fa612342-5ae0-4e69-ad9c-14d574d9fb1e

dellbios.sys :inline

Description

The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable drivers (237 file hashes) accepting firmware access. Six allow kernel memory access. All give full control of the devices to non-admin users. By exploiting the vulnerable drivers, an attacker without the system privilege may erase/alter firmware, and/or elevate privileges. As of the time of writing in October 2023, the filenames of the vulnerable drivers have not been made public until now.

  • UUID: fa612342-5ae0-4e69-ad9c-14d574d9fb1e
  • Created: 2023-11-02
  • Author: Takahiro Haruyama
  • Acknowledgement: |

DownloadBlock

This download link contains the vulnerable driver!

Commands

sc.exe create dellbiossys binPath= C:\windows\temp\dellbiossys.sys type=kernel && sc.exe start dellbiossys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html

    • Known Vulnerable Samples

    PropertyValue
    Filename
    Creation Timestamp2005-04-05 09:16:56
    MD5fe937e1ed4c8f1d4eac12b065093ae63
    SHA14f02fb7387ca0bc598c3bcb66c5065d08dbb3f73
    SHA2560584520b4b3bdad1d177329bd9952c0589b2a99eb9676cb324d1fce46dad0b9a
    Authentihash MD5c7c7df2ad7431960cac0875dd12c85cf
    Authentihash SHA17b8c480f527d76880037739b1b25e94efbb2f9ae
    Authentihash SHA25651859571d807d984e4f1cf145d5d74491feabd19327309c2c598c496a1976c70
    RichPEHeaderHash MD51bbdf7cd8766fe6015dfc47be47c216d
    RichPEHeaderHash SHA18ceda53f04fa7380d72b394d0fa5307a8efc8c6b
    RichPEHeaderHash SHA256f8900dbcaf9222d11685156134b12cbd17d420d2c0f7dbb2f4a10865d79b83c4

    Download

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • KeSetPriorityThread
    • MmGetPhysicalAddress
    • MmAllocateContiguousMemorySpecifyCache
    • MmUnmapIoSpace
    • MmMapIoSpace
    • IofCompleteRequest
    • IoDeleteDevice
    • IoCreateSymbolicLink
    • IoCreateDevice
    • RtlInitUnicodeString
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT

    Signature

    Expand
    PropertyValue
    Filename
    Creation Timestamp2006-10-05 13:30:45
    MD50215d0681979987fe908fb19dab83399
    SHA1724dde837df2ff92b3ea7026fe8a0c4e5773898f
    SHA256163912dfa4ad141e689e1625e994ab7c1f335410ebff0ade86bda3b7cdf6e065
    Authentihash MD51c1b634a312794371abfac3d67e1eca6
    Authentihash SHA1a5f8e8044e4add00fef7f43725c8e6e121ba0e6a
    Authentihash SHA256e2b6350e17e9b24b7140eed743b4ae0b01453bbb8cb73b091b51e2306017d80f
    RichPEHeaderHash MD52a677cfe0eaf9861e292c33b6bf4d08f
    RichPEHeaderHash SHA15404274bdd3c5b826d764c20a9126ba421e2729a
    RichPEHeaderHash SHA256272046a9ecd8a55ae2e46744bb9a6fc0b83a22ad456a501a8a62a4445b3d2ffc

