
| ValidFrom | 2011-02-22 19:31:57 |
| ValidTo | 2021-02-22 19:41:57 |
| Signature | 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611fb0a400000000001d |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- HAL.dll
- ntoskrnl.exe
- HAL.dll
Imported Functions
Expand
- RtlInitUnicodeString
- HalReturnToFirmware
- ExAllocatePool
- NtQuerySystemInformation
- ExFreePoolWithTag
- IoAllocateMdl
- MmProbeAndLockPages
- MmMapLockedPagesSpecifyCache
- MmUnlockPages
- IoFreeMdl
- KeQueryActiveProcessors
- KeSetSystemAffinityThread
- KeRevertToUserAffinityThread
- DbgPrint
- KeQueryPerformanceCounter
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .hSc
- .%\I
- .>F2
- .reloc
- .rsrc
Signature
Expand
1
{
2
"Certificates": [
3
{
4
"IsCertificateAuthority": false,
5
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
6
"Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
7
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
8
"Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
9
"TBS": {
10
"MD5": "37f3c75288f06dcd39025a0b2a947217",
11
"SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
12
"SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
13
"SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
14
},
15
"ValidFrom": "2013-04-09 00:00:00",
16
"ValidTo": "2014-04-09 23:59:59",
17
"Version": 3
18
},
19
{
20
"IsCertificateAuthority": true,
21
"SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
22
"Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
23
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
24
"Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
25
"TBS": {
26
"MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
27
"SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
28
"SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
29
"SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
30
},
31
"ValidFrom": "2010-02-08 00:00:00",
32
"ValidTo": "2020-02-07 23:59:59",
33
"Version": 3
34
},
35
{
36
"IsCertificateAuthority": true,
37
"SerialNumber": "611fb0a400000000001d",
38
"Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
39
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
40
"Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
41
"TBS": {
42
"MD5": "a3f222107d4e1085e73b5b589c2f480b",
43
"SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
44
"SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
45
"SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
46
},
47
"ValidFrom": "2011-02-22 19:31:57",
48
"ValidTo": "2021-02-22 19:41:57",
49
"Version": 3
50
}
51
],
52
"CertificatesInfo": "",
53
"Signer": [
54
{
55
"Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
56
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
57
"Version": 1
58
}
59
],
60
"SignerInfo": ""
61
}
not set
| Property | Value |
|---|---|
| Filename | |
| Creation Timestamp | 2024-04-09 00:59:14 |
| MD5 | 8cf9ec579ba36fc4a4edbc4788b5f209 |
| SHA1 | 2e96749e78704b8ca13ec84bd047dd271eb12122 |
| SHA256 | 7af2ff5d405cf9cd1aee2410a969ba22d6df78d98e9d4e60cbe624d8a3bc64a6 |
| Authentihash MD5 | fc2fd705cecd3993671d50fb4cec1117 |
| Authentihash SHA1 | 841992de018af75bb70c878146359c19c0753f04 |
| Authentihash SHA256 | d40f6a680914df8c6cf8dda62332ad829a91815ad94439b920af986f93939a7d |
| RichPEHeaderHash MD5 | e7bb28fb62abfc8c1c684963ebbc34bc |
| RichPEHeaderHash SHA1 | 180285ea1dfdd472ba7bceeac8d02da69e1af4ff |
| RichPEHeaderHash SHA256 | 44f8146727b7e2106d1ac99346d8e7454d95e010db3df3b588290a8d36be4836 |
Certificates
Expand
Certificate 7f67150fbb0d254e474284c7f7819c4f
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 37f3c75288f06dcd39025a0b2a947217 |
| ToBeSigned (TBS) SHA1 | 03f6b4f0c154fd95079939c2be18e9c1b4629ad6 |
| ToBeSigned (TBS) SHA256 | fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1 |
| Subject | C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO |
| ValidFrom | 2013-04-09 00:00:00 |
| ValidTo | 2014-04-09 23:59:59 |
| Signature | b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 7f67150fbb0d254e474284c7f7819c4f |
| Version | 3 |
Certificate 47974d7873a5bcab0d2fb370192fce5e
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | e3a93dc2a8a8a668fdbb286bfe9afab5 |
| ToBeSigned (TBS) SHA1 | 95795d2aa2a554a423bc8c6e5b0a016d14887d35 |
| ToBeSigned (TBS) SHA256 | d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e |
| Subject | C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2 |
| ValidFrom | 2010-02-08 00:00:00 |
| ValidTo | 2020-02-07 23:59:59 |
| Signature | 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 47974d7873a5bcab0d2fb370192fce5e |
| Version | 3 |
Certificate 611fb0a400000000001d
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | a3f222107d4e1085e73b5b589c2f480b |
| ToBeSigned (TBS) SHA1 | b94aa26cd77c48d91a53ac44506cbd255e1d362c |
| ToBeSigned (TBS) SHA256 | a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa |
| Subject | C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA |
| ValidFrom | 2011-02-22 19:31:57 |
| ValidTo | 2021-02-22 19:41:57 |
| Signature | 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611fb0a400000000001d |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- ntoskrnl.exe
- hal.dll
Imported Functions
Expand
- RtlInitUnicodeString
- RtlGetVersion
- ZwCreateFile
- ZwClose
- wcsncpy
- RtlQueryRegistryValues
- RtlCopyUnicodeString
- RtlAppendUnicodeStringToString
- DbgPrint
- KeInitializeEvent
- ExAllocatePool
- ExAllocatePoolWithTag
- ExFreePoolWithTag
- ExInitializeNPagedLookasideList
- PsCreateSystemThread
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoGetCurrentProcess
