e5f12b82-8d07-474e-9587-8c7b3714d60c

zam64.sys :inline :inline

Description

zam64.sys is a vulnerable driver and more information will be added as found.

  • UUID: e5f12b82-8d07-474e-9587-8c7b3714d60c
  • Created: 2023-01-09
  • Author: Michael Haag, Nasreddine Bencherchali
  • Acknowledgement: |

DownloadBlock

This download link contains the vulnerable driver!

Commands

sc.exe create zam64.sys binPath=C:\windows\temp\zam64.sys type=kernel && sc.exe start zam64.sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • Internal Research
  • https://www.reddit.com/r/crowdstrike/comments/13wjrgn/20230531_situational_awareness_spyboy_defense/
  • https://github.com/elastic/protections-artifacts/search?q=VulnDriver
  • https://www.trendmicro.com/en_us/research/23/e/attack-on-security-titans-earth-longzhi-returns-with-new-tricks.html
  • https://github.com/ZeroMemoryEx/Terminator

  • CVE

  • CVE-2018-5713
  • Known Vulnerable Samples

    PropertyValue
    Filenamezam64.sys
    Creation Timestamp2015-11-20 16:27:25
    MD52a3ce41bb2a7894d939fbd1b20dae5a0
    SHA1cd248648eafca6ef77c1b76237a6482f449f13be
    SHA2562bbc6b9dd5e6d0327250b32305be20c89b19b56d33a096522ee33f22d8c82ff1
    Authentihash MD5689e0587c7821c19c711424fa619dbad
    Authentihash SHA1b9b230bb66c82e15f563ac0873a3a1db25995064
    Authentihash SHA2561997b7217dfddd8fbd4924e86b58fe585ef4bd91c3069d3deeb34ea70eb82d60
    RichPEHeaderHash MD55e737552d7162062a00f6f22da1133c4
    RichPEHeaderHash SHA14b43c25befb85e28d65bac423a06403c6043fd79
    RichPEHeaderHash SHA256b53db7580900ee00aaed432b8a5b36169f820f16bbf6d85d34ef641b1e5bfdcb
    CompanyZemana Ltd.
    DescriptionZAM
    ProductZAM

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 0210230fd364b469091b8a4440145e18
    FieldValue
    ToBeSigned (TBS) MD517e68f0650db3d4d698ef88ef963b47e
    ToBeSigned (TBS) SHA100162854ea07ea0a83aa941767277a5c3ab03c9d
    ToBeSigned (TBS) SHA2567caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
    SubjectC=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
    ValidFrom2014-12-16 00:00:00
    ValidTo2017-12-20 12:00:00
    Signature8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0210230fd364b469091b8a4440145e18
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • ZwClose
    • RtlUpperString
    • RtlUpcaseUnicodeString
    • PsGetCurrentProcessId
    • ZwOpenProcess
    • PsLookupProcessByProcessId
    • ObQueryNameString
    • FsRtlIsNameInExpression
    • PsGetProcessImageFileName
    • ZwQueryInformationProcess
    • __C_specific_handler
    • strchr
    • RtlAppendUnicodeToString
    • KeInitializeSemaphore
    • KeReleaseSemaphore
    • KeWaitForSingleObject
    • KeAcquireSpinLockRaiseToDpc
    • KeReleaseSpinLock
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • ZwQueryInformationFile
    • ZwWriteFile
    • PsGetCurrentThreadId
    • ZwDeleteFile
    • _vsnprintf
    • PsThreadType
    • PsSetCreateProcessNotifyRoutine
    • PsGetProcessSessionId
    • RtlAppendUnicodeStringToString
    • ZwDeleteValueKey
    • ZwSetValueKey
    • towupper
    • RtlIntegerToUnicodeString
    • KeInitializeEvent
    • KeSetEvent
    • KeAcquireSpinLockAtDpcLevel
    • KeReleaseSpinLockFromDpcLevel
    • MmProbeAndLockPages
    • IoAllocateIrp
    • IoAllocateMdl
    • IofCallDriver
    • IoFreeIrp
    • IoFreeMdl
    • IoGetDeviceObjectPointer
    • IoGetRelatedDeviceObject
    • ObCloseHandle
    • ObfReferenceObject
    • ZwSetInformationFile
    • ZwReadFile
    • ZwOpenSymbolicLinkObject
    • ZwQuerySymbolicLinkObject
    • ZwCreateFile
    • IoGetDeviceAttachmentBaseRef
    • FsRtlGetFileSize
    • ZwQuerySystemInformation
    • IoFileObjectType
    • KeReadStateEvent
    • ExQueueWorkItem
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • NtOpenProcess
    • ZwCreateEvent
    • ZwWaitForSingleObject
    • ZwSetEvent
    • NtQuerySystemInformation
    • ExEventObjectType
    • NtBuildNumber
    • ZwDeleteKey
    • ObReferenceObjectByName
    • IoDriverObjectType
    • MmIsDriverVerifying
    • IofCompleteRequest
    • IoCreateDevice
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • RtlSetDaclSecurityDescriptor
    • PsGetProcessId
    • PsGetCurrentProcessSessionId
    • ZwTerminateProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • ZwOpenThread
    • PsProcessType
    • ExInterlockedInsertHeadList
    • ExInterlockedRemoveHeadList
    • CmRegisterCallback
    • CmUnRegisterCallback
    • RtlCreateRegistryKey
    • ZwOpenKey
    • ZwEnumerateKey
    • ZwQueryKey
    • ZwQueryValueKey
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • ProbeForWrite
    • PsSetLoadImageNotifyRoutine
    • PsRemoveLoadImageNotifyRoutine
    • PsGetProcessSectionBaseAddress
    • MmSystemRangeStart
    • KeBugCheckEx
    • ObfDereferenceObject
    • ObReferenceObjectByHandle
    • ProbeForRead
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • KeDelayExecutionThread
    • RtlGetVersion
    • DbgPrint
    • RtlCopyUnicodeString
    • RtlInitUnicodeString
    • wcsstr
    • IoCreateFileSpecifyDeviceObjectHint
    • strstr
    • FltSendMessage
    • FltCloseCommunicationPort
    • FltCreateCommunicationPort
    • FltStartFiltering
    • FltUnregisterFilter
    • FltRegisterFilter
    • FltBuildDefaultSecurityDescriptor

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .hook
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
          "Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
          "TBS": {
            "MD5": "d0785ad36e427c92b19f6826ab1e8020",
            "SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
            "SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
            "SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
          },
          "ValidFrom": "2012-12-21 00:00:00",
          "ValidTo": "2020-12-30 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
          "Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
          "TBS": {
            "MD5": "e9d38360b914c8863f6cba3ee58764d3",
            "SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
            "SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
            "SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
          },
          "ValidFrom": "2012-10-18 00:00:00",
          "ValidTo": "2020-12-29 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
          "TBS": {
            "MD5": "17e68f0650db3d4d698ef88ef963b47e",
            "SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
            "SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
            "SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
          },
          "ValidFrom": "2014-12-16 00:00:00",
          "ValidTo": "2017-12-20 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
          "Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "TBS": {
            "MD5": "829995f702421dea833a24fb2c7f4442",
            "SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
            "SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
            "SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamezam64.sys
    Creation Timestamp2015-07-23 05:10:50
    MD5db46c56849bbce9a55a03283efc8c280
    SHA18f4b79b8026da7f966d38a8ba494c113c5e3894b
    SHA2563c18ae965fba56d09a65770b4d8da54ccd7801f979d3ebd283397bc99646004b
    Authentihash MD5a7d940958aa06308dfb68ed67e6ae18c
    Authentihash SHA1ddb4d31681eb2e8e95aa33b78d454b29542d2a98
    Authentihash SHA256ab1290211250af83be645072d346693890f3f29feda5a3a23ea97758247f7ba1
    RichPEHeaderHash MD5ae5755ef6edfaf47c756c813503d9491
    RichPEHeaderHash SHA112e5b706039cb80653dac2ed809faf430e392b64
    RichPEHeaderHash SHA2569cb52aae7fdcaabee6e2e9b8640a4a386e7610f0fdedd53413fd1a9d1e7c044b
    CompanyZemana Ltd.
    DescriptionZAM
    ProductZAM