    Download

    Certificates

    Expand
    Certificate 47bf1995df8d524643f7db6d480d31a4
    FieldValue
    ToBeSigned (TBS) MD5518d2ea8a21e879c942d504824ac211c
    ToBeSigned (TBS) SHA121ce87d827077e61abddf2beba69fde5432ea031
    ToBeSigned (TBS) SHA2561ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
    ValidFrom2003-12-04 00:00:00
    ValidTo2013-12-03 23:59:59
    Signature4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47bf1995df8d524643f7db6d480d31a4
    Version3
    Certificate 0de92bf0d4d82988183205095e9a7688
    FieldValue
    ToBeSigned (TBS) MD545c204b8a20f6abb0188d2d38a3fb0c9
    ToBeSigned (TBS) SHA1cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
    ToBeSigned (TBS) SHA256e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
    ValidFrom2003-12-04 00:00:00
    ValidTo2008-12-03 23:59:59
    Signature877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0de92bf0d4d82988183205095e9a7688
    Version3
    Certificate 57646e2b550023d490534a553eab0d0a
    FieldValue
    ToBeSigned (TBS) MD5e0554e925960f8ebfe053732b72cf185
    ToBeSigned (TBS) SHA1f305b91e55019f4353be8ef3f83c1cee7a986b4d
    ToBeSigned (TBS) SHA256ea81c5bd80a1c1fc0e3b82cfb15837f221ea835f6b9d6c54c767f754355e3880
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
    ValidFrom2004-07-16 00:00:00
    ValidTo2009-07-15 23:59:59
    Signature9a65f5d8d7e1a4d05dded87d7bc3eec408c256d08cdcedac228de750060d072ca0a46995cc99dfcc6331cfb0c1e496cb38ce21fb7ce7580a2321072c9097abd89604935453ba3a1048720d85ec1b0a4125cc7d6cac7b03f1f7783cf2a840d05572dbbe0b28b5c8c705fed3e0b521dcbc40b7bebc60f5b8e3d85e3b65dd66565f
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber57646e2b550023d490534a553eab0d0a
    Version3
    Certificate 4957a5495776e13165eb89eeda14831a
    FieldValue
    ToBeSigned (TBS) MD50477ed8e1755ed9b4ed2c38236da79df
    ToBeSigned (TBS) SHA1741cf63102fbccf6873168697c21019c23f78d01
    ToBeSigned (TBS) SHA2569fad3c4e14b1d1e5f8b15d75ef42a18dc6cd20d5f746b99cc72cff82eb274510
    SubjectC=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Dell Inc.
    ValidFrom2005-12-06 00:00:00
    ValidTo2007-01-10 23:59:59
    Signature3cb891a21ee1115b0b7c51fc20a95edde7d6937b63428592fe1e4ce1c924995a5abcc250c18b986b9c34dd59094a5fb6e85ca434d4c7926724dc31acf425e36b4c147324b0c1c8b7ec07ae6f06aa3ea08896a14cca3daecadf310151d6a5b5e991dfca8d17312f6daa6ac64bc340f472a285538f8b7169125fd240ed0eb32706923be279b2379dac174a6d51d0c760531cc5913d61216d41a3198a58b4342791471f50f3e667a0e95e46e1c1eec5531ebda1f605a564ee14e104dec15daf37201a349d5cd55d92e58667772d00eea7c85b54692be14699a6822676b1619ec2ad8fd16573beed295588f522c024e54e2a1c83eb8f194f684c0e2a563b76dfdcad
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber4957a5495776e13165eb89eeda14831a
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • KeSetPriorityThread
    • MmGetPhysicalAddress
    • MmAllocateContiguousMemorySpecifyCache
    • KeInsertQueueDpc
    • MmFreeContiguousMemory
    • MmUnmapIoSpace
    • MmMapIoSpace
    • IofCompleteRequest
    • KeSetImportanceDpc
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • IoDeleteDevice
    • IoCreateSymbolicLink
    • IoCreateDevice
    • RtlInitUnicodeString
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT

    Signature

    Expand
    PropertyValue
    Filename
    Creation Timestamp2005-04-26 12:28:26
    MD516a8e8437b94d6207af2f25fd4801b6d
    SHA19e8a87401dc7cc56b3a628b554ba395b1868520f
    SHA2562288c418ddadd5a1db4e58c118d8455b01fd33728664408ce23b9346ae0ca057
    Authentihash MD5bebca66f8c5c2f34e2dc07b90c3b27fe
    Authentihash SHA170c3aa0e20ceb094f72b53ef4228c62d884a7232
    Authentihash SHA256f9db97bd12d2d734ccd86045bae1fd5fbeed106ba5cfa519e6fcd9093c1c04a6
    RichPEHeaderHash MD52a677cfe0eaf9861e292c33b6bf4d08f
    RichPEHeaderHash SHA15404274bdd3c5b826d764c20a9126ba421e2729a
    RichPEHeaderHash SHA256272046a9ecd8a55ae2e46744bb9a6fc0b83a22ad456a501a8a62a4445b3d2ffc

    Download

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • KeSetPriorityThread
    • MmGetPhysicalAddress
    • MmAllocateContiguousMemorySpecifyCache
    • KeInsertQueueDpc
    • MmFreeContiguousMemory
    • MmUnmapIoSpace
    • MmMapIoSpace
    • IofCompleteRequest
    • KeSetImportanceDpc
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • IoDeleteDevice
    • IoCreateSymbolicLink
    • IoCreateDevice
    • RtlInitUnicodeString
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT

