da066835-f37c-40bf-86bb-d77ad45c7f30

driver_fdd16a94.sys :inline :inline

Description

Sophos, from time to time, has observed a threat actor deploy variants of Poortry on different machines within a single estate during an attack. These variants contain the same payload, but signed with a different certificate than the driver first seen used during the attack.

  • UUID: da066835-f37c-40bf-86bb-d77ad45c7f30
  • Created: 2024-09-10
  • Author: Michael Haag
  • Acknowledgement: |

DownloadBlock

This download link contains the malicious driver!

Commands

sc.exe create driver_fdd16a94.sys binPath=C:\windows\temp\driver_fdd16a94.sys type=kernel && sc.exe start driver_fdd16a94.sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/

    • Known Vulnerable Samples

    PropertyValue
    Filename
    Creation Timestamp2024-07-27 23:29:20
    MD5154f30d81f67dcb5b855d4db6f26c8a6
    SHA1ffe5611f1f905f2caa4e846a51f31ef8856c95a2
    SHA256fdd16a94a71644a8bb52c4e0fbfecb93f04cfe37bd91bac599cf9abfb822762f
    Authentihash MD5bcf297b1129b502de6ba2a3d0963cb78
    Authentihash SHA188888c2d89015a3a354b9ca2c374bfb934bfe40d
    Authentihash SHA25675aa0f984fdc2d0e1db632b65fbec424a87a8c68a822fca1e503a269eba71f2d
    RichPEHeaderHash MD5ffdf660eb1ebf020a1d0a55a90712dfb
    RichPEHeaderHash SHA13e905e3d061d0d59de61fcf39c994fcb0ec1bab3
    RichPEHeaderHash SHA2562b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6