- IoRegisterShutdownNotification
- ZwOpenKey
- ZwEnumerateKey
- ZwQueryKey
- MmIsAddressValid
- PsSetLoadImageNotifyRoutine
- ZwQueryDirectoryFile
- _strlwr
- RtlInitAnsiString
- RtlUnicodeStringToAnsiString
- RtlFreeAnsiString
- ZwQueryValueKey
- strstr
- _strupr
- wcsncat
- wcsncmp
- wcsrchr
- wcsstr
- _wcslwr
- RtlAnsiStringToUnicodeString
- RtlFreeUnicodeString
- RtlTimeToTimeFields
- KeSetEvent
- KeDelayExecutionThread
- KeWaitForSingleObject
- KeAcquireSpinLockRaiseToDpc
- KeReleaseSpinLock
- KeQueryTimeIncrement
- ExSystemTimeToLocalTime
- MmProbeAndLockPages
- MmUnlockPages
- MmMapLockedPagesSpecifyCache
- MmUnmapLockedPages
- PsGetVersion
- IoAllocateMdl
- IofCompleteRequest
- IoFreeIrp
- IoFreeMdl
- IoGetDeviceObjectPointer
- ObfDereferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwDeleteFile
- sprintf
- swprintf
- _snwprintf
- rand
- srand
- ObReferenceObjectByName
- __C_specific_handler
- IoDriverObjectType
- ProbeForRead
- PsTerminateSystemThread
- ExQueryDepthSList
- ExpInterlockedPopEntrySList
- ExpInterlockedPushEntrySList
- ExDeleteNPagedLookasideList
- strncpy
- _vsnprintf
- RtlInitString
- ZwOpenFile
- ZwCreateSection
- ZwMapViewOfSection
- RtlCompareString
- PsGetCurrentProcessId
- PsLookupProcessByProcessId
- RtlImageNtHeader
- PsGetProcessPeb
- strchr
- _wcsupr
- RtlWriteRegistryValue
- RtlDeleteRegistryValue
- ZwCreateKey
- ZwDeleteKey
- ZwEnumerateValueKey
- atoi
- mbstowcs
- __chkstk
- strncmp
- _strnicmp
- strrchr
- ExAcquireFastMutex
- ExReleaseFastMutex
- _snprintf
- ObfReferenceObject
- IoAllocateIrp
- IoBuildDeviceIoControlRequest
- IofCallDriver
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- RtlCompareUnicodeString
- MmGetSystemRoutineAddress
- IoCreateFile
- IoGetFileObjectGenericMapping
- ObQueryNameString
- ZwOpenDirectoryObject
- ObCreateObject
- SeCreateAccessState
- wcscmp
- IoFileObjectType
- PsThreadType
- RtlAppendUnicodeToString
- RtlCompareMemory
- IoUnregisterShutdownNotification
- ZwOpenSymbolicLinkObject
- ZwQuerySymbolicLinkObject
- PsSetCreateProcessNotifyRoutine
- PsSetCreateProcessNotifyRoutineEx
- ZwOpenProcess
- ZwQuerySystemInformation
- RtlImageDirectoryEntryToData
- _wcsicmp
- IoStopTimer
- PsRemoveLoadImageNotifyRoutine
- IoGetDeviceAttachmentBaseRef
- _stricmp
- NtOpenProcess
- ZwQueryObject
- ZwDuplicateObject
- PsLookupThreadByThreadId
- ZwOpenThread
- ZwUnloadKey
- ZwLoadKey
- ZwUnmapViewOfSection
- ZwSetValueKey
- ObSetHandleAttributes
- KeStackAttachProcess
- KeUnstackDetachProcess
- PsInitialSystemProcess
- ZwAllocateVirtualMemory
- PsIsThreadTerminating
- KeInitializeApc
- KeInsertQueueApc
- ExInitializePagedLookasideList
- ExDeletePagedLookasideList
- CmRegisterCallback
- CmUnRegisterCallback
- KeAcquireInStackQueuedSpinLock
- KeReleaseInStackQueuedSpinLock
- KeClearEvent
- KeBugCheckEx
- RtlUnicodeStringToInteger
- MmAllocatePagesForMdl
- MmFreePagesFromMdl
- MmAllocateContiguousMemory
- MmFreeContiguousMemory
- MmMapViewInSystemSpace
- MmUnmapViewInSystemSpace
- MmSectionObjectType
- RtlCaptureContext
- KeCapturePersistentThreadState
- MmSystemRangeStart
- IoDeviceObjectType
- KeRevertToUserAffinityThread
- KeSetSystemAffinityThread
- KeCancelTimer
- KeNumberProcessors
- IoAllocateMdl
- MmProbeAndLockPages
- MmMapLockedPagesSpecifyCache
- MmUnlockPages
- IoFreeMdl
- ExAllocatePool
- ExFreePool
- NtQuerySystemInformation
- HalMakeBeep
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .vvd0
- .vvd1
- .reloc
Signature
Expand
1
{
2
"Certificates": [
3
{
4
"IsCertificateAuthority": false,
5
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
6
"Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
7
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
8
"Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
9
"TBS": {
10
"MD5": "37f3c75288f06dcd39025a0b2a947217",
11
"SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
12
"SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
13
"SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
14
},
15
"ValidFrom": "2013-04-09 00:00:00",
16
"ValidTo": "2014-04-09 23:59:59",
17
"Version": 3
18
},
19
{
20
"IsCertificateAuthority": true,
21
"SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
22
"Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
23
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
24
"Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
25
"TBS": {
26
"MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
27
"SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
28
"SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
29
"SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
30
},
31
"ValidFrom": "2010-02-08 00:00:00",
32
"ValidTo": "2020-02-07 23:59:59",
33
"Version": 3
34
},
35
{
36
"IsCertificateAuthority": true,
37
"SerialNumber": "611fb0a400000000001d",
38
"Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
39
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
40
"Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
41
"TBS": {
42
"MD5": "a3f222107d4e1085e73b5b589c2f480b",
43
"SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
44
"SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
45
"SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
46
},
47
"ValidFrom": "2011-02-22 19:31:57",
48
"ValidTo": "2021-02-22 19:41:57",
49
"Version": 3
50
}
51
],
52
"CertificatesInfo": "",
53
"Signer": [
54
{
55
"Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
56
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
57
"Version": 1
58
}
59
],
60
"SignerInfo": ""
61
}
not set
| Property | Value |
|---|---|
| Filename | |