    Signature

    Expand
    PropertyValue
    Filename
    Creation Timestamp2008-05-12 13:35:43
    MD5c04a5cdcb446dc708d9302be4e91e46d
    SHA17c46ecc5ce8e5f6e236a3b169fb46bb357ac3546
    SHA2563678ba63d62efd3b706d1b661d631ded801485c08b5eb9a3ef38380c6cff319a
    Authentihash MD5e03a33bd4f099f5d493030b040eeabfd
    Authentihash SHA1280fcedfe4013a14bf122a917ae2fa469142714c
    Authentihash SHA256ee067313bd75acae24e1661cb6807ed6148f9af34542ed77578144b21f5c8da1
    RichPEHeaderHash MD50df29e332220beca9a43c8a546411803
    RichPEHeaderHash SHA1fbc770f7abc1c150d19058bc52b402f0530f28bf
    RichPEHeaderHash SHA256890246379c5e6ebdb38b657798a7615b23836e48297e4a1d72324cd9388c6ab5

    Download

    Certificates

    Expand
    Certificate 3825d7faf861af9ef490e726b5d65ad5
    FieldValue
    ToBeSigned (TBS) MD5d6c7684e9aaa508cf268335f83afe040
    ToBeSigned (TBS) SHA118066d20ad92409c567cdfde745279ff71c75226
    ToBeSigned (TBS) SHA256a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2
    ValidFrom2007-06-15 00:00:00
    ValidTo2012-06-14 23:59:59
    Signature50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber3825d7faf861af9ef490e726b5d65ad5
    Version3
    Certificate 47bf1995df8d524643f7db6d480d31a4
    FieldValue
    ToBeSigned (TBS) MD5518d2ea8a21e879c942d504824ac211c
    ToBeSigned (TBS) SHA121ce87d827077e61abddf2beba69fde5432ea031
    ToBeSigned (TBS) SHA2561ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
    ValidFrom2003-12-04 00:00:00
    ValidTo2013-12-03 23:59:59
    Signature4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47bf1995df8d524643f7db6d480d31a4
    Version3
    Certificate 4191a15a3978dfcf496566381d4c75c2
    FieldValue
    ToBeSigned (TBS) MD541011f8d0e7c7a6408334ca387914c61
    ToBeSigned (TBS) SHA1c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
    ToBeSigned (TBS) SHA25688dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
    ValidFrom2004-07-16 00:00:00
    ValidTo2014-07-15 23:59:59
    Signatureae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber4191a15a3978dfcf496566381d4c75c2
    Version3
    Certificate 18a686a1229059017a672136ac2e7265
    FieldValue
    ToBeSigned (TBS) MD53f3990fd4fcf9d9ca9e6a3d53abb0083
    ToBeSigned (TBS) SHA1e642b59ed916131746a973ddecfc5549cc81ecb3
    ToBeSigned (TBS) SHA256cdfd38299aeafaa4853c8c21e8c33e2f6816a01d2b7daa4b8a7a0a59092d268e
    SubjectC=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Dell Inc.
    ValidFrom2006-12-15 00:00:00
    ValidTo2010-01-10 23:59:59
    Signature964a90189bd6c008960e4aae75cdf7c5f763b0e04e8921995bb7bb7898297c7d4c84082cc6c324d5a0cc60c77f72cc04c7782416f13b04254e961796dab40b7b5726a18f4f1a1d6a02f18794758bbbc4f8664cef6cc505a5367a8ea999b3c296006dc8336d03d71bfbb5f828d14646a39714657909190d5927bbfa55aec76aad25fe4ec1c5d73b37caec576dbe1a40d13e91509e316dc512d6b07b01c08b7f59f8dbd0d65fcac246b545a91527a2e89c0d3a6603ef49ae2d5373f640ba930fcac4848ae1d1820d3b80866f4335eb9072ece3ab41e80d9d9b1338d8c0e026a11d90e96396b92bf4e4fdf5a161a526f7896a0b77357976010916e455d6bb888d67
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber18a686a1229059017a672136ac2e7265
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • KeSetImportanceDpc
    • KeSetTargetProcessorDpc
    • KeSetPriorityThread
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeInitializeDpc
    • MmFreeContiguousMemory
    • MmUnmapIoSpace
    • MmGetPhysicalAddress
    • MmMapIoSpace
    • KeInsertQueueDpc
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • MmAllocateContiguousMemorySpecifyCache
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT