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 0210230fd364b469091b8a4440145e18
    FieldValue
    ToBeSigned (TBS) MD517e68f0650db3d4d698ef88ef963b47e
    ToBeSigned (TBS) SHA100162854ea07ea0a83aa941767277a5c3ab03c9d
    ToBeSigned (TBS) SHA2567caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
    SubjectC=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
    ValidFrom2014-12-16 00:00:00
    ValidTo2017-12-20 12:00:00
    Signature8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0210230fd364b469091b8a4440145e18
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ObfDereferenceObject
    • ZwCreateFile
    • ZwClose
    • RtlUpperString
    • RtlUpcaseUnicodeString
    • PsGetCurrentProcessId
    • ZwOpenProcess
    • PsLookupProcessByProcessId
    • ObQueryNameString
    • FsRtlIsNameInExpression
    • ZwQueryInformationProcess
    • __C_specific_handler
    • DbgPrint
    • KeAcquireSpinLockRaiseToDpc
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • PsGetProcessImageFileName
    • PsGetProcessSessionId
    • RtlAppendUnicodeStringToString
    • ZwDeleteValueKey
    • ZwSetValueKey
    • towupper
    • RtlIntegerToUnicodeString
    • RtlAppendUnicodeToString
    • KeInitializeEvent
    • KeSetEvent
    • KeWaitForSingleObject
    • KeAcquireSpinLockAtDpcLevel
    • KeReleaseSpinLockFromDpcLevel
    • MmProbeAndLockPages
    • IoAllocateIrp
    • IoAllocateMdl
    • IofCallDriver
    • IoFreeIrp
    • IoFreeMdl
    • IoGetDeviceObjectPointer
    • IoGetRelatedDeviceObject
    • ObCloseHandle
    • ObfReferenceObject
    • ZwQueryInformationFile
    • ZwSetInformationFile
    • ZwReadFile
    • ZwWriteFile
    • ZwOpenSymbolicLinkObject
    • ZwQuerySymbolicLinkObject
    • IoCreateFileSpecifyDeviceObjectHint
    • ObReferenceObjectByHandle
    • FsRtlGetFileSize
    • ZwDeleteFile
    • ZwQuerySystemInformation
    • IoFileObjectType
    • KeReadStateEvent
    • ExQueueWorkItem
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • NtOpenProcess
    • ZwCreateEvent
    • ZwWaitForSingleObject
    • ZwSetEvent
    • NtQuerySystemInformation
    • ExEventObjectType
    • NtBuildNumber
    • ZwDeleteKey
    • ObReferenceObjectByName
    • IoDriverObjectType
    • MmIsDriverVerifying
    • IofCompleteRequest
    • IoCreateDevice
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • PsGetProcessId
    • PsGetCurrentProcessSessionId
    • ZwTerminateProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • ZwOpenThread
    • PsProcessType
    • ExInterlockedInsertHeadList
    • ExInterlockedRemoveHeadList
    • CmRegisterCallback
    • CmUnRegisterCallback
    • RtlCreateRegistryKey
    • ZwOpenKey
    • ZwEnumerateKey
    • ZwQueryKey
    • ZwQueryValueKey
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • ProbeForWrite
    • PsSetLoadImageNotifyRoutine
    • PsRemoveLoadImageNotifyRoutine
    • MmSystemRangeStart
    • KeBugCheckEx
    • ProbeForRead
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • KeDelayExecutionThread
    • RtlGetVersion
    • RtlCopyUnicodeString
    • RtlInitUnicodeString
    • wcsstr
    • IoGetDeviceAttachmentBaseRef
    • strstr

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .hook
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
          "Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
          "TBS": {
            "MD5": "d0785ad36e427c92b19f6826ab1e8020",
            "SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
            "SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
            "SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
          },
          "ValidFrom": "2012-12-21 00:00:00",
          "ValidTo": "2020-12-30 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
          "Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
          "TBS": {
            "MD5": "e9d38360b914c8863f6cba3ee58764d3",
            "SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
            "SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
            "SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
          },
          "ValidFrom": "2012-10-18 00:00:00",
          "ValidTo": "2020-12-29 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
          "TBS": {
            "MD5": "17e68f0650db3d4d698ef88ef963b47e",
            "SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
            "SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
            "SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
          },
          "ValidFrom": "2014-12-16 00:00:00",
          "ValidTo": "2017-12-20 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
          "Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "TBS": {
            "MD5": "829995f702421dea833a24fb2c7f4442",
            "SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
            "SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
            "SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamezamguard64.sys
    Creation Timestamp2016-05-24 03:38:42
    MD599c131567c10c25589e741e69a8f8aa3
    SHA13b8ddf860861cc4040dea2d2d09f80582547d105
    SHA25645f42c5d874369d6be270ea27a5511efcca512aeac7977f83a51b7c4dee6b5ef
    Authentihash MD538757cf8a65976f362f287c3e94f8c1b
    Authentihash SHA187cdb7698822d92a070b83b732fffa0ea99e34a2
    Authentihash SHA256950b672d3300bcacefe568156fbc8b16fa09da13df2f6ecda31254faaaf041f9
    RichPEHeaderHash MD5c0210f91c028886456549a7aa78f8147
    RichPEHeaderHash SHA1ea5478898d988d1bfa1287940ad74e5445f80a8d
    RichPEHeaderHash SHA256820b53e3b20277040944a1286a3f401ca8fb24b4f93535dc570e2261632e2f26
    CompanyZemana Ltd.
    DescriptionZAM
    ProductZAM

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 0210230fd364b469091b8a4440145e18
    FieldValue
    ToBeSigned (TBS) MD517e68f0650db3d4d698ef88ef963b47e
    ToBeSigned (TBS) SHA100162854ea07ea0a83aa941767277a5c3ab03c9d
    ToBeSigned (TBS) SHA2567caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
    SubjectC=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
    ValidFrom2014-12-16 00:00:00
    ValidTo2017-12-20 12:00:00
    Signature8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0210230fd364b469091b8a4440145e18
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • FsRtlIsNameInExpression
    • PsGetProcessImageFileName
    • ZwQueryInformationProcess
    • __C_specific_handler
    • strchr
    • RtlAppendUnicodeToString
    • KeInitializeSemaphore
    • KeReleaseSemaphore
    • KeWaitForSingleObject
    • KeAcquireSpinLockRaiseToDpc
    • KeReleaseSpinLock
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • ZwQueryInformationFile
    • ZwWriteFile
    • PsGetCurrentThreadId
    • ZwDeleteFile
    • _vsnprintf
    • PsThreadType
    • PsSetCreateProcessNotifyRoutine
    • PsGetProcessSessionId
    • RtlAppendUnicodeStringToString
    • ZwDeleteValueKey
    • ZwSetValueKey
    • towupper
    • RtlIntegerToUnicodeString
    • KeInitializeEvent
    • KeSetEvent
    • KeAcquireSpinLockAtDpcLevel
    • KeReleaseSpinLockFromDpcLevel
    • MmProbeAndLockPages
    • IoAllocateIrp
    • IoAllocateMdl
    • IofCallDriver
    • IoFreeIrp
    • IoFreeMdl
    • IoGetDeviceObjectPointer
    • IoGetRelatedDeviceObject
    • ObCloseHandle
    • ObfReferenceObject
    • ZwSetInformationFile
    • ZwReadFile
    • ZwOpenSymbolicLinkObject
    • ZwQuerySymbolicLinkObject
    • IoCreateFileSpecifyDeviceObjectHint
    • IoGetDeviceAttachmentBaseRef
    • FsRtlGetFileSize
    • ObQueryNameString
    • IoFileObjectType
    • KeReadStateEvent
    • ExQueueWorkItem
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • NtOpenProcess
    • ZwCreateEvent
    • ZwWaitForSingleObject
    • ZwSetEvent
    • NtQuerySystemInformation
    • ExEventObjectType
    • NtBuildNumber
    • ZwDeleteKey
    • ObReferenceObjectByName
    • IoDriverObjectType
    • MmIsDriverVerifying
    • IofCompleteRequest
    • IoCreateDevice
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • RtlSetDaclSecurityDescriptor
    • MmMapLockedPagesSpecifyCache
    • PsGetProcessId
    • IoThreadToProcess
    • PsGetCurrentProcessSessionId
    • ZwTerminateProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • ZwOpenThread
    • PsProcessType
    • ExInterlockedInsertHeadList
    • ExInterlockedRemoveHeadList
    • CmRegisterCallback
    • CmUnRegisterCallback
    • RtlCreateRegistryKey
    • ZwOpenKey
    • ZwEnumerateKey
    • ZwQueryKey
    • ZwQueryValueKey
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • ProbeForWrite
    • PsSetLoadImageNotifyRoutine
    • PsRemoveLoadImageNotifyRoutine
    • PsGetProcessSectionBaseAddress
    • MmSystemRangeStart
    • KeBugCheckEx
    • PsLookupProcessByProcessId
    • ZwOpenProcess
    • PsGetCurrentProcessId
    • RtlUpcaseUnicodeString
    • RtlUpperString
    • ZwClose
    • ZwCreateFile
    • ObfDereferenceObject
    • ObReferenceObjectByHandle
    • ProbeForRead
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • KeDelayExecutionThread
    • RtlGetVersion
    • DbgPrint
    • RtlCopyUnicodeString
    • RtlInitUnicodeString
    • wcsstr
    • ZwQuerySystemInformation
    • strstr
    • FltSendMessage
    • FltCloseCommunicationPort
    • FltCreateCommunicationPort
    • FltReleaseContext
    • FltGetStreamHandleContext
    • FltSetStreamHandleContext
    • FltAllocateContext
    • FltCancelFileOpen
    • FltQueryInformationFile
    • FltReadFile
    • FltParseFileNameInformation
    • FltReleaseFileNameInformation
    • FltGetFileNameInformation
    • FltFreePoolAlignedWithTag
    • FltAllocatePoolAlignedWithTag
    • FltStartFiltering
    • FltUnregisterFilter
    • FltRegisterFilter
    • FltBuildDefaultSecurityDescriptor