| Creation Timestamp | 2024-04-09 00:59:14 |
| MD5 | fe499663cd2bf11e0fa3aaead28b05c9 |
| SHA1 | 2d0d89e275d2ea7a0b40af6bf5f284a9f61bcafe |
| SHA256 | 4421ff85aacbcc36695a018c5c47e884d56d62d7d5b8172bb70384ffc4d6a2e4 |
| Authentihash MD5 | 9dfb66394b42acb5709c76bedfd13bd7 |
| Authentihash SHA1 | 450a9f2f2e8f485f6bef404334b6e52f1c02050a |
| Authentihash SHA256 | e8c5227d8827405e0e13a16bbacc6959edd3de95bc167566f742a6c221a0fe75 |
| RichPEHeaderHash MD5 | e7bb28fb62abfc8c1c684963ebbc34bc |
| RichPEHeaderHash SHA1 | 180285ea1dfdd472ba7bceeac8d02da69e1af4ff |
| RichPEHeaderHash SHA256 | 44f8146727b7e2106d1ac99346d8e7454d95e010db3df3b588290a8d36be4836 |
Certificates
Expand
Certificate 7f67150fbb0d254e474284c7f7819c4f
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 37f3c75288f06dcd39025a0b2a947217 |
| ToBeSigned (TBS) SHA1 | 03f6b4f0c154fd95079939c2be18e9c1b4629ad6 |
| ToBeSigned (TBS) SHA256 | fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1 |
| Subject | C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO |
| ValidFrom | 2013-04-09 00:00:00 |
| ValidTo | 2014-04-09 23:59:59 |
| Signature | b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 7f67150fbb0d254e474284c7f7819c4f |
| Version | 3 |
Certificate 47974d7873a5bcab0d2fb370192fce5e
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | e3a93dc2a8a8a668fdbb286bfe9afab5 |
| ToBeSigned (TBS) SHA1 | 95795d2aa2a554a423bc8c6e5b0a016d14887d35 |
| ToBeSigned (TBS) SHA256 | d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e |
| Subject | C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2 |
| ValidFrom | 2010-02-08 00:00:00 |
| ValidTo | 2020-02-07 23:59:59 |
| Signature | 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 47974d7873a5bcab0d2fb370192fce5e |
| Version | 3 |
Certificate 611fb0a400000000001d
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | a3f222107d4e1085e73b5b589c2f480b |
| ToBeSigned (TBS) SHA1 | b94aa26cd77c48d91a53ac44506cbd255e1d362c |
| ToBeSigned (TBS) SHA256 | a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa |
| Subject | C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA |
| ValidFrom | 2011-02-22 19:31:57 |
| ValidTo | 2021-02-22 19:41:57 |
| Signature | 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611fb0a400000000001d |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- ntoskrnl.exe
- hal.dll
Imported Functions
Expand
- RtlInitUnicodeString
- RtlGetVersion
- ZwCreateFile
- ZwClose
- wcsncpy
- RtlQueryRegistryValues
- RtlCopyUnicodeString
- RtlAppendUnicodeStringToString
- DbgPrint
- KeInitializeEvent
- ExAllocatePool
- ExAllocatePoolWithTag
- ExFreePoolWithTag
- ExInitializeNPagedLookasideList
- PsCreateSystemThread
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoGetCurrentProcess
- IoRegisterShutdownNotification
- ZwOpenKey
- ZwEnumerateKey
- ZwQueryKey
- MmIsAddressValid
- PsSetLoadImageNotifyRoutine
- ZwQueryDirectoryFile
- _strlwr
- RtlInitAnsiString
- RtlUnicodeStringToAnsiString
- RtlFreeAnsiString
- ZwQueryValueKey
- strstr
- _strupr
- wcsncat
- wcsncmp
- wcsrchr
- wcsstr
- _wcslwr
- RtlAnsiStringToUnicodeString
- RtlFreeUnicodeString
- RtlTimeToTimeFields
- KeSetEvent
- KeDelayExecutionThread
- KeWaitForSingleObject
- KeAcquireSpinLockRaiseToDpc
- KeReleaseSpinLock
- KeQueryTimeIncrement
- ExSystemTimeToLocalTime
- MmProbeAndLockPages
- MmUnlockPages
- MmMapLockedPagesSpecifyCache
- MmUnmapLockedPages
- PsGetVersion
- IoAllocateMdl
- IofCompleteRequest
- IoFreeIrp
- IoFreeMdl
- IoGetDeviceObjectPointer
- ObfDereferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwDeleteFile
- sprintf
- swprintf
- _snwprintf
- rand
- srand
- ObReferenceObjectByName
- __C_specific_handler
- IoDriverObjectType
- ProbeForRead
- PsTerminateSystemThread
- ExQueryDepthSList
- ExpInterlockedPopEntrySList
- ExpInterlockedPushEntrySList
- ExDeleteNPagedLookasideList
- strncpy
- _vsnprintf
- RtlInitString
- ZwOpenFile
- ZwCreateSection
- ZwMapViewOfSection
- RtlCompareString
- PsGetCurrentProcessId
- PsLookupProcessByProcessId
- RtlImageNtHeader
- PsGetProcessPeb
- strchr
- _wcsupr
- RtlWriteRegistryValue
- RtlDeleteRegistryValue
- ZwCreateKey
- ZwDeleteKey
- ZwEnumerateValueKey
- atoi
- mbstowcs
- __chkstk
- strncmp
- _strnicmp
- strrchr
- ExAcquireFastMutex
- ExReleaseFastMutex
- _snprintf
- ObfReferenceObject
- IoAllocateIrp
- IoBuildDeviceIoControlRequest
- IofCallDriver
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- RtlCompareUnicodeString
- MmGetSystemRoutineAddress
- IoCreateFile
- IoGetFileObjectGenericMapping
- ObQueryNameString
- ZwOpenDirectoryObject
- ObCreateObject
- SeCreateAccessState
- wcscmp
- IoFileObjectType
- PsThreadType
- RtlAppendUnicodeToString
- RtlCompareMemory
- IoUnregisterShutdownNotification
- ZwOpenSymbolicLinkObject
- ZwQuerySymbolicLinkObject
- PsSetCreateProcessNotifyRoutine
- PsSetCreateProcessNotifyRoutineEx
- ZwOpenProcess
- ZwQuerySystemInformation
- RtlImageDirectoryEntryToData
- _wcsicmp
- IoStopTimer
- PsRemoveLoadImageNotifyRoutine
- IoGetDeviceAttachmentBaseRef
- _stricmp
- NtOpenProcess
- ZwQueryObject
- ZwDuplicateObject
- PsLookupThreadByThreadId
- ZwOpenThread
- ZwUnloadKey
- ZwLoadKey
- ZwUnmapViewOfSection
- ZwSetValueKey
- ObSetHandleAttributes
- KeStackAttachProcess
- KeUnstackDetachProcess
- PsInitialSystemProcess
- ZwAllocateVirtualMemory
- PsIsThreadTerminating
- KeInitializeApc
- KeInsertQueueApc
- ExInitializePagedLookasideList
- ExDeletePagedLookasideList
- CmRegisterCallback
- CmUnRegisterCallback
- KeAcquireInStackQueuedSpinLock
- KeReleaseInStackQueuedSpinLock
- KeClearEvent
- KeBugCheckEx
- RtlUnicodeStringToInteger