    Signature

    Expand
    PropertyValue
    Filename
    Creation Timestamp2006-12-22 08:54:43
    MD52d64d681d79e0d26650928259530c075
    SHA1fc154983af4a5be15ae1e4b54e2050530b8bc057
    SHA2565449e4dd1b75a7d52922c30baeca0ca8e32fe2210d1e72af2a2f314a5c2268fb
    Authentihash MD58f2101c5eeaa09c79656ec7e6edc4d5b
    Authentihash SHA10da8d2776086079a96bef45383c53c9091e0432e
    Authentihash SHA256be589c5c853c86703e23e3b77455bd0d4330bd5e612d0af538f98cc3c4cec1b4
    RichPEHeaderHash MD55d5242fdee7917d60c0902d4dcdf1fb0
    RichPEHeaderHash SHA11dbde4fae3f6a3b254d9bc7aa0167917c9aea38e
    RichPEHeaderHash SHA25678b46fed6412f8c058305a69f359f5711e0309b9b3406a3ac60d4e6c6a74836e

    Download

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • KeSetPriorityThread
    • KeGetCurrentThread
    • KeInsertQueueDpc
    • WRITE_REGISTER_BUFFER_UCHAR
    • MmGetPhysicalAddress
    • MmAllocateContiguousMemorySpecifyCache
    • READ_REGISTER_BUFFER_UCHAR
    • MmFreeContiguousMemory
    • MmUnmapIoSpace
    • MmMapIoSpace
    • IofCompleteRequest
    • KeSetImportanceDpc
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • IoDeleteDevice
    • IoCreateSymbolicLink
    • IoCreateDevice
    • RtlInitUnicodeString
    • KeTickCount
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .reloc

    Signature

    Expand
    PropertyValue
    Filename
    Creation Timestamp2007-03-21 14:11:53
    MD58a70921638ff82bb924456deadcd20e6
    SHA1a88546fb61a2fa7dab978a9cb678469e8f0ed475
    SHA2565bf3985644308662ebfa2fbcc11fb4d3e2a0c817ad3da1a791020f8c8589ebc8
    Authentihash MD5fbb107d4b7088fa529edcf9a27b4499b
    Authentihash SHA1808b0de6f644d48c4ed0c9b607a17362ec3df083
    Authentihash SHA256b8e047a7c96a94eb7cf0416253eca48fa7ba66914b684ee75e81651c83c7ac30
    RichPEHeaderHash MD52a677cfe0eaf9861e292c33b6bf4d08f
    RichPEHeaderHash SHA15404274bdd3c5b826d764c20a9126ba421e2729a
    RichPEHeaderHash SHA256272046a9ecd8a55ae2e46744bb9a6fc0b83a22ad456a501a8a62a4445b3d2ffc