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .hook
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
          "Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
          "TBS": {
            "MD5": "d0785ad36e427c92b19f6826ab1e8020",
            "SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
            "SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
            "SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
          },
          "ValidFrom": "2012-12-21 00:00:00",
          "ValidTo": "2020-12-30 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
          "Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
          "TBS": {
            "MD5": "e9d38360b914c8863f6cba3ee58764d3",
            "SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
            "SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
            "SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
          },
          "ValidFrom": "2012-10-18 00:00:00",
          "ValidTo": "2020-12-29 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
          "TBS": {
            "MD5": "17e68f0650db3d4d698ef88ef963b47e",
            "SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
            "SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
            "SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
          },
          "ValidFrom": "2014-12-16 00:00:00",
          "ValidTo": "2017-12-20 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
          "Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "TBS": {
            "MD5": "829995f702421dea833a24fb2c7f4442",
            "SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
            "SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
            "SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamezam64.sys
    Creation Timestamp2015-11-03 07:00:59
    MD5e5f8fcdfb52155ed4dffd8a205b3d091
    SHA190abd7670c84c47e6ffc45c67d676db8c12b1939
    SHA25676614f2e372f33100a8d92bf372cdbc1e183930ca747eed0b0cf2501293b990a
    Authentihash MD5ad2c4382390a8740dcea8b0aef5552c2
    Authentihash SHA10740faffcb163f4c8cd204c367b9492f2e361207
    Authentihash SHA256b529550e8d2ec6133be50d7139179654301ff84ba09da0cd256c5dec924a185c
    RichPEHeaderHash MD59b5178d71a0cb5373b4990094392a528
    RichPEHeaderHash SHA1155e20603f42078857e8d77b8729385f21b38222
    RichPEHeaderHash SHA25620fee3293ed1f05bc11ae72145db01fabac5b03a5373d99becc657699f98b330
    CompanyZemana Ltd.
    DescriptionZAM
    ProductZAM

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 0210230fd364b469091b8a4440145e18
    FieldValue
    ToBeSigned (TBS) MD517e68f0650db3d4d698ef88ef963b47e
    ToBeSigned (TBS) SHA100162854ea07ea0a83aa941767277a5c3ab03c9d
    ToBeSigned (TBS) SHA2567caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
    SubjectC=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
    ValidFrom2014-12-16 00:00:00
    ValidTo2017-12-20 12:00:00
    Signature8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0210230fd364b469091b8a4440145e18
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • ZwClose
    • RtlUpperString
    • RtlUpcaseUnicodeString
    • PsGetCurrentProcessId
    • ZwOpenProcess
    • PsLookupProcessByProcessId
    • ObQueryNameString
    • FsRtlIsNameInExpression
    • PsGetProcessImageFileName
    • ZwQueryInformationProcess
    • __C_specific_handler
    • strchr
    • RtlAppendUnicodeToString
    • KeInitializeSemaphore
    • KeReleaseSemaphore
    • KeWaitForSingleObject
    • KeAcquireSpinLockRaiseToDpc
    • KeReleaseSpinLock
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • ZwQueryInformationFile
    • ZwWriteFile
    • PsGetCurrentThreadId
    • ZwDeleteFile
    • _vsnprintf
    • PsThreadType
    • PsSetCreateProcessNotifyRoutine
    • PsGetProcessSessionId
    • RtlAppendUnicodeStringToString
    • ZwDeleteValueKey
    • ZwSetValueKey
    • towupper
    • RtlIntegerToUnicodeString
    • KeInitializeEvent
    • KeSetEvent
    • KeAcquireSpinLockAtDpcLevel
    • KeReleaseSpinLockFromDpcLevel
    • MmProbeAndLockPages
    • IoAllocateIrp
    • IoAllocateMdl
    • IofCallDriver
    • IoFreeIrp
    • IoFreeMdl
    • IoGetDeviceObjectPointer
    • IoGetRelatedDeviceObject
    • ObCloseHandle
    • ObfReferenceObject
    • ZwSetInformationFile
    • ZwReadFile
    • ZwOpenSymbolicLinkObject
    • ZwCreateFile
    • IoCreateFileSpecifyDeviceObjectHint
    • IoGetDeviceAttachmentBaseRef
    • FsRtlGetFileSize
    • ZwQuerySystemInformation
    • IoFileObjectType
    • KeReadStateEvent
    • ExQueueWorkItem
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • NtOpenProcess
    • ZwCreateEvent
    • ZwWaitForSingleObject
    • ZwSetEvent
    • NtQuerySystemInformation
    • ExEventObjectType
    • NtBuildNumber
    • ZwDeleteKey
    • ObReferenceObjectByName
    • IoDriverObjectType
    • MmIsDriverVerifying
    • IofCompleteRequest
    • IoCreateDevice
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • RtlSetDaclSecurityDescriptor
    • PsGetProcessId
    • PsGetCurrentProcessSessionId
    • ZwTerminateProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • ZwOpenThread
    • PsProcessType
    • ExInterlockedInsertHeadList
    • ExInterlockedRemoveHeadList
    • CmRegisterCallback
    • CmUnRegisterCallback
    • RtlCreateRegistryKey
    • ZwOpenKey
    • ZwEnumerateKey
    • ZwQueryKey
    • ZwQueryValueKey
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • ProbeForWrite
    • PsSetLoadImageNotifyRoutine
    • PsRemoveLoadImageNotifyRoutine
    • MmSystemRangeStart
    • KeBugCheckEx
    • ObfDereferenceObject
    • ObReferenceObjectByHandle
    • ProbeForRead
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • KeDelayExecutionThread
    • RtlGetVersion
    • DbgPrint
    • RtlCopyUnicodeString
    • RtlInitUnicodeString
    • wcsstr
    • ZwQuerySymbolicLinkObject
    • strstr
    • FltSendMessage
    • FltCloseCommunicationPort
    • FltCreateCommunicationPort
    • FltStartFiltering
    • FltUnregisterFilter
    • FltRegisterFilter
    • FltBuildDefaultSecurityDescriptor

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .hook
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
          "Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
          "TBS": {
            "MD5": "d0785ad36e427c92b19f6826ab1e8020",
            "SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
            "SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
            "SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
          },
          "ValidFrom": "2012-12-21 00:00:00",
          "ValidTo": "2020-12-30 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
          "Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
          "TBS": {
            "MD5": "e9d38360b914c8863f6cba3ee58764d3",
            "SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
            "SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
            "SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
          },
          "ValidFrom": "2012-10-18 00:00:00",
          "ValidTo": "2020-12-29 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
          "TBS": {
            "MD5": "17e68f0650db3d4d698ef88ef963b47e",
            "SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
            "SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
            "SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
          },
          "ValidFrom": "2014-12-16 00:00:00",
          "ValidTo": "2017-12-20 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
          "Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "TBS": {
            "MD5": "829995f702421dea833a24fb2c7f4442",
            "SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
            "SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
            "SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamezam64.sys
    Creation Timestamp2016-08-17 11:06:53
    MD5707ab1170389eba44ffd4cfad01b5969
    SHA1b99a5396094b6b20cea72fbf0c0083030155f74e
    SHA2567cb594af6a3655daebc9fad9c8abf2417b00ba31dcd118707824e5316fc0cc21
    Authentihash MD5fb3161dd2e402cfdd3495278974f4181
    Authentihash SHA19c7deb9def09bca28c37211992c76880f575b9ef
    Authentihash SHA256a59ad5be59f73f2a138c70d8aa634bf5f3364a67e072b64ff2a6d4627514a9ad
    RichPEHeaderHash MD5c0210f91c028886456549a7aa78f8147
    RichPEHeaderHash SHA1ea5478898d988d1bfa1287940ad74e5445f80a8d
    RichPEHeaderHash SHA256820b53e3b20277040944a1286a3f401ca8fb24b4f93535dc570e2261632e2f26
    CompanyZemana Ltd.
    DescriptionZAM
    ProductZAM