    Download

    Certificates

    Expand
    Certificate 4efa7e7bba65ec1ab774f2b31357d599
    FieldValue
    ToBeSigned (TBS) MD5f830820e8290f2defa077743ca6e7357
    ToBeSigned (TBS) SHA10b11022d5c65f12b15ea49da29c45a3bd51ff17b
    ToBeSigned (TBS) SHA256c3bf6618b96463285ef2dabd06f631513585742cd9f2be85513f4d3763710211
    SubjectC=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen yundian Technology Co., Ltd, CN=Shenzhen yundian Technology Co., Ltd
    ValidFrom2013-05-20 00:00:00
    ValidTo2014-05-20 23:59:59
    Signature1bae8106004f1ac2702bdcc897bf58debba45fca9d2c72082a3b54ef4a9df3dcbcd1468b1b588d975274ce37c3cbef125a8e334b1c6111e3ffc94eaf9c123b933c93352677f50c077cb8c771b94b21ef4fa882925a14fc580773ed66b54d49f668498e89047687bcc821385abf6ff579af7ab7dc45c60f270476e82fda4176ba85e9a29aa6f747aff19bd13ea0bc850d883e9681e53c5d5f97cb43af98514271b5a90efe591c7ea52aafa4a902fff0904690cd974625557e170b02aa4724010c4b614995ffa54687584f0a09f47e777931c0f132a3836ef31c55310bde34b10bf3cc5a7a546e2432c18645edbf018da59f8be29d4d334be3b78daa6dd35abc70
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber4efa7e7bba65ec1ab774f2b31357d599
    Version3
    Certificate 47974d7873a5bcab0d2fb370192fce5e
    FieldValue
    ToBeSigned (TBS) MD5e3a93dc2a8a8a668fdbb286bfe9afab5
    ToBeSigned (TBS) SHA195795d2aa2a554a423bc8c6e5b0a016d14887d35
    ToBeSigned (TBS) SHA256d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
    SubjectC=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47974d7873a5bcab0d2fb370192fce5e
    Version3
    Certificate 611fb0a400000000001d
    FieldValue
    ToBeSigned (TBS) MD5a3f222107d4e1085e73b5b589c2f480b
    ToBeSigned (TBS) SHA1b94aa26cd77c48d91a53ac44506cbd255e1d362c
    ToBeSigned (TBS) SHA256a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
    SubjectC=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
    ValidFrom2011-02-22 19:31:57
    ValidTo2021-02-22 19:41:57
    Signature2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611fb0a400000000001d
    Version3
    Certificate 0e9b188ef9d02de7efdb50e20840185a
    FieldValue
    ToBeSigned (TBS) MD521a266bd49f2778b24d13d95641ea6ac
    ToBeSigned (TBS) SHA121319f341fdf06bf6a104427afa8b7823b1ea7f3
    ToBeSigned (TBS) SHA256e933dc68ee65abd1f9b1aa6738eff60a6895d3d8cc4accf0c69069aa3decd757
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
    ValidFrom2022-08-01 00:00:00
    ValidTo2031-11-09 23:59:59
    Signature70a0bf435c55e7385fa0a3741b3db616d7f7bf5707bd9aaca1872cec855ea91abb22f8871a695422eda488776dbd1a14f4134a7a2f2db738eff4ff80b9f8a1f7f272de24bc5203c84ed02adefa2d56cff9f4f7ac307a9a8bb25ed4cfd143449b4321eb9672a148b499cb9d4fa7060313772744d4e77fe859a8f0bf2f0ba6e9f2343cecf703c787a8d24c401935466a6954b0b8a1568eeca4d53de8b1dcfd1cd8f4775a5c548c6fefa1503dfc760968849f6fcadb208d35601c0203cb20b0ac58a00e4063c59822c1b259f5556bcf27ab6c76ce6f232df47e716a236b22ff12b8542d277ed83ad9f0b68796fd5bd15cac18c34d9f73b701a99f57aa5e28e2b994
    SignatureAlgorithmOID1.2.840.113549.1.1.12
    IsCertificateAuthorityTrue
    SerialNumber0e9b188ef9d02de7efdb50e20840185a
    Version3
    Certificate 073637b724547cd847acfd28662a5e5b
    FieldValue
    ToBeSigned (TBS) MD5e4b8ad9932ff9205f580cf8fb2afbb86
    ToBeSigned (TBS) SHA15301f7044d78bf94dd2b6e4871083a17fdba1dcc
    ToBeSigned (TBS) SHA256c3d01499a5d1d2f71e0f44e78fbfa4b8aadb43dd4f226401e0c1d7a6d53357fa
    SubjectC=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
    ValidFrom2022-03-23 00:00:00