    Download

    Certificates

    Expand
    Certificate 47bf1995df8d524643f7db6d480d31a4
    FieldValue
    ToBeSigned (TBS) MD5518d2ea8a21e879c942d504824ac211c
    ToBeSigned (TBS) SHA121ce87d827077e61abddf2beba69fde5432ea031
    ToBeSigned (TBS) SHA2561ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
    ValidFrom2003-12-04 00:00:00
    ValidTo2013-12-03 23:59:59
    Signature4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47bf1995df8d524643f7db6d480d31a4
    Version3
    Certificate 0de92bf0d4d82988183205095e9a7688
    FieldValue
    ToBeSigned (TBS) MD545c204b8a20f6abb0188d2d38a3fb0c9
    ToBeSigned (TBS) SHA1cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
    ToBeSigned (TBS) SHA256e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
    ValidFrom2003-12-04 00:00:00
    ValidTo2008-12-03 23:59:59
    Signature877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0de92bf0d4d82988183205095e9a7688
    Version3
    Certificate 4191a15a3978dfcf496566381d4c75c2
    FieldValue
    ToBeSigned (TBS) MD541011f8d0e7c7a6408334ca387914c61
    ToBeSigned (TBS) SHA1c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
    ToBeSigned (TBS) SHA25688dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
    ValidFrom2004-07-16 00:00:00
    ValidTo2014-07-15 23:59:59
    Signatureae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber4191a15a3978dfcf496566381d4c75c2
    Version3
    Certificate 18a686a1229059017a672136ac2e7265
    FieldValue
    ToBeSigned (TBS) MD53f3990fd4fcf9d9ca9e6a3d53abb0083
    ToBeSigned (TBS) SHA1e642b59ed916131746a973ddecfc5549cc81ecb3
    ToBeSigned (TBS) SHA256cdfd38299aeafaa4853c8c21e8c33e2f6816a01d2b7daa4b8a7a0a59092d268e
    SubjectC=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Dell Inc.
    ValidFrom2006-12-15 00:00:00
    ValidTo2010-01-10 23:59:59
    Signature964a90189bd6c008960e4aae75cdf7c5f763b0e04e8921995bb7bb7898297c7d4c84082cc6c324d5a0cc60c77f72cc04c7782416f13b04254e961796dab40b7b5726a18f4f1a1d6a02f18794758bbbc4f8664cef6cc505a5367a8ea999b3c296006dc8336d03d71bfbb5f828d14646a39714657909190d5927bbfa55aec76aad25fe4ec1c5d73b37caec576dbe1a40d13e91509e316dc512d6b07b01c08b7f59f8dbd0d65fcac246b545a91527a2e89c0d3a6603ef49ae2d5373f640ba930fcac4848ae1d1820d3b80866f4335eb9072ece3ab41e80d9d9b1338d8c0e026a11d90e96396b92bf4e4fdf5a161a526f7896a0b77357976010916e455d6bb888d67
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber18a686a1229059017a672136ac2e7265
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • KeSetPriorityThread
    • MmGetPhysicalAddress
    • MmAllocateContiguousMemorySpecifyCache
    • KeInsertQueueDpc
    • MmFreeContiguousMemory
    • MmUnmapIoSpace
    • MmMapIoSpace
    • IofCompleteRequest
    • KeSetImportanceDpc
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • IoDeleteDevice
    • IoCreateSymbolicLink
    • IoCreateDevice
    • RtlInitUnicodeString
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT

    Signature

    Expand
    PropertyValue
    Filename
    Creation Timestamp2005-08-02 14:38:51
    MD5c37b575c3a96b9788c26cefcf43f3542
    SHA1f7413250e7e8ad83c350092d78f0f75fcca9f474
    SHA2566575ea9b319beb3845d43ce2c70ea55f0414da2055fa82eec324c4cebdefe893
    Authentihash MD5a1c36e75bb10e6010531223ab5141ae7
    Authentihash SHA1ac1d5f3691326940bb3cb471097296ff7d21dc9b
    Authentihash SHA256419b5bca6d43650893d5e044e785c0ad87cbe1185de0d3feaa9f681c6e7f50b4
    RichPEHeaderHash MD586b20d196871ff3f737af9f0c91d3228
    RichPEHeaderHash SHA19e15e0df43370ffcc4aceed701abba1258c4e611
    RichPEHeaderHash SHA256137a0549327550f5b20068fa9d4cbea9c8ec8bec6b80008c9a3e60a00e6b0b3d