- MmAllocatePagesForMdl
- MmFreePagesFromMdl
- MmAllocateContiguousMemory
- MmFreeContiguousMemory
- MmMapViewInSystemSpace
- MmUnmapViewInSystemSpace
- MmSectionObjectType
- RtlCaptureContext
- KeCapturePersistentThreadState
- MmSystemRangeStart
- IoDeviceObjectType
- KeRevertToUserAffinityThread
- KeSetSystemAffinityThread
- KeCancelTimer
- KeNumberProcessors
- IoAllocateMdl
- MmProbeAndLockPages
- MmMapLockedPagesSpecifyCache
- MmUnlockPages
- IoFreeMdl
- ExAllocatePool
- ExFreePool
- NtQuerySystemInformation
- HalMakeBeep
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .vvd0
- .vvd1
- .reloc
Signature
Expand
1
{
2
"Certificates": [
3
{
4
"IsCertificateAuthority": false,
5
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
6
"Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
7
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
8
"Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
9
"TBS": {
10
"MD5": "37f3c75288f06dcd39025a0b2a947217",
11
"SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
12
"SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
13
"SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
14
},
15
"ValidFrom": "2013-04-09 00:00:00",
16
"ValidTo": "2014-04-09 23:59:59",
17
"Version": 3
18
},
19
{
20
"IsCertificateAuthority": true,
21
"SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
22
"Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
23
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
24
"Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
25
"TBS": {
26
"MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
27
"SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
28
"SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
29
"SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
30
},
31
"ValidFrom": "2010-02-08 00:00:00",
32
"ValidTo": "2020-02-07 23:59:59",
33
"Version": 3
34
},
35
{
36
"IsCertificateAuthority": true,
37
"SerialNumber": "611fb0a400000000001d",
38
"Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
39
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
40
"Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
41
"TBS": {
42
"MD5": "a3f222107d4e1085e73b5b589c2f480b",
43
"SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
44
"SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
45
"SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
46
},
47
"ValidFrom": "2011-02-22 19:31:57",
48
"ValidTo": "2021-02-22 19:41:57",
49
"Version": 3
50
}
51
],
52
"CertificatesInfo": "",
53
"Signer": [
54
{
55
"Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
56
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
57
"Version": 1
58
}
59
],
60
"SignerInfo": ""
61
}
not set
| Property | Value |
|---|---|
| Filename | |
| Creation Timestamp | 2023-06-23 11:18:09 |
| MD5 | 5200ecb17fb554f13723c9c63145da64 |
| SHA1 | dc8211cb76ed434f2f627a440604f7c3f8e04a41 |
| SHA256 | 2c1b65c2988b337182f1ba57b404793454e30a7fd328d34bc2e79857dc437a4a |
| Authentihash MD5 | 754246fcf3f7184f331bbaf89ceab696 |
| Authentihash SHA1 | 84b404763fd1610970186736c311c61574c2c10e |
| Authentihash SHA256 | fa96eca78a57b779fd398294ae2519b7c4fe9e4369e6e7fa5167aebbe6e0c09a |
| RichPEHeaderHash MD5 | ffdf660eb1ebf020a1d0a55a90712dfb |
| RichPEHeaderHash SHA1 | 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3 |
| RichPEHeaderHash SHA256 | 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6 |
| Company | Tonec Inc. |
| Description | Internet Download Manager TDI Driver |
| Product | Internet Download Manager |
| OriginalFilename | idmtdi.sys |
Certificates
Expand
Certificate 7f67150fbb0d254e474284c7f7819c4f
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 37f3c75288f06dcd39025a0b2a947217 |
| ToBeSigned (TBS) SHA1 | 03f6b4f0c154fd95079939c2be18e9c1b4629ad6 |
| ToBeSigned (TBS) SHA256 | fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1 |
| Subject | C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO |
| ValidFrom | 2013-04-09 00:00:00 |
| ValidTo | 2014-04-09 23:59:59 |
| Signature | b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 7f67150fbb0d254e474284c7f7819c4f |
| Version | 3 |
Certificate 47974d7873a5bcab0d2fb370192fce5e
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | e3a93dc2a8a8a668fdbb286bfe9afab5 |
| ToBeSigned (TBS) SHA1 | 95795d2aa2a554a423bc8c6e5b0a016d14887d35 |
| ToBeSigned (TBS) SHA256 | d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e |
| Subject | C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2 |
| ValidFrom | 2010-02-08 00:00:00 |
| ValidTo | 2020-02-07 23:59:59 |
| Signature | 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 47974d7873a5bcab0d2fb370192fce5e |
| Version | 3 |
Certificate 611fb0a400000000001d
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | a3f222107d4e1085e73b5b589c2f480b |
| ToBeSigned (TBS) SHA1 | b94aa26cd77c48d91a53ac44506cbd255e1d362c |
| ToBeSigned (TBS) SHA256 | a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa |
| Subject | C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA |
| ValidFrom | 2011-02-22 19:31:57 |
| ValidTo | 2021-02-22 19:41:57 |
| Signature | 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611fb0a400000000001d |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- HAL.dll
- ntoskrnl.exe
- HAL.dll
Imported Functions
Expand
- KeInitializeEvent
- HalReturnToFirmware
- ExAllocatePool
- NtQuerySystemInformation
- ExFreePoolWithTag
- IoAllocateMdl
- MmProbeAndLockPages
- MmMapLockedPagesSpecifyCache
- MmUnlockPages
- IoFreeMdl
- KeQueryActiveProcessors
- KeSetSystemAffinityThread
- KeRevertToUserAffinityThread