    ValidTo2037-03-22 23:59:59
    Signature7d598ec093b66f98a94422017e66d6d82142e1b0182e104d13cf3053cebf18fbc7505de24b29fb708a0daa2969fc69c1cf1d07e93e60c8d80be55c5bd76d87fa842025343167cdb612966fc4504c621d0c0882a816bda956cf15738d012225ce95693f4777fb727414d7ffab4f8a2c7aab85cd435fed60b6aa4f91669e2c9ee08aace5fd8cbc6426876c92bd9d7cd0700a7cefa8bc754fba5af7a910b25de9ff285489f0d58a717665daccf072a323fac0278244ae99271bab241e26c1b7de2aebf69eb1799981a35686ab0a45c9dfc48da0e798fbfba69d72afc4c7c1c16a71d9c6138009c4b69fcd878724bb4fa349b9776691f1729ce94b0252a7377e9353ac3b1d08490f94cd397addff256399272c3d3f6ba7f166c341cd4fb6409b212140d0b71324cddc1d783ae49eade5347192d7266be43873aba6014fbd3f3b78ad4cadfbc4957bed0a5f33398741787a38e99ce1dd23fd1d28d3c7f9e8f1985ffb2bd87ef2469d752c1e272c26db6f157b1e198b36b893d4e6f2179959ca70f037bf9800df20164f27fb606716a166badd55c03a2986b098a02bed9541b73ad5159831b462090f0abd81d913febfa4d1f357d9bc04fa82de32df0489f000cd5dc2f9d0237f000be4760226d9f0657642a6298709472be67f1aa4850ffc9896f655542b1f80fac0f20e2be5d6fba92f44154ae7130e1ddb37381aa12bf6edd67cfc
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber073637b724547cd847acfd28662a5e5b
    Version3
    Certificate 0544aff3949d0839a6bfdb3f5fe56116
    FieldValue
    ToBeSigned (TBS) MD57630cbd02cc6732394e9fdfe99d0d8f8
    ToBeSigned (TBS) SHA1bc1890d694f9d392c4cbae6a174e35d70e7ec8b1
    ToBeSigned (TBS) SHA256594a02de632b3a08ed6644c36994025e57f35bc8e7bd16cec5d347883390d1d8
    SubjectC=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2023
    ValidFrom2023-07-14 00:00:00
    ValidTo2034-10-13 23:59:59
    Signature811ad6dea0a9b59817bc708d4f8a3c689cd825ffcb2ce4cdea5d2292ec8c2202a9b8cf80a8d9e7e3c5ed26828a712f18dd4eb6de6cd7e1609c2beded3d488eb86bba7c5dbdc26137684977a3eb90aa12d72785f38e1e92dac240389f5dc8a02e2578259d2a057a842998b657798fdb26562bb0f3a7bd370cd898764f56b952c2b69d38a981e76d415c8c69d1b92bc4c67bcf9cfa78e2931a76a26975d350e44412be200d9ea944d0f8e54977085a21c5b4cf98951a54bab9bcc16919bacf16f28337346eb04126ddde5a974f338dd48d777d7545a1a558266a0345ded950b5508caf56bd4cc5e146c528d3ade7430070decc989e198903ead49137ef4d52f3c96021c45647edda114b8c32c388e658e2b6db3ef95fb042d68fe31791d1aac055e386bfac272c41d09a334aa836d4b972967e977938485fcac2dc3d32df75d636675a89f8f6a7c7e54f353c00bdbe9c2a6c7901dcda44e63ade383b075e3958f47c733155a08011cb140c7eaebcfea4eb7965aa68d622ca3beb9a8235572816cb69f2329ab2d2d83ab8b146866bba17fdc4776c156caeabaf733ae84946b7d57fccb638c0d8ec1cf5b6a1b8432cdf4e4c7d1e6870c0770ad402e05c60bb28ff38e5525ad6ac1722234ef4ecd317fb506bff07771f71974441c9b846d36c327c582f674765e51b73b699f96b2c0646ef411ef0f05fe0dbd9ad908044af8010418a
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber0544aff3949d0839a6bfdb3f5fe56116
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • PsWrapApcWow64Thread
    • ObfDereferenceObject
    • PsGetCurrentThreadId
    • PsGetProcessId
    • PsIsThreadTerminating
    • PsLookupThreadByThreadId
    • KeInitializeApc
    • KeInsertQueueApc
    • KeTestAlertThread
    • PsGetThreadTeb
    • PsGetCurrentProcessWow64Process
    • ZwQuerySystemInformation
    • KeEnterCriticalRegion
    • KeLeaveCriticalRegion
    • KeEnterGuardedRegion
    • KeLeaveGuardedRegion
    • ExGetPreviousMode
    • IoGetCurrentProcess
    • PsGetThreadId
    • ZwSetInformationThread
    • NtClose
    • NtAllocateVirtualMemory
    • NtFreeVirtualMemory
    • KeAttachProcess
    • KeDetachProcess
    • KeSetIdealProcessorThread