    Download

    Certificates

    Expand
    Certificate 47bf1995df8d524643f7db6d480d31a4
    FieldValue
    ToBeSigned (TBS) MD5518d2ea8a21e879c942d504824ac211c
    ToBeSigned (TBS) SHA121ce87d827077e61abddf2beba69fde5432ea031
    ToBeSigned (TBS) SHA2561ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
    ValidFrom2003-12-04 00:00:00
    ValidTo2013-12-03 23:59:59
    Signature4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47bf1995df8d524643f7db6d480d31a4
    Version3
    Certificate 0de92bf0d4d82988183205095e9a7688
    FieldValue
    ToBeSigned (TBS) MD545c204b8a20f6abb0188d2d38a3fb0c9
    ToBeSigned (TBS) SHA1cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
    ToBeSigned (TBS) SHA256e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
    ValidFrom2003-12-04 00:00:00
    ValidTo2008-12-03 23:59:59
    Signature877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0de92bf0d4d82988183205095e9a7688
    Version3
    Certificate 57646e2b550023d490534a553eab0d0a
    FieldValue
    ToBeSigned (TBS) MD5e0554e925960f8ebfe053732b72cf185
    ToBeSigned (TBS) SHA1f305b91e55019f4353be8ef3f83c1cee7a986b4d
    ToBeSigned (TBS) SHA256ea81c5bd80a1c1fc0e3b82cfb15837f221ea835f6b9d6c54c767f754355e3880
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
    ValidFrom2004-07-16 00:00:00
    ValidTo2009-07-15 23:59:59
    Signature9a65f5d8d7e1a4d05dded87d7bc3eec408c256d08cdcedac228de750060d072ca0a46995cc99dfcc6331cfb0c1e496cb38ce21fb7ce7580a2321072c9097abd89604935453ba3a1048720d85ec1b0a4125cc7d6cac7b03f1f7783cf2a840d05572dbbe0b28b5c8c705fed3e0b521dcbc40b7bebc60f5b8e3d85e3b65dd66565f
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber57646e2b550023d490534a553eab0d0a
    Version3
    Certificate 4957a5495776e13165eb89eeda14831a
    FieldValue
    ToBeSigned (TBS) MD50477ed8e1755ed9b4ed2c38236da79df
    ToBeSigned (TBS) SHA1741cf63102fbccf6873168697c21019c23f78d01
    ToBeSigned (TBS) SHA2569fad3c4e14b1d1e5f8b15d75ef42a18dc6cd20d5f746b99cc72cff82eb274510
    SubjectC=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Dell Inc.
    ValidFrom2005-12-06 00:00:00
    ValidTo2007-01-10 23:59:59
    Signature3cb891a21ee1115b0b7c51fc20a95edde7d6937b63428592fe1e4ce1c924995a5abcc250c18b986b9c34dd59094a5fb6e85ca434d4c7926724dc31acf425e36b4c147324b0c1c8b7ec07ae6f06aa3ea08896a14cca3daecadf310151d6a5b5e991dfca8d17312f6daa6ac64bc340f472a285538f8b7169125fd240ed0eb32706923be279b2379dac174a6d51d0c760531cc5913d61216d41a3198a58b4342791471f50f3e667a0e95e46e1c1eec5531ebda1f605a564ee14e104dec15daf37201a349d5cd55d92e58667772d00eea7c85b54692be14699a6822676b1619ec2ad8fd16573beed295588f522c024e54e2a1c83eb8f194f684c0e2a563b76dfdcad
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber4957a5495776e13165eb89eeda14831a
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • KeSetPriorityThread
    • KeGetCurrentThread
    • MmGetPhysicalAddress
    • MmAllocateContiguousMemorySpecifyCache
    • KeInsertQueueDpc
    • MmFreeContiguousMemory
    • MmUnmapIoSpace
    • MmMapIoSpace
    • IofCompleteRequest
    • KeSetImportanceDpc
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • IoDeleteDevice
    • IoCreateSymbolicLink
    • IoCreateDevice
    • RtlInitUnicodeString

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT

    Signature

    Expand
    PropertyValue
    Filename
    Creation Timestamp2006-12-22 08:54:37
    MD5f4a31e08f89e5f002ef3cf7b1224af5f
    SHA1c2d18ce26ce2435845f534146d7f353b662ad2b9
    SHA256700b9839fde53e91f0847053b4d2eb8d9bd3aca098844510f1fa3bab6a37eb24
    Authentihash MD5685227232e3e50d40eedef9afdb000aa
    Authentihash SHA103952b6ddcdfc4a2ab375dce0475cea07113ad36
    Authentihash SHA2567c62a659a4f8fdecfd5a64f4f4391852996db564d123fc5d20e3f3dfb11ed62c
    RichPEHeaderHash MD5b02c2ef12ee24a4e0caf681e8cccb03e
    RichPEHeaderHash SHA1a982890a37bf51a61a4624f3efb2e059f22c28be
    RichPEHeaderHash SHA256e461fb5e07f45e90c6b58963b5562836a30aafbb6f932eef710471aabc83ae14