    Download

    Certificates

    Expand
    Certificate 3300000058e7c589c068dca727000000000058
    FieldValue
    ToBeSigned (TBS) MD5d83c9268bb1f35e4ea0f81b7b876b4f8
    ToBeSigned (TBS) SHA16a784e02bf67f5791a85567716aa2d0fd701fcd0
    ToBeSigned (TBS) SHA25600dab92fcb3753ac06147a6d8888b5731877d84979e3f178f572e3a1dff33fa8
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2022-06-07 18:08:07
    ValidTo2023-06-01 18:08:07
    Signature4c967b89d7f96aa22dbaa9eee6cdc8dad16669620cd9c5c84bf3ca1ec4eaa4a67df9fafb84ba75fcec635f0a3d484541d890d65542406e5792504ecb8fd428068837b11d8e9d4cdb503608d0842dea48428247b46364746dc86b79cdc3379acb229e67b749ed31d3c6bcc88624bff3e066355d59b7ef9e715d3c3270506d1e794959edd8df2572505c15876ac0f42ed0d05f70214f50fb109627ab192b217d6a2bf503fe35811f6ffcf0585ae508c37589dc8015eea615f36ea2f1105c0f677a6758cb4898b57458cab4fc2e1c60f8af32baf51cb41b775e79815713693db878a935b1fb8232232310bba545e57c74d63a406968c36818974ea1e425839b83e81c94897f1b896d2974e32ff5a47f8bcefdebfde84a4d01c5918bf98aececb8edb2ef9dc697054676a10c04313f3a131469c978f2e7839f11a28e436936cc07e227fd705becbb54ba67c2eeaaa025658811de22f37e4ce51109c10ed94a65583cc4e4024432cedf41b3b18b175360b1f4e12a0cc9d562e7fabd80bacb78a74e9262a9a46c3d0a7757f71e4202522cb70d9591c77e1a4b0ca24739a9cef78f7d2fb376c4cf56a35b58deb7dba458bee058254bc3883ba356c79f458815e3bbcac600b063594db47ffdbb215783bf5c38c74a1fc6271a093aab79b4cf253c14b1eeb89f9c607d7956203166fa4420482b52ab4f3bd3f0e6bda4a13a018f0ecdb0a0
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber3300000058e7c589c068dca727000000000058
    Version3
    Certificate 330000000d690d5d7893d076df00000000000d
    FieldValue
    ToBeSigned (TBS) MD583f69422963f11c3c340b81712eef319
    ToBeSigned (TBS) SHA10c5e5f24590b53bc291e28583acb78e5adc95601
    ToBeSigned (TBS) SHA256d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014
    ValidFrom2014-10-15 20:31:27
    ValidTo2029-10-15 20:41:27
    Signature96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber330000000d690d5d7893d076df00000000000d
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • FsRtlIsNameInExpression
    • PsGetProcessImageFileName
    • ZwQueryInformationProcess
    • __C_specific_handler
    • strchr
    • RtlAppendUnicodeToString
    • KeInitializeSemaphore
    • KeReleaseSemaphore
    • KeWaitForSingleObject
    • KeAcquireSpinLockRaiseToDpc
    • KeReleaseSpinLock
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • ZwQueryInformationFile
    • ZwWriteFile
    • PsGetCurrentThreadId
    • ZwDeleteFile
    • _vsnprintf
    • PsThreadType
    • PsSetCreateProcessNotifyRoutine
    • PsGetProcessSessionId
    • RtlAppendUnicodeStringToString
    • ZwDeleteValueKey
    • ZwSetValueKey
    • towupper
    • RtlIntegerToUnicodeString
    • KeInitializeEvent
    • KeSetEvent
    • KeAcquireSpinLockAtDpcLevel
    • KeReleaseSpinLockFromDpcLevel
    • MmProbeAndLockPages
    • IoAllocateIrp
    • IoAllocateMdl
    • IofCallDriver
    • IoFreeIrp
    • IoFreeMdl
    • IoGetDeviceObjectPointer
    • IoGetRelatedDeviceObject
    • ObCloseHandle
    • ObfReferenceObject
    • ZwSetInformationFile
    • ZwReadFile
    • ZwOpenSymbolicLinkObject
    • ZwQuerySymbolicLinkObject
    • IoCreateFileSpecifyDeviceObjectHint
    • IoGetDeviceAttachmentBaseRef
    • FsRtlGetFileSize
    • ObQueryNameString
    • IoFileObjectType
    • KeReadStateEvent
    • ExQueueWorkItem
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • NtOpenProcess
    • ZwCreateEvent
    • ZwWaitForSingleObject
    • ZwSetEvent
    • NtQuerySystemInformation
    • ExEventObjectType
    • NtBuildNumber
    • ZwDeleteKey
    • ObReferenceObjectByName
    • IoDriverObjectType
    • MmIsDriverVerifying
    • IofCompleteRequest
    • IoCreateDevice
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • RtlSetDaclSecurityDescriptor
    • MmMapLockedPagesSpecifyCache
    • PsGetProcessId
    • IoThreadToProcess
    • PsGetCurrentProcessSessionId
    • ZwTerminateProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • ZwOpenThread
    • PsProcessType
    • ExInterlockedInsertHeadList
    • ExInterlockedRemoveHeadList
    • CmRegisterCallback
    • CmUnRegisterCallback
    • RtlCreateRegistryKey
    • ZwOpenKey
    • ZwEnumerateKey
    • ZwQueryKey
    • ZwQueryValueKey
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • ProbeForWrite
    • PsSetLoadImageNotifyRoutine
    • PsRemoveLoadImageNotifyRoutine
    • PsGetProcessSectionBaseAddress
    • MmSystemRangeStart
    • KeBugCheckEx
    • PsLookupProcessByProcessId
    • ZwOpenProcess
    • PsGetCurrentProcessId
    • RtlUpcaseUnicodeString
    • RtlUpperString
    • ZwClose
    • ZwCreateFile
    • ObfDereferenceObject
    • ObReferenceObjectByHandle
    • ProbeForRead
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • KeDelayExecutionThread
    • RtlGetVersion
    • DbgPrint
    • RtlCopyUnicodeString
    • RtlInitUnicodeString
    • wcsstr
    • ZwQuerySystemInformation
    • strstr
    • FltSendMessage
    • FltCloseCommunicationPort
    • FltCreateCommunicationPort
    • FltReleaseContext
    • FltGetStreamHandleContext
    • FltSetStreamHandleContext
    • FltAllocateContext
    • FltCancelFileOpen
    • FltQueryInformationFile
    • FltReadFile
    • FltParseFileNameInformation
    • FltReleaseFileNameInformation
    • FltGetFileNameInformation
    • FltFreePoolAlignedWithTag
    • FltAllocatePoolAlignedWithTag
    • FltStartFiltering
    • FltUnregisterFilter
    • FltRegisterFilter
    • FltBuildDefaultSecurityDescriptor

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .hook
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
          "Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
          "TBS": {
            "MD5": "d0785ad36e427c92b19f6826ab1e8020",
            "SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
            "SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
            "SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
          },
          "ValidFrom": "2012-12-21 00:00:00",
          "ValidTo": "2020-12-30 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
          "Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
          "TBS": {
            "MD5": "e9d38360b914c8863f6cba3ee58764d3",
            "SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
            "SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
            "SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
          },
          "ValidFrom": "2012-10-18 00:00:00",
          "ValidTo": "2020-12-29 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
          "TBS": {
            "MD5": "17e68f0650db3d4d698ef88ef963b47e",
            "SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
            "SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
            "SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
          },
          "ValidFrom": "2014-12-16 00:00:00",
          "ValidTo": "2017-12-20 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
          "Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "TBS": {
            "MD5": "829995f702421dea833a24fb2c7f4442",
            "SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
            "SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
            "SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamezam64.sys
    Creation Timestamp2015-08-30 06:52:48
    MD59e0659d443a2b9d1afc75a160f500605
    SHA109f117d83f2f206ee37f1eb19eea576a0ac9bdcc
    SHA2568fe9828bea83adc8b1429394db7a556a17f79846ad0bfb7f242084a5c96edf2a
    Authentihash MD5536527a09edbc7e8c174f7f7423a79a1
    Authentihash SHA160d4d82640d4550c3e2cfba69f00b5c7472e4926
    Authentihash SHA256dcf9bc1e511993fd8c87b8cab5c23366cc818cccc40617cabc8f242d4a8751d7
    RichPEHeaderHash MD5ae5755ef6edfaf47c756c813503d9491
    RichPEHeaderHash SHA112e5b706039cb80653dac2ed809faf430e392b64
    RichPEHeaderHash SHA2569cb52aae7fdcaabee6e2e9b8640a4a386e7610f0fdedd53413fd1a9d1e7c044b
    CompanyZemana Ltd.
    DescriptionZAM
    ProductZAM

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 0210230fd364b469091b8a4440145e18
    FieldValue
    ToBeSigned (TBS) MD517e68f0650db3d4d698ef88ef963b47e
    ToBeSigned (TBS) SHA100162854ea07ea0a83aa941767277a5c3ab03c9d
    ToBeSigned (TBS) SHA2567caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
    SubjectC=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
    ValidFrom2014-12-16 00:00:00
    ValidTo2017-12-20 12:00:00
    Signature8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0210230fd364b469091b8a4440145e18
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ObfDereferenceObject
    • ZwCreateFile
    • ZwClose
    • RtlUpperString
    • RtlUpcaseUnicodeString
    • PsGetCurrentProcessId
    • ZwOpenProcess
    • PsLookupProcessByProcessId
    • ObQueryNameString
    • FsRtlIsNameInExpression
    • ZwQueryInformationProcess
    • __C_specific_handler
    • DbgPrint
    • KeAcquireSpinLockRaiseToDpc
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • PsGetProcessImageFileName
    • PsGetProcessSessionId
    • RtlAppendUnicodeStringToString
    • ZwDeleteValueKey
    • ZwSetValueKey
    • towupper
    • RtlIntegerToUnicodeString
    • RtlAppendUnicodeToString
    • KeInitializeEvent
    • KeSetEvent
    • KeWaitForSingleObject
    • KeAcquireSpinLockAtDpcLevel
    • KeReleaseSpinLockFromDpcLevel
    • MmProbeAndLockPages
    • IoAllocateIrp
    • IoAllocateMdl
    • IofCallDriver
    • IoFreeIrp
    • IoFreeMdl
    • IoGetDeviceObjectPointer
    • IoGetRelatedDeviceObject
    • ObCloseHandle
    • ObfReferenceObject
    • ZwQueryInformationFile
    • ZwSetInformationFile
    • ZwReadFile
    • ZwWriteFile
    • ZwOpenSymbolicLinkObject
    • ZwQuerySymbolicLinkObject
    • IoCreateFileSpecifyDeviceObjectHint
    • ObReferenceObjectByHandle
    • FsRtlGetFileSize
    • ZwDeleteFile
    • ZwQuerySystemInformation
    • IoFileObjectType
    • KeReadStateEvent
    • ExQueueWorkItem
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • NtOpenProcess
    • ZwCreateEvent
    • ZwWaitForSingleObject
    • ZwSetEvent
    • NtQuerySystemInformation
    • ExEventObjectType
    • NtBuildNumber
    • ZwDeleteKey
    • ObReferenceObjectByName
    • IoDriverObjectType
    • MmIsDriverVerifying
    • IofCompleteRequest
    • IoCreateDevice
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • PsGetProcessId
    • PsGetCurrentProcessSessionId
    • ZwTerminateProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • ZwOpenThread
    • PsProcessType
    • ExInterlockedInsertHeadList
    • ExInterlockedRemoveHeadList
    • CmRegisterCallback
    • CmUnRegisterCallback
    • RtlCreateRegistryKey
    • ZwOpenKey
    • ZwEnumerateKey
    • ZwQueryKey
    • ZwQueryValueKey
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • ProbeForWrite
    • PsSetLoadImageNotifyRoutine
    • PsRemoveLoadImageNotifyRoutine
    • MmSystemRangeStart
    • KeBugCheckEx
    • ProbeForRead
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • KeDelayExecutionThread
    • RtlGetVersion
    • RtlCopyUnicodeString
    • RtlInitUnicodeString
    • wcsstr
    • IoGetDeviceAttachmentBaseRef
    • strstr