- DbgPrint
- KeQueryPerformanceCounter
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .0X]
- .y^C
- .e&b
- .reloc
- .rsrc
Signature
Expand
1
{
2
"Certificates": [
3
{
4
"IsCertificateAuthority": false,
5
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
6
"Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
7
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
8
"Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
9
"TBS": {
10
"MD5": "37f3c75288f06dcd39025a0b2a947217",
11
"SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
12
"SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
13
"SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
14
},
15
"ValidFrom": "2013-04-09 00:00:00",
16
"ValidTo": "2014-04-09 23:59:59",
17
"Version": 3
18
},
19
{
20
"IsCertificateAuthority": true,
21
"SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
22
"Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
23
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
24
"Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
25
"TBS": {
26
"MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
27
"SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
28
"SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
29
"SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
30
},
31
"ValidFrom": "2010-02-08 00:00:00",
32
"ValidTo": "2020-02-07 23:59:59",
33
"Version": 3
34
},
35
{
36
"IsCertificateAuthority": true,
37
"SerialNumber": "611fb0a400000000001d",
38
"Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
39
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
40
"Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
41
"TBS": {
42
"MD5": "a3f222107d4e1085e73b5b589c2f480b",
43
"SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
44
"SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
45
"SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
46
},
47
"ValidFrom": "2011-02-22 19:31:57",
48
"ValidTo": "2021-02-22 19:41:57",
49
"Version": 3
50
}
51
],
52
"CertificatesInfo": "",
53
"Signer": [
54
{
55
"Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
56
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
57
"Version": 1
58
}
59
],
60
"SignerInfo": ""
61
}
not set
| Property | Value |
|---|---|
| Filename | |
| Creation Timestamp | 2023-12-20 00:26:03 |
| MD5 | 11cf20a428b8fb81ff20dfe4dc3e28bd |
| SHA1 | 55a139fe44e836a1886774d7c89c70796060f1c4 |
| SHA256 | ce106afd6a9996ac0150709a30d61ece7d7bfe1f27492c00f4fabab9ec40575d |
| Authentihash MD5 | fca829a587deffab1fa11f2274f6b5d2 |
| Authentihash SHA1 | d31ee4f8934f4a9508a39a02905edca5cdc1faca |
| Authentihash SHA256 | dd41e9a82e7be92a5d77624054a0b9e5e725492bae527f31e878140482ce802f |
| RichPEHeaderHash MD5 | ffdf660eb1ebf020a1d0a55a90712dfb |
| RichPEHeaderHash SHA1 | 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3 |
| RichPEHeaderHash SHA256 | 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6 |
Certificates
Expand
Certificate 7f67150fbb0d254e474284c7f7819c4f
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 37f3c75288f06dcd39025a0b2a947217 |
| ToBeSigned (TBS) SHA1 | 03f6b4f0c154fd95079939c2be18e9c1b4629ad6 |
| ToBeSigned (TBS) SHA256 | fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1 |
| Subject | C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO |
| ValidFrom | 2013-04-09 00:00:00 |
| ValidTo | 2014-04-09 23:59:59 |
| Signature | b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 7f67150fbb0d254e474284c7f7819c4f |
| Version | 3 |
Certificate 47974d7873a5bcab0d2fb370192fce5e
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | e3a93dc2a8a8a668fdbb286bfe9afab5 |
| ToBeSigned (TBS) SHA1 | 95795d2aa2a554a423bc8c6e5b0a016d14887d35 |
| ToBeSigned (TBS) SHA256 | d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e |
| Subject | C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2 |
| ValidFrom | 2010-02-08 00:00:00 |
| ValidTo | 2020-02-07 23:59:59 |
| Signature | 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 47974d7873a5bcab0d2fb370192fce5e |
| Version | 3 |
Certificate 611fb0a400000000001d
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | a3f222107d4e1085e73b5b589c2f480b |
| ToBeSigned (TBS) SHA1 | b94aa26cd77c48d91a53ac44506cbd255e1d362c |
| ToBeSigned (TBS) SHA256 | a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa |
| Subject | C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA |
| ValidFrom | 2011-02-22 19:31:57 |
| ValidTo | 2021-02-22 19:41:57 |
| Signature | 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611fb0a400000000001d |
| Version | 3 |
Imports
Expand
- fwpkclnt.sys
- NDIS.SYS
- ntoskrnl.exe
- ntoskrnl.exe
- HAL.dll
Imported Functions
Expand
- FwpsFreeNetBufferList0
- FwpmFilterDeleteById0
- NdisAllocateGenericObject
- NdisFreeNetBufferListPool
- NdisAllocateNetBufferListPool
- NdisRetreatNetBufferDataStart
- NdisAdvanceNetBufferDataStart
- NdisGetDataBuffer
- NdisInitializeEvent
- NdisFreeGenericObject
- NdisWaitEvent
- RtlInitUnicodeString
- ObfDereferenceObject
- PsLookupProcessByProcessId
- RtlCompareMemory
- KeAcquireInStackQueuedSpinLock
- KeReleaseInStackQueuedSpinLock
- ExAllocatePoolWithTag
- ExUuidCreate
- swprintf_s
- __C_specific_handler
- MmGetSystemRoutineAddress
- RtlAppendUnicodeToString
- RtlCreateSecurityDescriptor
- RtlSetDaclSecurityDescriptor
- KeInitializeEvent
- KeSetEvent
- KeWaitForSingleObject
- ExFreePoolWithTag
- ExQueryDepthSList
- ExpInterlockedPopEntrySList
- ExpInterlockedPushEntrySList
- ExInitializeNPagedLookasideList
- ExDeleteNPagedLookasideList
- MmBuildMdlForNonPagedPool
- MmMapLockedPagesSpecifyCache