    Download

    Certificates

    Expand
    Certificate 47bf1995df8d524643f7db6d480d31a4
    FieldValue
    ToBeSigned (TBS) MD5518d2ea8a21e879c942d504824ac211c
    ToBeSigned (TBS) SHA121ce87d827077e61abddf2beba69fde5432ea031
    ToBeSigned (TBS) SHA2561ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
    ValidFrom2003-12-04 00:00:00
    ValidTo2013-12-03 23:59:59
    Signature4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47bf1995df8d524643f7db6d480d31a4
    Version3
    Certificate 0de92bf0d4d82988183205095e9a7688
    FieldValue
    ToBeSigned (TBS) MD545c204b8a20f6abb0188d2d38a3fb0c9
    ToBeSigned (TBS) SHA1cdf3a3c5c2eda4c29621f30fd3154f9f8c765739
    ToBeSigned (TBS) SHA256e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer
    ValidFrom2003-12-04 00:00:00
    ValidTo2008-12-03 23:59:59
    Signature877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0de92bf0d4d82988183205095e9a7688
    Version3
    Certificate 57646e2b550023d490534a553eab0d0a
    FieldValue
    ToBeSigned (TBS) MD5e0554e925960f8ebfe053732b72cf185
    ToBeSigned (TBS) SHA1f305b91e55019f4353be8ef3f83c1cee7a986b4d
    ToBeSigned (TBS) SHA256ea81c5bd80a1c1fc0e3b82cfb15837f221ea835f6b9d6c54c767f754355e3880
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
    ValidFrom2004-07-16 00:00:00
    ValidTo2009-07-15 23:59:59
    Signature9a65f5d8d7e1a4d05dded87d7bc3eec408c256d08cdcedac228de750060d072ca0a46995cc99dfcc6331cfb0c1e496cb38ce21fb7ce7580a2321072c9097abd89604935453ba3a1048720d85ec1b0a4125cc7d6cac7b03f1f7783cf2a840d05572dbbe0b28b5c8c705fed3e0b521dcbc40b7bebc60f5b8e3d85e3b65dd66565f
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber57646e2b550023d490534a553eab0d0a
    Version3
    Certificate 4957a5495776e13165eb89eeda14831a
    FieldValue
    ToBeSigned (TBS) MD50477ed8e1755ed9b4ed2c38236da79df
    ToBeSigned (TBS) SHA1741cf63102fbccf6873168697c21019c23f78d01
    ToBeSigned (TBS) SHA2569fad3c4e14b1d1e5f8b15d75ef42a18dc6cd20d5f746b99cc72cff82eb274510
    SubjectC=US, ST=Texas, L=Round Rock, O=Dell Inc., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Dell Inc.
    ValidFrom2005-12-06 00:00:00
    ValidTo2007-01-10 23:59:59
    Signature3cb891a21ee1115b0b7c51fc20a95edde7d6937b63428592fe1e4ce1c924995a5abcc250c18b986b9c34dd59094a5fb6e85ca434d4c7926724dc31acf425e36b4c147324b0c1c8b7ec07ae6f06aa3ea08896a14cca3daecadf310151d6a5b5e991dfca8d17312f6daa6ac64bc340f472a285538f8b7169125fd240ed0eb32706923be279b2379dac174a6d51d0c760531cc5913d61216d41a3198a58b4342791471f50f3e667a0e95e46e1c1eec5531ebda1f605a564ee14e104dec15daf37201a349d5cd55d92e58667772d00eea7c85b54692be14699a6822676b1619ec2ad8fd16573beed295588f522c024e54e2a1c83eb8f194f684c0e2a563b76dfdcad
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber4957a5495776e13165eb89eeda14831a
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • KeSetPriorityThread
    • MmGetPhysicalAddress
    • MmAllocateContiguousMemorySpecifyCache
    • KeInsertQueueDpc
    • MmFreeContiguousMemory
    • MmUnmapIoSpace
    • MmMapIoSpace
    • IofCompleteRequest
    • KeSetImportanceDpc
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • IoDeleteDevice
    • IoCreateSymbolicLink
    • IoCreateDevice
    • RtlInitUnicodeString
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT

    Signature

    Expand
    PropertyValue
    Filename
    Creation Timestamp2008-05-12 13:32:50
    MD551c233297c3aa16c4222e35ded1139b6
    SHA10ff2ad8941fbb80cbccb6db7db1990c01c2869b1
    SHA256a6c11d3bec2a94c40933ec1d3604cfe87617ba828b14f4cded6cfe85656debc0
    Authentihash MD5afd1f043a2f346f1349131e0db185805
    Authentihash SHA1586987aba0aed6f989588f7e852260aab2679332
    Authentihash SHA25603df432d7ff56ed53fd050b1875f5a05dffbe1c999adf2dd6c8d790b7ffd2c2d
    RichPEHeaderHash MD5632ce656b30c7ea200ce437baddf369a
    RichPEHeaderHash SHA1cd7045c7d331f3707df34afd5dea72a3572c0360
    RichPEHeaderHash SHA2562a7bc3f088c84d3a52f54c2c2d94b21d0a3e9d5c55cf6151f5ac16f3b0fe3949