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .hook
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
          "Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
          "TBS": {
            "MD5": "d0785ad36e427c92b19f6826ab1e8020",
            "SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
            "SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
            "SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
          },
          "ValidFrom": "2012-12-21 00:00:00",
          "ValidTo": "2020-12-30 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
          "Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
          "TBS": {
            "MD5": "e9d38360b914c8863f6cba3ee58764d3",
            "SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
            "SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
            "SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
          },
          "ValidFrom": "2012-10-18 00:00:00",
          "ValidTo": "2020-12-29 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
          "TBS": {
            "MD5": "17e68f0650db3d4d698ef88ef963b47e",
            "SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
            "SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
            "SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
          },
          "ValidFrom": "2014-12-16 00:00:00",
          "ValidTo": "2017-12-20 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
          "Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "TBS": {
            "MD5": "829995f702421dea833a24fb2c7f4442",
            "SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
            "SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
            "SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamezamguard64.sys
    Creation Timestamp2015-06-30 07:29:29
    MD551e7b58f6e9b776568ffbd4dd9972a60
    SHA12cf75df00c69d907cfe683cb25077015d05be65d
    SHA2569a95a70f68144980f2d684e96c79bdc93ebca1587f46afae6962478631e85d0c
    Authentihash MD5e03436e22127cd75a132169b627e5a3f
    Authentihash SHA1b8d8e15e952b3fd2a510699d2124253565ecd611
    Authentihash SHA256082adcdc2d246d2291bcf135a7519840a84f27cfa3143d1372a9e2aa5e514dbd
    RichPEHeaderHash MD5e0c0e404602172aa48774d25d95566a0
    RichPEHeaderHash SHA10063132555d9e0100f871f754fde426fbd9ad317
    RichPEHeaderHash SHA256abed6bb7959144a794ce1a624a4c333b89d73ac622d253fca9f3aab4a3505783
    CompanyZemana Ltd.
    DescriptionZAM
    ProductZAM

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 0210230fd364b469091b8a4440145e18
    FieldValue
    ToBeSigned (TBS) MD517e68f0650db3d4d698ef88ef963b47e
    ToBeSigned (TBS) SHA100162854ea07ea0a83aa941767277a5c3ab03c9d
    ToBeSigned (TBS) SHA2567caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
    SubjectC=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
    ValidFrom2014-12-16 00:00:00
    ValidTo2017-12-20 12:00:00
    Signature8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0210230fd364b469091b8a4440145e18
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strstr
    • wcsstr
    • RtlInitUnicodeString
    • RtlCopyUnicodeString
    • RtlGetVersion
    • KeDelayExecutionThread
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ProbeForRead
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwCreateFile
    • ZwClose
    • RtlUpperString
    • RtlUpcaseUnicodeString
    • PsGetCurrentProcessId
    • ZwOpenProcess
    • PsLookupProcessByProcessId
    • ObQueryNameString
    • FsRtlIsNameInExpression
    • ZwQueryInformationProcess
    • __C_specific_handler
    • DbgPrint
    • KeAcquireSpinLockRaiseToDpc
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • PsGetProcessImageFileName
    • PsGetProcessSessionId
    • RtlAppendUnicodeStringToString
    • ZwDeleteValueKey
    • ZwSetValueKey
    • towupper
    • RtlIntegerToUnicodeString
    • RtlAppendUnicodeToString
    • KeInitializeEvent
    • KeSetEvent
    • KeWaitForSingleObject
    • KeAcquireSpinLockAtDpcLevel
    • KeReleaseSpinLockFromDpcLevel
    • MmProbeAndLockPages
    • IoAllocateIrp
    • IoAllocateMdl
    • IofCallDriver
    • IoFreeIrp
    • IoFreeMdl
    • IoGetDeviceObjectPointer
    • IoGetRelatedDeviceObject
    • ObCloseHandle
    • ObfReferenceObject
    • ZwQueryInformationFile
    • ZwSetInformationFile
    • ZwReadFile
    • ZwWriteFile
    • ZwOpenSymbolicLinkObject
    • ZwQuerySymbolicLinkObject
    • IoCreateFileSpecifyDeviceObjectHint
    • IoGetDeviceAttachmentBaseRef
    • FsRtlGetFileSize
    • ZwDeleteFile
    • ZwQuerySystemInformation
    • IoFileObjectType
    • KeReadStateEvent
    • ExQueueWorkItem
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • NtOpenProcess
    • ZwCreateEvent
    • ZwWaitForSingleObject
    • ZwSetEvent
    • NtQuerySystemInformation
    • ExEventObjectType
    • NtBuildNumber
    • ZwDeleteKey
    • ObReferenceObjectByName
    • IoDriverObjectType
    • MmIsDriverVerifying
    • IofCompleteRequest
    • IoCreateDevice
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • PsGetCurrentProcessSessionId
    • ZwTerminateProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • ZwOpenThread
    • PsProcessType
    • ExInterlockedInsertHeadList
    • ExInterlockedRemoveHeadList
    • CmRegisterCallback
    • CmUnRegisterCallback
    • RtlCreateRegistryKey
    • ZwOpenKey
    • ZwEnumerateKey
    • ZwQueryKey
    • ZwQueryValueKey
    • PsGetProcessId
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • ProbeForWrite
    • PsSetLoadImageNotifyRoutine
    • PsRemoveLoadImageNotifyRoutine
    • MmSystemRangeStart
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .hook
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
          "Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
          "TBS": {
            "MD5": "d0785ad36e427c92b19f6826ab1e8020",
            "SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
            "SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
            "SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
          },
          "ValidFrom": "2012-12-21 00:00:00",
          "ValidTo": "2020-12-30 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
          "Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
          "TBS": {
            "MD5": "e9d38360b914c8863f6cba3ee58764d3",
            "SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
            "SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
            "SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
          },
          "ValidFrom": "2012-10-18 00:00:00",
          "ValidTo": "2020-12-29 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
          "TBS": {
            "MD5": "17e68f0650db3d4d698ef88ef963b47e",
            "SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
            "SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
            "SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
          },
          "ValidFrom": "2014-12-16 00:00:00",
          "ValidTo": "2017-12-20 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
          "Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "TBS": {
            "MD5": "829995f702421dea833a24fb2c7f4442",
            "SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
            "SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
            "SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamezamguard32.sys
    Creation Timestamp2016-08-17 11:07:02
    MD506897b431c07886454e0681723dd53e6
    SHA140d29aa7b3fafd27c8b27c7ca7a3089ccb88d69b
    SHA256ab2632a4d93a7f3b7598c06a9fdc773a1b1b69a7dd926bdb7cf578992628e9dd
    Authentihash MD54e0b0bd19c0f3c4a2a75e786474d9d06
    Authentihash SHA1c5388c61135c7fe5617607206d663ac3eaef649c
    Authentihash SHA256de99cea1cb680816afa10d2629a8067af1dc289d2d162a21b9dba71eb0e47745
    RichPEHeaderHash MD5bf4174b7e1b1688fc834924419fb2346
    RichPEHeaderHash SHA1829a54d3ecb838b80db5f3231a409664bff1b987
    RichPEHeaderHash SHA256da5b2c2f97975f75865da42c25ff8a3f10f02a2eb3f7a80ccb37de3f16118e12
    CompanyZemana Ltd.
    DescriptionZAM
    ProductZAM

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 0210230fd364b469091b8a4440145e18
    FieldValue
    ToBeSigned (TBS) MD517e68f0650db3d4d698ef88ef963b47e
    ToBeSigned (TBS) SHA100162854ea07ea0a83aa941767277a5c3ab03c9d
    ToBeSigned (TBS) SHA2567caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
    SubjectC=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
    ValidFrom2014-12-16 00:00:00
    ValidTo2017-12-20 12:00:00
    Signature8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0210230fd364b469091b8a4440145e18
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll
    • FLTMGR.SYS