- MmUnmapLockedPages
- MmAllocatePagesForMdl
- MmFreePagesFromMdl
- PsCreateSystemThread
- PsTerminateSystemThread
- IoAllocateMdl
- IofCompleteRequest
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- IoFreeMdl
- IoReleaseCancelSpinLock
- ObReferenceObjectByHandle
- ZwClose
- ZwOpenKey
- ZwQueryValueKey
- PsGetCurrentProcessId
- ZwSetInformationThread
- RtlLengthSid
- RtlCreateAcl
- RtlAddAccessAllowedAce
- ObOpenObjectByPointer
- ZwSetSecurityObject
- SeExports
- RtlGetVersion
- ZwCreateFile
- IoCreateFileSpecifyDeviceObjectHint
- IoGetBaseFileSystemDeviceObject
- ZwDeleteFile
- IoFileObjectType
- _stricmp
- ZwQuerySystemInformation
- RtlValidSid
- KeBugCheckEx
- ExAllocatePool
- NtQuerySystemInformation
- ExFreePoolWithTag
- IoAllocateMdl
- MmProbeAndLockPages
- MmMapLockedPagesSpecifyCache
- MmUnlockPages
- IoFreeMdl
- KeQueryActiveProcessors
- KeSetSystemAffinityThread
- KeRevertToUserAffinityThread
- DbgPrint
- KeQueryPerformanceCounter
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .wEI
- .xpk
- .hCC
- .reloc
Signature
Expand
1
{
2
"Certificates": [
3
{
4
"IsCertificateAuthority": false,
5
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
6
"Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
7
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
8
"Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
9
"TBS": {
10
"MD5": "37f3c75288f06dcd39025a0b2a947217",
11
"SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
12
"SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
13
"SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
14
},
15
"ValidFrom": "2013-04-09 00:00:00",
16
"ValidTo": "2014-04-09 23:59:59",
17
"Version": 3
18
},
19
{
20
"IsCertificateAuthority": true,
21
"SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
22
"Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
23
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
24
"Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
25
"TBS": {
26
"MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
27
"SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
28
"SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
29
"SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
30
},
31
"ValidFrom": "2010-02-08 00:00:00",
32
"ValidTo": "2020-02-07 23:59:59",
33
"Version": 3
34
},
35
{
36
"IsCertificateAuthority": true,
37
"SerialNumber": "611fb0a400000000001d",
38
"Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
39
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
40
"Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
41
"TBS": {
42
"MD5": "a3f222107d4e1085e73b5b589c2f480b",
43
"SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
44
"SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
45
"SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
46
},
47
"ValidFrom": "2011-02-22 19:31:57",
48
"ValidTo": "2021-02-22 19:41:57",
49
"Version": 3
50
}
51
],
52
"CertificatesInfo": "",
53
"Signer": [
54
{
55
"Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
56
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
57
"Version": 1
58
}
59
],
60
"SignerInfo": ""
61
}
not set
| Property | Value |
|---|---|
| Filename | |
| Creation Timestamp | 2023-06-23 11:18:09 |
| MD5 | b503cd460a61d303107aa459956781fd |
| SHA1 | a264b74f8ff47ae4fac9d3361508adac82e15c0b |
| SHA256 | 2cd7a0c4e8d24404c92e4ed8539b2136028a8ca663f3432e417b00665493e13f |
| Authentihash MD5 | ce05ebdd0c7be7429cb4fb2e963f9181 |
| Authentihash SHA1 | 699eb6eb826496693a69d479023271bcb29651ba |
| Authentihash SHA256 | dee8dbe00a809e5ecdbea898393dd9ecd32fa0a0de80463cc2b903dcdec2cffe |
| RichPEHeaderHash MD5 | ffdf660eb1ebf020a1d0a55a90712dfb |
| RichPEHeaderHash SHA1 | 3e905e3d061d0d59de61fcf39c994fcb0ec1bab3 |
| RichPEHeaderHash SHA256 | 2b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6 |
| Company | Palo Alto Networks, Inc. |
| Description | Cortex XDR LPC Driver |
| Product | Cortex XDR™ Advanced Endpoint Protection |
| OriginalFilename | cyvrlpc.sys |
Certificates
Expand
Certificate 7f67150fbb0d254e474284c7f7819c4f
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 37f3c75288f06dcd39025a0b2a947217 |
| ToBeSigned (TBS) SHA1 | 03f6b4f0c154fd95079939c2be18e9c1b4629ad6 |
| ToBeSigned (TBS) SHA256 | fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1 |
| Subject | C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO |
| ValidFrom | 2013-04-09 00:00:00 |
| ValidTo | 2014-04-09 23:59:59 |
| Signature | b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 7f67150fbb0d254e474284c7f7819c4f |
| Version | 3 |
Certificate 47974d7873a5bcab0d2fb370192fce5e
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | e3a93dc2a8a8a668fdbb286bfe9afab5 |
| ToBeSigned (TBS) SHA1 | 95795d2aa2a554a423bc8c6e5b0a016d14887d35 |
| ToBeSigned (TBS) SHA256 | d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e |
| Subject | C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2 |
| ValidFrom | 2010-02-08 00:00:00 |
| ValidTo | 2020-02-07 23:59:59 |
| Signature | 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 47974d7873a5bcab0d2fb370192fce5e |
| Version | 3 |
Certificate 611fb0a400000000001d
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | a3f222107d4e1085e73b5b589c2f480b |
| ToBeSigned (TBS) SHA1 | b94aa26cd77c48d91a53ac44506cbd255e1d362c |
| ToBeSigned (TBS) SHA256 | a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa |
| Subject | C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA |
| ValidFrom | 2011-02-22 19:31:57 |
| ValidTo | 2021-02-22 19:41:57 |