    • PsLookupProcessByProcessId
    • ObOpenObjectByPointer
    • ZwQueryVirtualMemory
    • ZwFlushVirtualMemory
    • PsSuspendProcess
    • PsResumeProcess
    • NtQueryInformationProcess
    • NtSetInformationProcess
    • ZwFlushInstructionCache
    • ZwLockVirtualMemory
    • ZwUnlockVirtualMemory
    • ZwProtectVirtualMemory
    • ZwQueryInformationThread
    • NtWaitForSingleObject
    • PsLookupProcessThreadByCid
    • MmCopyVirtualMemory
    • PsGetContextThread
    • PsSetContextThread
    • NtQuerySystemInformationEx
    • PsProcessType
    • PsThreadType
    • MmHighestUserAddress
    • DbgPrint
    • KeWaitForSingleObject
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • ZwAllocateVirtualMemory
    • ZwFreeVirtualMemory
    • PsGetProcessWow64Process
    • RtlInitUnicodeString
    • RtlCompareUnicodeString
    • KeDelayExecutionThread
    • IoAllocateMdl
    • IoFreeMdl
    • ZwClose
    • PsGetProcessPeb
    • __C_specific_handler
    • KeInitializeEvent
    • KeSetEvent
    • ExAllocatePool
    • MmBuildMdlForNonPagedPool
    • IoAllocateIrp
    • IofCallDriver
    • IoCreateFile
    • IoFreeIrp
    • ObReferenceObjectByHandle
    • ObReferenceObjectByHandleWithTag
    • ObCloseHandle
    • ZwCreateFile
    • ZwReadFile
    • ZwWriteFile
    • IoGetFileObjectGenericMapping
    • IoCreateFileEx
    • MmFlushImageSection
    • ZwDeleteFile
    • SeCreateAccessState
    • ObCreateObject
    • IoFileObjectType
    • RtlAnsiStringToUnicodeString
    • RtlUnicodeStringToAnsiString
    • RtlFreeUnicodeString
    • RtlFreeAnsiString
    • _stricmp
    • strrchr
    • wcsstr
    • MmGetSystemRoutineAddress
    • RtlWriteRegistryValue
    • RtlCreateRegistryKey
    • RtlEqualUnicodeString
    • RtlTimeToTimeFields
    • RtlGetVersion
    • KeLowerIrql
    • KfRaiseIrql
    • ExSystemTimeToLocalTime
    • CmRegisterCallback
    • CmUnRegisterCallback
    • MmMapLockedPages
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • IoBuildDeviceIoControlRequest
    • IofCompleteRequest
    • IoCreateDevice
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • IoGetAttachedDeviceReference
    • IoGetDeviceObjectPointer
    • IoInitializeTimer
    • IoStartTimer
    • IoStopTimer
    • ObfReferenceObject
    • ObRegisterCallbacks
    • ObUnRegisterCallbacks
    • ObGetFilterVersion
    • ZwOpenKey
    • ZwDeleteKey
    • ZwQueryValueKey
    • RtlPrefixUnicodeString
    • KeBugCheck
    • MmIsAddressValid
    • PsGetProcessCreateTimeQuadPart
    • IoRegisterDriverReinitialization
    • RtlRandomEx
    • SeLocateProcessImageName
    • PsReferencePrimaryToken
    • PsDereferencePrimaryToken
    • IoEnumerateDeviceObjectList
    • ObMakeTemporaryObject
    • ObQueryNameString
    • FsRtlIsNameInExpression
    • swprintf
    • PsGetProcessImageFileName
    • ObReferenceObjectByName
    • PsGetProcessInheritedFromUniqueProcessId
    • PsRegisterPicoProvider
    • PsReferenceProcessFilePointer
    • PsInitialSystemProcess
    • IoDriverObjectType
    • ExAcquireFastMutex
    • ExReleaseFastMutex
    • PsGetCurrentProcessId
    • strncmp
    • ProbeForRead
    • MmUnmapLockedPages
    • MmUnmapIoSpace
    • MmMapIoSpaceEx
    • MmCopyMemory
    • ZwTerminateProcess
    • ZwOpenProcess
    • IoThreadToProcess
    • ZwWaitForSingleObject
    • ZwOpenFile
    • ZwCreateSection
    • ZwMapViewOfSection
    • ZwUnmapViewOfSection
    • RtlImageNtHeader
    • tolower
    • strstr
    • MmUserProbeAddress