    Imported Functions

    Expand
    • _allmul
    • strchr
    • RtlAppendUnicodeToString
    • KeInitializeSemaphore
    • KeReleaseSemaphore
    • KeWaitForSingleObject
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • ZwQueryInformationFile
    • ZwWriteFile
    • PsGetCurrentThreadId
    • ZwDeleteFile
    • _vsnprintf
    • PsThreadType
    • KeQuerySystemTime
    • PsSetCreateProcessNotifyRoutine
    • PsGetProcessSessionId
    • RtlAppendUnicodeStringToString
    • ZwDeleteValueKey
    • ZwSetValueKey
    • towupper
    • KeGetCurrentThread
    • RtlIntegerToUnicodeString
    • RtlCompareMemory
    • KeInitializeEvent
    • KeSetEvent
    • KefAcquireSpinLockAtDpcLevel
    • KefReleaseSpinLockFromDpcLevel
    • MmProbeAndLockPages
    • IoAllocateIrp
    • IoAllocateMdl
    • IofCallDriver
    • IoFreeIrp
    • IoFreeMdl
    • IoGetDeviceObjectPointer
    • IoGetRelatedDeviceObject
    • ObCloseHandle
    • ObfReferenceObject
    • ZwSetInformationFile
    • ZwReadFile
    • ZwOpenSymbolicLinkObject
    • ZwQuerySymbolicLinkObject
    • IoCreateFileSpecifyDeviceObjectHint
    • IoGetDeviceAttachmentBaseRef
    • FsRtlGetFileSize
    • ZwQuerySystemInformation
    • IoFileObjectType
    • ZwQueryInformationProcess
    • ExQueueWorkItem
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • NtOpenProcess
    • ZwCreateEvent
    • ZwWaitForSingleObject
    • ZwSetEvent
    • NtQuerySystemInformation
    • ExEventObjectType
    • NtBuildNumber
    • ZwDeleteKey
    • ObReferenceObjectByName
    • IoDriverObjectType
    • MmIsDriverVerifying
    • IofCompleteRequest
    • IoCreateDevice
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • RtlSetDaclSecurityDescriptor
    • MmMapLockedPagesSpecifyCache
    • PsGetProcessId
    • IoThreadToProcess
    • PsGetCurrentProcessSessionId
    • ZwTerminateProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • ZwOpenThread
    • PsProcessType
    • ExfInterlockedInsertHeadList
    • ExfInterlockedRemoveHeadList
    • CmRegisterCallback
    • CmUnRegisterCallback
    • RtlCreateRegistryKey
    • ZwOpenKey
    • ZwEnumerateKey
    • ZwQueryKey
    • ZwQueryValueKey
    • KeServiceDescriptorTable
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • ProbeForWrite
    • PsSetLoadImageNotifyRoutine
    • PsRemoveLoadImageNotifyRoutine
    • PsGetProcessSectionBaseAddress
    • MmSystemRangeStart
    • KeBugCheckEx
    • RtlUnwind
    • PsGetProcessImageFileName
    • FsRtlIsNameInExpression
    • ObQueryNameString
    • PsLookupProcessByProcessId
    • PsGetCurrentProcessId
    • ZwOpenProcess
    • RtlUpcaseUnicodeString
    • RtlUpperString
    • ZwClose
    • ZwCreateFile
    • ObfDereferenceObject
    • ObReferenceObjectByHandle
    • ProbeForRead
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • KeDelayExecutionThread
    • RtlGetVersion
    • DbgPrint
    • RtlCopyUnicodeString
    • RtlInitUnicodeString
    • wcsstr
    • strstr
    • _aullshr
    • memcpy
    • KeReadStateEvent
    • memset
    • KfRaiseIrql
    • KfLowerIrql
    • KfReleaseSpinLock
    • KfAcquireSpinLock
    • KeGetCurrentIrql
    • FltSendMessage
    • FltCloseCommunicationPort
    • FltCreateCommunicationPort
    • FltReleaseContext
    • FltGetStreamHandleContext
    • FltSetStreamHandleContext
    • FltAllocateContext
    • FltCancelFileOpen
    • FltQueryInformationFile
    • FltReadFile
    • FltParseFileNameInformation
    • FltReleaseFileNameInformation
    • FltGetFileNameInformation
    • FltFreePoolAlignedWithTag
    • FltAllocatePoolAlignedWithTag
    • FltStartFiltering
    • FltUnregisterFilter
    • FltRegisterFilter
    • FltBuildDefaultSecurityDescriptor

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .hook
    • .rdata
    • .data
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
          "Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
          "TBS": {
            "MD5": "d0785ad36e427c92b19f6826ab1e8020",
            "SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
            "SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
            "SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
          },
          "ValidFrom": "2012-12-21 00:00:00",
          "ValidTo": "2020-12-30 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
          "Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
          "TBS": {
            "MD5": "e9d38360b914c8863f6cba3ee58764d3",
            "SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
            "SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
            "SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
          },
          "ValidFrom": "2012-10-18 00:00:00",
          "ValidTo": "2020-12-29 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
          "TBS": {
            "MD5": "17e68f0650db3d4d698ef88ef963b47e",
            "SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
            "SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
            "SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
          },
          "ValidFrom": "2014-12-16 00:00:00",
          "ValidTo": "2017-12-20 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
          "Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "TBS": {
            "MD5": "829995f702421dea833a24fb2c7f4442",
            "SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
            "SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
            "SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamezam64.sys
    Creation Timestamp2015-05-12 07:14:11
    MD5d4a10447fdaff7a001715191c1f914b6
    SHA1628e63caf72c29042e162f5f7570105d2108e3c2
    SHA256d7e091e0d478c34232e8479b950c5513077b3a69309885cee4c61063e5f74ac0
    Authentihash MD58ff959801623fcaf37f6fde89a4aeec1
    Authentihash SHA1b24f8e34221cb7eaa5bed2f177f6701380a0e71f
    Authentihash SHA2561a166e70dcaf3ef12836db1927953ee528e532cdae8165e67d776971e4cbc48c
    RichPEHeaderHash MD503ecbde4b65b5fc87f13e1aac3284168
    RichPEHeaderHash SHA140790d40c391b7325d1843e2c39597720c8c4f69
    RichPEHeaderHash SHA25686aa19cd5e2beaf013e66553b916cc39a8c456d7000e46bcfc4719eda41206b5
    CompanyZemana Ltd.
    DescriptionZAM
    ProductZAM

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 0210230fd364b469091b8a4440145e18
    FieldValue
    ToBeSigned (TBS) MD517e68f0650db3d4d698ef88ef963b47e
    ToBeSigned (TBS) SHA100162854ea07ea0a83aa941767277a5c3ab03c9d
    ToBeSigned (TBS) SHA2567caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
    SubjectC=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
    ValidFrom2014-12-16 00:00:00
    ValidTo2017-12-20 12:00:00
    Signature8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0210230fd364b469091b8a4440145e18
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • strstr
    • wcsstr
    • RtlInitUnicodeString
    • RtlCopyUnicodeString
    • RtlGetVersion
    • KeDelayExecutionThread
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ProbeForRead
    • ObReferenceObjectByHandle
    • ObfDereferenceObject
    • ZwCreateFile
    • ZwClose
    • RtlUpperString
    • RtlUpcaseUnicodeString
    • PsGetCurrentProcessId
    • ZwOpenProcess
    • PsLookupProcessByProcessId
    • ObQueryNameString
    • FsRtlIsNameInExpression
    • ZwQueryInformationProcess
    • __C_specific_handler
    • DbgPrint
    • KeAcquireSpinLockRaiseToDpc
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • PsGetProcessImageFileName
    • PsGetProcessSessionId
    • RtlAppendUnicodeStringToString
    • ZwDeleteValueKey
    • ZwSetValueKey
    • towupper
    • RtlIntegerToUnicodeString
    • RtlAppendUnicodeToString
    • KeInitializeEvent
    • KeSetEvent
    • KeWaitForSingleObject
    • KeAcquireSpinLockAtDpcLevel
    • KeReleaseSpinLockFromDpcLevel
    • MmProbeAndLockPages
    • IoAllocateIrp
    • IoAllocateMdl
    • IofCallDriver
    • IoFreeIrp
    • IoFreeMdl
    • IoGetDeviceObjectPointer
    • IoGetRelatedDeviceObject
    • ObCloseHandle
    • ObfReferenceObject
    • ZwQueryInformationFile
    • ZwSetInformationFile
    • ZwReadFile
    • ZwWriteFile
    • ZwOpenSymbolicLinkObject
    • ZwQuerySymbolicLinkObject
    • IoCreateFileSpecifyDeviceObjectHint
    • IoGetDeviceAttachmentBaseRef
    • FsRtlGetFileSize
    • ZwDeleteFile
    • ZwQuerySystemInformation
    • IoFileObjectType
    • KeReadStateEvent
    • ExQueueWorkItem
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • NtOpenProcess
    • ZwCreateEvent
    • ZwWaitForSingleObject
    • ZwSetEvent
    • NtQuerySystemInformation
    • ExEventObjectType
    • NtBuildNumber
    • ZwDeleteKey
    • ObReferenceObjectByName
    • IoDriverObjectType
    • MmIsDriverVerifying
    • IofCompleteRequest
    • IoCreateDevice
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • PsGetCurrentProcessSessionId
    • ZwTerminateProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • PsProcessType
    • ExInterlockedInsertHeadList
    • ExInterlockedRemoveHeadList
    • CmRegisterCallback
    • CmUnRegisterCallback
    • RtlCreateRegistryKey
    • ZwOpenKey
    • ZwEnumerateKey
    • ZwQueryKey
    • ZwQueryValueKey
    • PsGetProcessId
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • PsSetLoadImageNotifyRoutine
    • PsRemoveLoadImageNotifyRoutine
    • MmSystemRangeStart
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .hook
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
          "Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
          "TBS": {
            "MD5": "d0785ad36e427c92b19f6826ab1e8020",
            "SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
            "SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
            "SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
          },
          "ValidFrom": "2012-12-21 00:00:00",
          "ValidTo": "2020-12-30 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
          "Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
          "TBS": {
            "MD5": "e9d38360b914c8863f6cba3ee58764d3",
            "SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
            "SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
            "SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
          },
          "ValidFrom": "2012-10-18 00:00:00",
          "ValidTo": "2020-12-29 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
          "TBS": {
            "MD5": "17e68f0650db3d4d698ef88ef963b47e",
            "SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
            "SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
            "SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
          },
          "ValidFrom": "2014-12-16 00:00:00",
          "ValidTo": "2017-12-20 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
          "Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "TBS": {
            "MD5": "829995f702421dea833a24fb2c7f4442",
            "SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
            "SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
            "SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamezam64.sys
    Creation Timestamp2016-04-01 04:23:58
    MD575e50ae2e0f783e0caf912f45e15248a
    SHA1a3d612a5ea3439ba72157bd96e390070bdddbbf3
    SHA256de8f8006d8ee429b5f333503defa54b25447f4ed6aeade5e4219e23f3473ef1c
    Authentihash MD5cf4707d1cc2b1d1344058ac750e4e61e
    Authentihash SHA13bd3de766013c31d87545bd7affd8e52c4e24f72
    Authentihash SHA256e5316670c0bddc0519ef96b2db89285a8620a260429a97f9d2cf5b58b0287d91
    RichPEHeaderHash MD5de13056bb6ad645db28aad154de62bbd
    RichPEHeaderHash SHA1fab3d62fdad6b298341cc10935165f8e565b4f0b
    RichPEHeaderHash SHA256a0d4900197b774247b0cb136ab600bfdb16e2ea139e80b8ee4bd0cc768223a5a
    CompanyZemana Ltd.
    DescriptionZAM
    ProductZAM