    Download

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • KeSetPriorityThread
    • KeGetCurrentThread
    • KeInsertQueueDpc
    • WRITE_REGISTER_BUFFER_UCHAR
    • MmGetPhysicalAddress
    • MmAllocateContiguousMemorySpecifyCache
    • READ_REGISTER_BUFFER_UCHAR
    • MmFreeContiguousMemory
    • memset
    • MmUnmapIoSpace
    • MmMapIoSpace
    • IofCompleteRequest
    • KeSetImportanceDpc
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • IoDeleteDevice
    • IoCreateSymbolicLink
    • IoCreateDevice
    • RtlInitUnicodeString
    • KeTickCount
    • KeBugCheckEx

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .reloc

    Signature

    Expand
    PropertyValue
    Filename
    Creation Timestamp2005-08-02 14:38:51
    MD51a5a95d6bedbe29e5acf5eb6a727c634
    SHA1c1777fcb7005b707f8c86b2370f3278a8ccd729f
    SHA256b3a191ccd1df19cdf17fe6637d48266ac84c4310b013ad6973d8cb336b06ff69
    Authentihash MD5a1c36e75bb10e6010531223ab5141ae7
    Authentihash SHA1ac1d5f3691326940bb3cb471097296ff7d21dc9b
    Authentihash SHA256419b5bca6d43650893d5e044e785c0ad87cbe1185de0d3feaa9f681c6e7f50b4
    RichPEHeaderHash MD586b20d196871ff3f737af9f0c91d3228
    RichPEHeaderHash SHA19e15e0df43370ffcc4aceed701abba1258c4e611
    RichPEHeaderHash SHA256137a0549327550f5b20068fa9d4cbea9c8ec8bec6b80008c9a3e60a00e6b0b3d

    Download

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • KeSetPriorityThread
    • KeGetCurrentThread
    • MmGetPhysicalAddress
    • MmAllocateContiguousMemorySpecifyCache
    • KeInsertQueueDpc
    • MmFreeContiguousMemory
    • MmUnmapIoSpace
    • MmMapIoSpace
    • IofCompleteRequest
    • KeSetImportanceDpc
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • IoDeleteDevice
    • IoCreateSymbolicLink
    • IoCreateDevice
    • RtlInitUnicodeString

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT

    Signature

    Expand
    PropertyValue
    Filename
    Creation Timestamp2005-08-02 14:39:08
    MD5637cf50b06bc53deae846b252d56bbdc
    SHA1be270d94744b62b0d36bef905ef6296165ffcee9
    SHA256b84dc9b885193ced6a1b6842a365a4f18d1683951bb11a5c780ab737ffa06684
    Authentihash MD5275dc7c2ad082fb91ce22e5c327fe6d4
    Authentihash SHA153b69917a6aed8b1a309fc2de63f37f5f1062af7
    Authentihash SHA2568fe475d3082a0226ae9fa945542ac3e0cb5214c0f44193dcff12514cadf52101
    RichPEHeaderHash MD5cd0af2102bca4e2aa767a00f8cb91093
    RichPEHeaderHash SHA1888d0caadbd9248a8fd687d141da2fe4a11bf7c3
    RichPEHeaderHash SHA25625902bf5a0ecec83c62506620b9e269e456964e63f4bc1bafdc02e0c988eaf86

    Download

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • KeSetPriorityThread
    • KeGetCurrentThread
    • KeInsertQueueDpc
    • WRITE_REGISTER_BUFFER_UCHAR
    • MmGetPhysicalAddress
    • MmAllocateContiguousMemorySpecifyCache
    • READ_REGISTER_BUFFER_UCHAR
    • MmFreeContiguousMemory
    • MmUnmapIoSpace
    • MmMapIoSpace
    • IofCompleteRequest
    • KeSetImportanceDpc
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • IoDeleteDevice
    • IoCreateSymbolicLink
    • IoCreateDevice
    • RtlInitUnicodeString

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .reloc

    Signature

    Expand

    source

    last_updated: 2024-09-26