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • 0
    • .reloc

    Signature

    Expand
    {
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "4efa7e7bba65ec1ab774f2b31357d599",
      "Signature": "1bae8106004f1ac2702bdcc897bf58debba45fca9d2c72082a3b54ef4a9df3dcbcd1468b1b588d975274ce37c3cbef125a8e334b1c6111e3ffc94eaf9c123b933c93352677f50c077cb8c771b94b21ef4fa882925a14fc580773ed66b54d49f668498e89047687bcc821385abf6ff579af7ab7dc45c60f270476e82fda4176ba85e9a29aa6f747aff19bd13ea0bc850d883e9681e53c5d5f97cb43af98514271b5a90efe591c7ea52aafa4a902fff0904690cd974625557e170b02aa4724010c4b614995ffa54687584f0a09f47e777931c0f132a3836ef31c55310bde34b10bf3cc5a7a546e2432c18645edbf018da59f8be29d4d334be3b78daa6dd35abc70",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen yundian Technology Co., Ltd, CN=Shenzhen yundian Technology Co., Ltd",
      "TBS": {
        "MD5": "f830820e8290f2defa077743ca6e7357",
        "SHA1": "0b11022d5c65f12b15ea49da29c45a3bd51ff17b",
        "SHA256": "c3bf6618b96463285ef2dabd06f631513585742cd9f2be85513f4d3763710211",
        "SHA384": "c6079686cb82480e766a96ebe62d3a61fbf6e7dbbfb79248c0ac191dfe30b2e0017868a50f03a73caef4b8f730f6e014"
      },
      "ValidFrom": "2013-05-20 00:00:00",
      "ValidTo": "2014-05-20 23:59:59",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
      "Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
      "TBS": {
        "MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
        "SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
        "SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
        "SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
      },
      "ValidFrom": "2010-02-08 00:00:00",
      "ValidTo": "2020-02-07 23:59:59",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "611fb0a400000000001d",
      "Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
      "TBS": {
        "MD5": "a3f222107d4e1085e73b5b589c2f480b",
        "SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
        "SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
        "SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
      },
      "ValidFrom": "2011-02-22 19:31:57",
      "ValidTo": "2021-02-22 19:41:57",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0e9b188ef9d02de7efdb50e20840185a",
      "Signature": "70a0bf435c55e7385fa0a3741b3db616d7f7bf5707bd9aaca1872cec855ea91abb22f8871a695422eda488776dbd1a14f4134a7a2f2db738eff4ff80b9f8a1f7f272de24bc5203c84ed02adefa2d56cff9f4f7ac307a9a8bb25ed4cfd143449b4321eb9672a148b499cb9d4fa7060313772744d4e77fe859a8f0bf2f0ba6e9f2343cecf703c787a8d24c401935466a6954b0b8a1568eeca4d53de8b1dcfd1cd8f4775a5c548c6fefa1503dfc760968849f6fcadb208d35601c0203cb20b0ac58a00e4063c59822c1b259f5556bcf27ab6c76ce6f232df47e716a236b22ff12b8542d277ed83ad9f0b68796fd5bd15cac18c34d9f73b701a99f57aa5e28e2b994",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
      "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4",
      "TBS": {
        "MD5": "21a266bd49f2778b24d13d95641ea6ac",
        "SHA1": "21319f341fdf06bf6a104427afa8b7823b1ea7f3",
        "SHA256": "e933dc68ee65abd1f9b1aa6738eff60a6895d3d8cc4accf0c69069aa3decd757",
        "SHA384": "11533efd6b326a4e065a936de300fe0586a479f93d569d2403bd62c7ad35f1b2199daee3adb510f429c4fc97b4b024e3"
      },
      "ValidFrom": "2022-08-01 00:00:00",