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 0210230fd364b469091b8a4440145e18
    FieldValue
    ToBeSigned (TBS) MD517e68f0650db3d4d698ef88ef963b47e
    ToBeSigned (TBS) SHA100162854ea07ea0a83aa941767277a5c3ab03c9d
    ToBeSigned (TBS) SHA2567caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
    SubjectC=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
    ValidFrom2014-12-16 00:00:00
    ValidTo2017-12-20 12:00:00
    Signature8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0210230fd364b469091b8a4440145e18
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • FsRtlIsNameInExpression
    • PsGetProcessImageFileName
    • ZwQueryInformationProcess
    • __C_specific_handler
    • strchr
    • RtlAppendUnicodeToString
    • KeInitializeSemaphore
    • KeReleaseSemaphore
    • KeWaitForSingleObject
    • KeAcquireSpinLockRaiseToDpc
    • KeReleaseSpinLock
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • ZwQueryInformationFile
    • ZwWriteFile
    • PsGetCurrentThreadId
    • ZwDeleteFile
    • _vsnprintf
    • PsThreadType
    • PsSetCreateProcessNotifyRoutine
    • PsGetProcessSessionId
    • RtlAppendUnicodeStringToString
    • ZwDeleteValueKey
    • ZwSetValueKey
    • towupper
    • RtlIntegerToUnicodeString
    • KeInitializeEvent
    • KeSetEvent
    • KeAcquireSpinLockAtDpcLevel
    • KeReleaseSpinLockFromDpcLevel
    • MmProbeAndLockPages
    • IoAllocateIrp
    • IoAllocateMdl
    • IofCallDriver
    • IoFreeIrp
    • IoFreeMdl
    • IoGetDeviceObjectPointer
    • IoGetRelatedDeviceObject
    • ObCloseHandle
    • ObfReferenceObject
    • ZwSetInformationFile
    • ZwReadFile
    • ZwOpenSymbolicLinkObject
    • ZwQuerySymbolicLinkObject
    • IoCreateFileSpecifyDeviceObjectHint
    • IoGetDeviceAttachmentBaseRef
    • FsRtlGetFileSize
    • ObQueryNameString
    • IoFileObjectType
    • KeReadStateEvent
    • ExQueueWorkItem
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • NtOpenProcess
    • ZwCreateEvent
    • ZwWaitForSingleObject
    • ZwSetEvent
    • NtQuerySystemInformation
    • ExEventObjectType
    • NtBuildNumber
    • ZwDeleteKey
    • ObReferenceObjectByName
    • IoDriverObjectType
    • MmIsDriverVerifying
    • IofCompleteRequest
    • IoCreateDevice
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • RtlSetDaclSecurityDescriptor
    • MmMapLockedPagesSpecifyCache
    • PsGetProcessId
    • IoThreadToProcess
    • PsGetCurrentProcessSessionId
    • ZwTerminateProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • ZwOpenThread
    • PsProcessType
    • ExInterlockedInsertHeadList
    • ExInterlockedRemoveHeadList
    • CmRegisterCallback
    • CmUnRegisterCallback
    • RtlCreateRegistryKey
    • ZwOpenKey
    • ZwEnumerateKey
    • ZwQueryKey
    • ZwQueryValueKey
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • ProbeForWrite
    • PsSetLoadImageNotifyRoutine
    • PsRemoveLoadImageNotifyRoutine
    • PsGetProcessSectionBaseAddress
    • MmSystemRangeStart
    • KeBugCheckEx
    • PsLookupProcessByProcessId
    • ZwOpenProcess
    • PsGetCurrentProcessId
    • RtlUpcaseUnicodeString
    • RtlUpperString
    • ZwClose
    • ZwCreateFile
    • ObfDereferenceObject
    • ObReferenceObjectByHandle
    • ProbeForRead
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • KeDelayExecutionThread
    • RtlGetVersion
    • RtlCopyUnicodeString
    • RtlInitUnicodeString
    • wcsstr
    • strstr
    • ZwQuerySystemInformation
    • DbgPrint
    • FltSendMessage
    • FltCloseCommunicationPort
    • FltCreateCommunicationPort
    • FltReleaseContext
    • FltGetStreamHandleContext
    • FltSetStreamHandleContext
    • FltAllocateContext
    • FltCancelFileOpen
    • FltQueryInformationFile
    • FltReadFile
    • FltParseFileNameInformation
    • FltReleaseFileNameInformation
    • FltGetFileNameInformation
    • FltFreePoolAlignedWithTag
    • FltAllocatePoolAlignedWithTag
    • FltStartFiltering
    • FltUnregisterFilter
    • FltRegisterFilter
    • FltBuildDefaultSecurityDescriptor

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .hook
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
          "Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
          "TBS": {
            "MD5": "d0785ad36e427c92b19f6826ab1e8020",
            "SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
            "SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
            "SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
          },
          "ValidFrom": "2012-12-21 00:00:00",
          "ValidTo": "2020-12-30 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
          "Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
          "TBS": {
            "MD5": "e9d38360b914c8863f6cba3ee58764d3",
            "SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
            "SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
            "SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
          },
          "ValidFrom": "2012-10-18 00:00:00",
          "ValidTo": "2020-12-29 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
          "TBS": {
            "MD5": "17e68f0650db3d4d698ef88ef963b47e",
            "SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
            "SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
            "SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
          },
          "ValidFrom": "2014-12-16 00:00:00",
          "ValidTo": "2017-12-20 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
          "Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "TBS": {
            "MD5": "829995f702421dea833a24fb2c7f4442",
            "SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
            "SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
            "SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamezam64.sys
    Creation Timestamp2015-10-22 05:36:54
    MD55054083cf29649a76c94658ba7ff5bce
    SHA1dd4cd182192b43d4105786ba87f55a036ec45ef2
    SHA256e428ddf9afc9b2d11e2271f0a67a2d6638b860c2c12d4b8cc63d33f3349ee93f
    Authentihash MD58d4a371e8da97e8dfd254e7b860bf147
    Authentihash SHA1d2a888f664ffa91e876dbd797ca1fc95c511c5bc
    Authentihash SHA25627f5c5eb9a5fc9e02d3ac3cd83fc26b07f3d0143b03db69d6dcf7554d0c50fb6
    RichPEHeaderHash MD5665ad4c00f9eec6edc1f766ccac676f0
    RichPEHeaderHash SHA108d0338ae7414b104b0fa26a31d46b90e001bd19
    RichPEHeaderHash SHA25602f7c54750b6c80addc5b62d3517dfc10363a27e0277cc87d5c12136d341d484
    CompanyZemana Ltd.
    DescriptionZAM
    ProductZAM