| Signature | 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611fb0a400000000001d |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- HAL.dll
- ntoskrnl.exe
- HAL.dll
Imported Functions
Expand
- KeInitializeEvent
- HalReturnToFirmware
- ExAllocatePool
- NtQuerySystemInformation
- ExFreePoolWithTag
- IoAllocateMdl
- MmProbeAndLockPages
- MmMapLockedPagesSpecifyCache
- MmUnlockPages
- IoFreeMdl
- KeQueryActiveProcessors
- KeSetSystemAffinityThread
- KeRevertToUserAffinityThread
- DbgPrint
- KeQueryPerformanceCounter
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .%>Z
- .NNo
- .qH}
- .reloc
- .rsrc
Signature
Expand
1
{
2
"Certificates": [
3
{
4
"IsCertificateAuthority": false,
5
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
6
"Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
7
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
8
"Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
9
"TBS": {
10
"MD5": "37f3c75288f06dcd39025a0b2a947217",
11
"SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
12
"SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
13
"SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
14
},
15
"ValidFrom": "2013-04-09 00:00:00",
16
"ValidTo": "2014-04-09 23:59:59",
17
"Version": 3
18
},
19
{
20
"IsCertificateAuthority": true,
21
"SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
22
"Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
23
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
24
"Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
25
"TBS": {
26
"MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
27
"SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
28
"SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
29
"SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
30
},
31
"ValidFrom": "2010-02-08 00:00:00",
32
"ValidTo": "2020-02-07 23:59:59",
33
"Version": 3
34
},
35
{
36
"IsCertificateAuthority": true,
37
"SerialNumber": "611fb0a400000000001d",
38
"Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
39
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
40
"Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
41
"TBS": {
42
"MD5": "a3f222107d4e1085e73b5b589c2f480b",
43
"SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
44
"SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
45
"SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
46
},
47
"ValidFrom": "2011-02-22 19:31:57",
48
"ValidTo": "2021-02-22 19:41:57",
49
"Version": 3
50
}
51
],
52
"CertificatesInfo": "",
53
"Signer": [
54
{
55
"Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
56
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
57
"Version": 1
58
}
59
],
60
"SignerInfo": ""
61
}
not set
| Property | Value |
|---|---|
| Filename | |
| Creation Timestamp | 2024-08-09 07:59:20 |
| MD5 | a06880ad1efe6b57ca1d59d878dea82a |
| SHA1 | 668b0274d350a6d895d140a9700a88156c0db06f |
| SHA256 | 3855b2df32e0eedec454b25e6e2da6b3df19c4b0f575e45bc06482d4ebce7551 |
| Authentihash MD5 | 9d646db70c57fe3f4be5d62c52fc32a4 |
| Authentihash SHA1 | cdf4607b40c6c886368a50f060f10538d93e8719 |
| Authentihash SHA256 | 4a61add64bbb08af8576aac592fdafe7114b940878babb3ae90bfde26f315187 |
| RichPEHeaderHash MD5 | 0aa427f4ccc6e84d37c6e781da65e484 |
| RichPEHeaderHash SHA1 | 080cd8a498eccf8478fc81dbb719a25464947eee |
| RichPEHeaderHash SHA256 | 9e1bc00124c20f1de4dcd2e06a2ca018d3e5732b6fedccac185afe5c90ed45a2 |
Certificates
Expand
Certificate 7f67150fbb0d254e474284c7f7819c4f
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 37f3c75288f06dcd39025a0b2a947217 |
| ToBeSigned (TBS) SHA1 | 03f6b4f0c154fd95079939c2be18e9c1b4629ad6 |
| ToBeSigned (TBS) SHA256 | fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1 |
| Subject | C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO |
| ValidFrom | 2013-04-09 00:00:00 |
| ValidTo | 2014-04-09 23:59:59 |
| Signature | b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 7f67150fbb0d254e474284c7f7819c4f |
| Version | 3 |
Certificate 47974d7873a5bcab0d2fb370192fce5e
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | e3a93dc2a8a8a668fdbb286bfe9afab5 |
| ToBeSigned (TBS) SHA1 | 95795d2aa2a554a423bc8c6e5b0a016d14887d35 |
| ToBeSigned (TBS) SHA256 | d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e |
| Subject | C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2 |
| ValidFrom | 2010-02-08 00:00:00 |
| ValidTo | 2020-02-07 23:59:59 |
| Signature | 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 47974d7873a5bcab0d2fb370192fce5e |
| Version | 3 |
Certificate 611fb0a400000000001d
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | a3f222107d4e1085e73b5b589c2f480b |
| ToBeSigned (TBS) SHA1 | b94aa26cd77c48d91a53ac44506cbd255e1d362c |
| ToBeSigned (TBS) SHA256 | a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa |
| Subject | C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA |
| ValidFrom | 2011-02-22 19:31:57 |
| ValidTo | 2021-02-22 19:41:57 |
| Signature | 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611fb0a400000000001d |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- ntoskrnl.exe
- hal.dll
Imported Functions
Expand
- RtlInitUnicodeString
- RtlGetVersion
- ZwCreateFile
- ZwClose
- wcsncpy
- RtlQueryRegistryValues
- RtlCopyUnicodeString
- RtlAppendUnicodeStringToString
- DbgPrint
- KeInitializeEvent
- ExAllocatePool
- ExAllocatePoolWithTag
- ExFreePoolWithTag
- ExInitializeNPagedLookasideList
- PsCreateSystemThread
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoGetCurrentProcess
- IoRegisterShutdownNotification
- ZwOpenKey
- ZwEnumerateKey
- ZwQueryKey
- MmIsAddressValid
- PsSetLoadImageNotifyRoutine
- ZwQueryDirectoryFile