      "ValidTo": "2031-11-09 23:59:59",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "073637b724547cd847acfd28662a5e5b",
      "Signature": "7d598ec093b66f98a94422017e66d6d82142e1b0182e104d13cf3053cebf18fbc7505de24b29fb708a0daa2969fc69c1cf1d07e93e60c8d80be55c5bd76d87fa842025343167cdb612966fc4504c621d0c0882a816bda956cf15738d012225ce95693f4777fb727414d7ffab4f8a2c7aab85cd435fed60b6aa4f91669e2c9ee08aace5fd8cbc6426876c92bd9d7cd0700a7cefa8bc754fba5af7a910b25de9ff285489f0d58a717665daccf072a323fac0278244ae99271bab241e26c1b7de2aebf69eb1799981a35686ab0a45c9dfc48da0e798fbfba69d72afc4c7c1c16a71d9c6138009c4b69fcd878724bb4fa349b9776691f1729ce94b0252a7377e9353ac3b1d08490f94cd397addff256399272c3d3f6ba7f166c341cd4fb6409b212140d0b71324cddc1d783ae49eade5347192d7266be43873aba6014fbd3f3b78ad4cadfbc4957bed0a5f33398741787a38e99ce1dd23fd1d28d3c7f9e8f1985ffb2bd87ef2469d752c1e272c26db6f157b1e198b36b893d4e6f2179959ca70f037bf9800df20164f27fb606716a166badd55c03a2986b098a02bed9541b73ad5159831b462090f0abd81d913febfa4d1f357d9bc04fa82de32df0489f000cd5dc2f9d0237f000be4760226d9f0657642a6298709472be67f1aa4850ffc9896f655542b1f80fac0f20e2be5d6fba92f44154ae7130e1ddb37381aa12bf6edd67cfc",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA",
      "TBS": {
        "MD5": "e4b8ad9932ff9205f580cf8fb2afbb86",
        "SHA1": "5301f7044d78bf94dd2b6e4871083a17fdba1dcc",
        "SHA256": "c3d01499a5d1d2f71e0f44e78fbfa4b8aadb43dd4f226401e0c1d7a6d53357fa",
        "SHA384": "84b5f399da5a4f4387269adfd951ef7d2197c29552ed2d2e449060664c3825d6bdb2acc3e563d999e54652f7384f445e"
      },
      "ValidFrom": "2022-03-23 00:00:00",
      "ValidTo": "2037-03-22 23:59:59",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "0544aff3949d0839a6bfdb3f5fe56116",
      "Signature": "811ad6dea0a9b59817bc708d4f8a3c689cd825ffcb2ce4cdea5d2292ec8c2202a9b8cf80a8d9e7e3c5ed26828a712f18dd4eb6de6cd7e1609c2beded3d488eb86bba7c5dbdc26137684977a3eb90aa12d72785f38e1e92dac240389f5dc8a02e2578259d2a057a842998b657798fdb26562bb0f3a7bd370cd898764f56b952c2b69d38a981e76d415c8c69d1b92bc4c67bcf9cfa78e2931a76a26975d350e44412be200d9ea944d0f8e54977085a21c5b4cf98951a54bab9bcc16919bacf16f28337346eb04126ddde5a974f338dd48d777d7545a1a558266a0345ded950b5508caf56bd4cc5e146c528d3ade7430070decc989e198903ead49137ef4d52f3c96021c45647edda114b8c32c388e658e2b6db3ef95fb042d68fe31791d1aac055e386bfac272c41d09a334aa836d4b972967e977938485fcac2dc3d32df75d636675a89f8f6a7c7e54f353c00bdbe9c2a6c7901dcda44e63ade383b075e3958f47c733155a08011cb140c7eaebcfea4eb7965aa68d622ca3beb9a8235572816cb69f2329ab2d2d83ab8b146866bba17fdc4776c156caeabaf733ae84946b7d57fccb638c0d8ec1cf5b6a1b8432cdf4e4c7d1e6870c0770ad402e05c60bb28ff38e5525ad6ac1722234ef4ecd317fb506bff07771f71974441c9b846d36c327c582f674765e51b73b699f96b2c0646ef411ef0f05fe0dbd9ad908044af8010418a",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2023",
      "TBS": {
        "MD5": "7630cbd02cc6732394e9fdfe99d0d8f8",
        "SHA1": "bc1890d694f9d392c4cbae6a174e35d70e7ec8b1",
        "SHA256": "594a02de632b3a08ed6644c36994025e57f35bc8e7bd16cec5d347883390d1d8",
        "SHA384": "31d9fb75262762d17046f31e5c54509f58a295d505e411019544000b64f607b44b3346b708fa50d48f199dba56f0c0b1"
      },
      "ValidFrom": "2023-07-14 00:00:00",
      "ValidTo": "2034-10-13 23:59:59",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
      "SerialNumber": "4efa7e7bba65ec1ab774f2b31357d599",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

    source

    last_updated: 2025-01-29