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 0210230fd364b469091b8a4440145e18
    FieldValue
    ToBeSigned (TBS) MD517e68f0650db3d4d698ef88ef963b47e
    ToBeSigned (TBS) SHA100162854ea07ea0a83aa941767277a5c3ab03c9d
    ToBeSigned (TBS) SHA2567caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
    SubjectC=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
    ValidFrom2014-12-16 00:00:00
    ValidTo2017-12-20 12:00:00
    Signature8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0210230fd364b469091b8a4440145e18
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • RtlUpperString
    • RtlUpcaseUnicodeString
    • PsGetCurrentProcessId
    • ZwOpenProcess
    • PsLookupProcessByProcessId
    • ObQueryNameString
    • FsRtlIsNameInExpression
    • ZwQueryInformationProcess
    • __C_specific_handler
    • DbgPrint
    • KeAcquireSpinLockRaiseToDpc
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • PsGetProcessImageFileName
    • PsGetProcessSessionId
    • RtlAppendUnicodeStringToString
    • ZwDeleteValueKey
    • ZwSetValueKey
    • towupper
    • RtlIntegerToUnicodeString
    • RtlAppendUnicodeToString
    • KeInitializeEvent
    • KeSetEvent
    • KeWaitForSingleObject
    • KeAcquireSpinLockAtDpcLevel
    • KeReleaseSpinLockFromDpcLevel
    • MmProbeAndLockPages
    • IoAllocateIrp
    • IoAllocateMdl
    • IofCallDriver
    • IoFreeIrp
    • IoFreeMdl
    • IoGetDeviceObjectPointer
    • IoGetRelatedDeviceObject
    • ObCloseHandle
    • ObfReferenceObject
    • ZwQueryInformationFile
    • ZwSetInformationFile
    • ZwReadFile
    • ZwWriteFile
    • ZwOpenSymbolicLinkObject
    • ZwQuerySymbolicLinkObject
    • IoCreateFileSpecifyDeviceObjectHint
    • IoGetDeviceAttachmentBaseRef
    • FsRtlGetFileSize
    • ZwDeleteFile
    • ZwClose
    • IoFileObjectType
    • KeReadStateEvent
    • ExQueueWorkItem
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • NtOpenProcess
    • ZwCreateEvent
    • ZwWaitForSingleObject
    • ZwSetEvent
    • NtQuerySystemInformation
    • ExEventObjectType
    • NtBuildNumber
    • ZwDeleteKey
    • ObReferenceObjectByName
    • IoDriverObjectType
    • MmIsDriverVerifying
    • IofCompleteRequest
    • IoCreateDevice
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • RtlSetDaclSecurityDescriptor
    • PsGetProcessId
    • PsGetCurrentProcessSessionId
    • ZwTerminateProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • ZwOpenThread
    • PsProcessType
    • ExInterlockedInsertHeadList
    • ExInterlockedRemoveHeadList
    • CmRegisterCallback
    • CmUnRegisterCallback
    • RtlCreateRegistryKey
    • ZwOpenKey
    • ZwEnumerateKey
    • ZwQueryKey
    • ZwQueryValueKey
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • ProbeForWrite
    • PsSetLoadImageNotifyRoutine
    • PsRemoveLoadImageNotifyRoutine
    • MmSystemRangeStart
    • KeBugCheckEx
    • ZwCreateFile
    • ObfDereferenceObject
    • ObReferenceObjectByHandle
    • ProbeForRead
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • KeDelayExecutionThread
    • RtlGetVersion
    • RtlCopyUnicodeString
    • RtlInitUnicodeString
    • wcsstr
    • ZwQuerySystemInformation
    • strstr
    • FltSendMessage
    • FltCloseCommunicationPort
    • FltCreateCommunicationPort
    • FltStartFiltering
    • FltUnregisterFilter
    • FltRegisterFilter
    • FltBuildDefaultSecurityDescriptor

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .hook
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
          "Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
          "TBS": {
            "MD5": "d0785ad36e427c92b19f6826ab1e8020",
            "SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
            "SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
            "SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
          },
          "ValidFrom": "2012-12-21 00:00:00",
          "ValidTo": "2020-12-30 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
          "Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
          "TBS": {
            "MD5": "e9d38360b914c8863f6cba3ee58764d3",
            "SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
            "SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
            "SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
          },
          "ValidFrom": "2012-10-18 00:00:00",
          "ValidTo": "2020-12-29 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
          "TBS": {
            "MD5": "17e68f0650db3d4d698ef88ef963b47e",
            "SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
            "SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
            "SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
          },
          "ValidFrom": "2014-12-16 00:00:00",
          "ValidTo": "2017-12-20 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
          "Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "TBS": {
            "MD5": "829995f702421dea833a24fb2c7f4442",
            "SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
            "SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
            "SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamezam64.sys
    Creation Timestamp2016-08-17 11:06:53
    MD521e13f2cb269defeae5e1d09887d47bb
    SHA116d7ecf09fc98798a6170e4cef2745e0bee3f5c7
    SHA256543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91
    Authentihash MD53f2771b22553380efcee72a27dc4d96c
    Authentihash SHA10d15b7de0f1129b540f48d7a3cba2c6bf5d44112
    Authentihash SHA256ceb1bf90d8652dac481fba362e5c3a6548a116897e729733f2be27f4edc5fc1f
    RichPEHeaderHash MD5c0210f91c028886456549a7aa78f8147
    RichPEHeaderHash SHA1ea5478898d988d1bfa1287940ad74e5445f80a8d
    RichPEHeaderHash SHA256820b53e3b20277040944a1286a3f401ca8fb24b4f93535dc570e2261632e2f26
    CompanyZemana Ltd.
    DescriptionZAM
    ProductZAM

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 0210230fd364b469091b8a4440145e18
    FieldValue
    ToBeSigned (TBS) MD517e68f0650db3d4d698ef88ef963b47e
    ToBeSigned (TBS) SHA100162854ea07ea0a83aa941767277a5c3ab03c9d
    ToBeSigned (TBS) SHA2567caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d
    SubjectC=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.
    ValidFrom2014-12-16 00:00:00
    ValidTo2017-12-20 12:00:00
    Signature8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0210230fd364b469091b8a4440145e18
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • FsRtlIsNameInExpression
    • PsGetProcessImageFileName
    • ZwQueryInformationProcess
    • __C_specific_handler
    • strchr
    • RtlAppendUnicodeToString
    • KeInitializeSemaphore
    • KeReleaseSemaphore
    • KeWaitForSingleObject
    • KeAcquireSpinLockRaiseToDpc
    • KeReleaseSpinLock
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • ZwQueryInformationFile
    • ZwWriteFile
    • PsGetCurrentThreadId
    • ZwDeleteFile
    • _vsnprintf
    • PsThreadType
    • PsSetCreateProcessNotifyRoutine
    • PsGetProcessSessionId
    • RtlAppendUnicodeStringToString
    • ZwDeleteValueKey
    • ZwSetValueKey
    • towupper
    • RtlIntegerToUnicodeString
    • KeInitializeEvent
    • KeSetEvent
    • KeAcquireSpinLockAtDpcLevel
    • KeReleaseSpinLockFromDpcLevel
    • MmProbeAndLockPages
    • IoAllocateIrp
    • IoAllocateMdl
    • IofCallDriver
    • IoFreeIrp
    • IoFreeMdl
    • IoGetDeviceObjectPointer
    • IoGetRelatedDeviceObject
    • ObCloseHandle
    • ObfReferenceObject
    • ZwSetInformationFile
    • ZwReadFile
    • ZwOpenSymbolicLinkObject
    • ZwQuerySymbolicLinkObject
    • IoCreateFileSpecifyDeviceObjectHint
    • IoGetDeviceAttachmentBaseRef
    • FsRtlGetFileSize
    • ObQueryNameString
    • IoFileObjectType
    • KeReadStateEvent
    • ExQueueWorkItem
    • ExGetPreviousMode
    • MmGetSystemRoutineAddress
    • NtOpenProcess
    • ZwCreateEvent
    • ZwWaitForSingleObject
    • ZwSetEvent
    • NtQuerySystemInformation
    • ExEventObjectType
    • NtBuildNumber
    • ZwDeleteKey
    • ObReferenceObjectByName
    • IoDriverObjectType
    • MmIsDriverVerifying
    • IofCompleteRequest
    • IoCreateDevice
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • RtlSetDaclSecurityDescriptor
    • MmMapLockedPagesSpecifyCache
    • PsGetProcessId
    • IoThreadToProcess
    • PsGetCurrentProcessSessionId
    • ZwTerminateProcess
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • ZwOpenThread
    • PsProcessType
    • ExInterlockedInsertHeadList
    • ExInterlockedRemoveHeadList
    • CmRegisterCallback
    • CmUnRegisterCallback
    • RtlCreateRegistryKey
    • ZwOpenKey
    • ZwEnumerateKey
    • ZwQueryKey
    • ZwQueryValueKey
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • ProbeForWrite
    • PsSetLoadImageNotifyRoutine
    • PsRemoveLoadImageNotifyRoutine
    • PsGetProcessSectionBaseAddress
    • MmSystemRangeStart
    • KeBugCheckEx
    • PsLookupProcessByProcessId
    • ZwOpenProcess
    • PsGetCurrentProcessId
    • RtlUpcaseUnicodeString
    • RtlUpperString
    • ZwClose
    • ZwCreateFile
    • ObfDereferenceObject
    • ObReferenceObjectByHandle
    • ProbeForRead
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • KeDelayExecutionThread
    • RtlGetVersion
    • DbgPrint
    • RtlCopyUnicodeString
    • RtlInitUnicodeString
    • wcsstr
    • ZwQuerySystemInformation
    • strstr
    • FltSendMessage
    • FltCloseCommunicationPort
    • FltCreateCommunicationPort
    • FltReleaseContext
    • FltGetStreamHandleContext
    • FltSetStreamHandleContext
    • FltAllocateContext
    • FltCancelFileOpen
    • FltQueryInformationFile
    • FltReadFile
    • FltParseFileNameInformation
    • FltReleaseFileNameInformation
    • FltGetFileNameInformation
    • FltFreePoolAlignedWithTag
    • FltAllocatePoolAlignedWithTag
    • FltStartFiltering
    • FltUnregisterFilter
    • FltRegisterFilter
    • FltBuildDefaultSecurityDescriptor

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .hook
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
          "Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
          "TBS": {
            "MD5": "d0785ad36e427c92b19f6826ab1e8020",
            "SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
            "SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
            "SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
          },
          "ValidFrom": "2012-12-21 00:00:00",
          "ValidTo": "2020-12-30 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
          "Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
          "TBS": {
            "MD5": "e9d38360b914c8863f6cba3ee58764d3",
            "SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
            "SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
            "SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
          },
          "ValidFrom": "2012-10-18 00:00:00",
          "ValidTo": "2020-12-29 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
          "TBS": {
            "MD5": "17e68f0650db3d4d698ef88ef963b47e",
            "SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
            "SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
            "SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
          },
          "ValidFrom": "2014-12-16 00:00:00",
          "ValidTo": "2017-12-20 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
          "Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "TBS": {
            "MD5": "829995f702421dea833a24fb2c7f4442",
            "SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
            "SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
            "SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
          "SerialNumber": "0210230fd364b469091b8a4440145e18",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    source

    last_updated: 2024-09-26