- wcscmp
- _strlwr
- RtlInitAnsiString
- RtlUnicodeStringToAnsiString
- RtlFreeAnsiString
- ZwQueryValueKey
- strstr
- _strupr
- wcsncat
- wcsncmp
- wcsrchr
- wcsstr
- _wcsicmp
- _wcslwr
- RtlAnsiStringToUnicodeString
- RtlEqualUnicodeString
- RtlFreeUnicodeString
- RtlTimeToTimeFields
- KeSetEvent
- KeDelayExecutionThread
- KeWaitForSingleObject
- KeAcquireSpinLockRaiseToDpc
- KeReleaseSpinLock
- KeQueryTimeIncrement
- ExSystemTimeToLocalTime
- MmProbeAndLockPages
- MmUnlockPages
- MmMapLockedPagesSpecifyCache
- MmUnmapLockedPages
- PsGetVersion
- IoAllocateMdl
- IofCompleteRequest
- IoFreeIrp
- IoFreeMdl
- IoGetDeviceObjectPointer
- ObfDereferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwDeleteFile
- sprintf
- swprintf
- _snwprintf
- rand
- srand
- ObReferenceObjectByName
- __C_specific_handler
- IoDriverObjectType
- ProbeForRead
- PsTerminateSystemThread
- ExQueryDepthSList
- ExpInterlockedPopEntrySList
- ExpInterlockedPushEntrySList
- ExDeleteNPagedLookasideList
- strncpy
- _vsnprintf
- RtlInitString
- ZwOpenFile
- ZwCreateSection
- ZwMapViewOfSection
- RtlCompareString
- PsGetCurrentProcessId
- PsLookupProcessByProcessId
- RtlImageNtHeader
- PsGetProcessPeb
- strchr
- _wcsupr
- RtlWriteRegistryValue
- RtlDeleteRegistryValue
- ZwCreateKey
- ZwDeleteKey
- ZwEnumerateValueKey
- atoi
- mbstowcs
- __chkstk
- strncmp
- _strnicmp
- strrchr
- ExAcquireFastMutex
- ExReleaseFastMutex
- _snprintf
- ObfReferenceObject
- IoAllocateIrp
- IoBuildDeviceIoControlRequest
- IofCallDriver
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- RtlCompareUnicodeString
- MmGetSystemRoutineAddress
- IoCreateFile
- IoGetFileObjectGenericMapping
- ObQueryNameString
- ZwOpenDirectoryObject
- ObCreateObject
- SeCreateAccessState
- IoFileObjectType
- PsThreadType
- RtlAppendUnicodeToString
- RtlCompareMemory
- IoUnregisterShutdownNotification
- ZwOpenSymbolicLinkObject
- ZwQuerySymbolicLinkObject
- PsSetCreateProcessNotifyRoutine
- PsSetCreateProcessNotifyRoutineEx
- ZwOpenProcess
- ZwQuerySystemInformation
- RtlImageDirectoryEntryToData
- RtlCreateSecurityDescriptor
- RtlSetDaclSecurityDescriptor
- IoStopTimer
- PsRemoveLoadImageNotifyRoutine
- RtlLengthSid
- RtlCreateAcl
- RtlAddAccessAllowedAce
- IoGetDeviceAttachmentBaseRef
- ZwSetSecurityObject
- SeExports
- _stricmp
- NtOpenProcess
- ZwQueryObject
- ZwDuplicateObject
- PsLookupThreadByThreadId
- ZwOpenThread
- ZwUnloadKey
- ZwLoadKey
- ZwUnmapViewOfSection
- ZwSetValueKey
- ObSetHandleAttributes
- KeStackAttachProcess
- KeUnstackDetachProcess
- PsInitialSystemProcess
- ZwAllocateVirtualMemory
- PsIsThreadTerminating
- KeInitializeApc
- KeInsertQueueApc
- ExInitializePagedLookasideList
- ExDeletePagedLookasideList
- CmRegisterCallback
- CmUnRegisterCallback
- KeAcquireInStackQueuedSpinLock
- KeReleaseInStackQueuedSpinLock
- KeClearEvent
- KeBugCheckEx
- RtlUnicodeStringToInteger
- MmAllocatePagesForMdl
- MmFreePagesFromMdl
- MmAllocateContiguousMemory
- MmFreeContiguousMemory
- MmMapViewInSystemSpace
- MmUnmapViewInSystemSpace
- MmSectionObjectType
- RtlCaptureContext
- KeCapturePersistentThreadState
- MmSystemRangeStart
- IoDeviceObjectType
- KeRevertToUserAffinityThread
- KeSetSystemAffinityThread
- KeCancelTimer
- KeNumberProcessors
- IoAllocateMdl
- MmProbeAndLockPages
- MmMapLockedPagesSpecifyCache
- MmUnlockPages
- IoFreeMdl
- ExAllocatePool
- ExFreePool
- NtQuerySystemInformation
- HalMakeBeep
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .vvd0
- .vvd1
- .reloc
Signature
Expand
1
{
2
"Certificates": [
3
{
4
"IsCertificateAuthority": false,
5
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
6
"Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
7
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
8
"Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
9
"TBS": {
10
"MD5": "37f3c75288f06dcd39025a0b2a947217",
11
"SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
12
"SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
13
"SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
14
},
15
"ValidFrom": "2013-04-09 00:00:00",
16
"ValidTo": "2014-04-09 23:59:59",
17
"Version": 3
18
},
19
{
20
"IsCertificateAuthority": true,
21
"SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
22
"Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
23
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
24
"Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
25
"TBS": {
26
"MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
27
"SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
28
"SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
29
"SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
30
},
31
"ValidFrom": "2010-02-08 00:00:00",
32
"ValidTo": "2020-02-07 23:59:59",
33
"Version": 3
34
},
35
{
36
"IsCertificateAuthority": true,
37
"SerialNumber": "611fb0a400000000001d",
38
"Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
39
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
40
"Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
41
"TBS": {
42
"MD5": "a3f222107d4e1085e73b5b589c2f480b",
43
"SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
44
"SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
45
"SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
46
},
47
"ValidFrom": "2011-02-22 19:31:57",
48
"ValidTo": "2021-02-22 19:41:57",
49
"Version": 3
50
}
51
],
52
"CertificatesInfo": "",
53
"Signer": [
54
{
55
"Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
56
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
57
"Version": 1
58
}
59
],
60
"SignerInfo": ""
61
}
not set
last_updated: 2025-04-02