00561455-9da1-4f0c-8564-e4c99b716a74

driver_090d409f.sys :inline :inline

Description

Sophos, from time to time, has observed a threat actor deploy variants of Poortry on different machines within a single estate during an attack. These variants contain the same payload, but signed with a different certificate than the driver first seen used during the attack.

  • UUID: 00561455-9da1-4f0c-8564-e4c99b716a74
  • Created: 2024-09-10
  • Author: Michael Haag
  • Acknowledgement: |

DownloadBlock

This download link contains the malicious driver!

Commands

sc.exe create driver_c3d48ddd.sys binPath=C:\windows\temp\driver_c3d48ddd.sys type=kernel && sc.exe start driver_c3d48ddd.sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/

  • Known Vulnerable Samples

    PropertyValue
    Filename
    Creation Timestamp2017-05-16 02:13:17
    MD541046ce853788277da0d7e8c4e0a3123
    SHA1e9bca8f4b8c60688eacc7d18c6ba7777c181bb84
    SHA256090d409f86430e078694e621ad0bd5e458d32aa727f0eb99bda3961577df8d49
    Authentihash MD57ca020674114f5f8aad94c9cc61dccb4
    Authentihash SHA1f27d87a335c87654ebbbde16d41645be85f0424a
    Authentihash SHA25677cb09dc2fc3c56f3b12ad03a85cedbe3a8e0bb876dadfd76a1fb6c57602817b
    RichPEHeaderHash MD5ffdf660eb1ebf020a1d0a55a90712dfb
    RichPEHeaderHash SHA13e905e3d061d0d59de61fcf39c994fcb0ec1bab3
    RichPEHeaderHash SHA2562b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
    CompanyPinchins Technology Co.,Ltd.
    DescriptionRWTKrl
    ProductRansomwareTerminator
    OriginalFilenameRWTKrl.sys

    Download

    Certificates

    Expand
    Certificate 2b6bd65459d70cd8e213b1c4113be213
    FieldValue
    ToBeSigned (TBS) MD51b1b63b6c5bcca2bbe08f6d91d0fb222
    ToBeSigned (TBS) SHA199e402e691ee22e237b59c2c95ef07f396393a6b
    ToBeSigned (TBS) SHA256e3f9ea7f77a3b7349399ae5c40ef533c06c7d6e551949e0c7898d298fb7463cf
    SubjectC=CN, O=WoSign CA Limited, CN=WoSign EV Code Signing CA
    ValidFrom2015-04-18 00:58:58
    ValidTo2025-04-18 00:58:58
    Signature26be3926c8bc7f267da8d15f7febe4bb3101707380adcd8c56c0a79ab07905805ac50219087fcdd2698fe902234c3f29ae30e877bfda43093a8f5b3a65e9522786d1e4c751c82dd87dea75521da7d25c28425918d87e6cbff131407de959c498174254303e1c4dbdaa19d410924155506b166ad4e5f64e37238a3a67c03ab559f73f13c143e3b67e8c309e0b25ba226ee84cad577a9a5d30881ba5e5e0b19c34085725a2226ba9a687eaa22611a09fef925acfe986ea328aba3b52c8c46a7e14dd74e056c177bfc018be92ee49d63c3b02c7672cb2f3ddc669638465342d7eeba89219dfd93bb98015c570bae03840801f8cc8fdebf445024b8e9255e251245a1c617cc749687c9f09b8e8befb2d1e8439c6bed52ff5bf60f313f6a90f30dd3799372cb876b6eafb3bfaab9a1cc9d598e5a72d165f2bb577e01076b75bf62df21fabf718c4d0fdb948ab2dcc176350279428ce4a793660a8832d719c2583f684603a3bece107f868c649e81cfd1c1b15d966dee69ed6d8b05ccbf741a7c4fb34ebd87d91a55a06cec7cf11dec3a03ecb9059d3f025bf29203d5a928876aa089c02cfca37062650fb6eec15d28ab89dbdee6200177927524504e213b4e6fec63c6d2f02e12f1daca17758cfd44af9571b49350cfe633452eceb53dcba2674afa484dc3c0a98b315592d9964fcadb9afd296e2e66344e28dfee4d479fc975d2e56
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber2b6bd65459d70cd8e213b1c4113be213
    Version3
    Certificate 67ec2f35e172353a55ccff3e52540492
    FieldValue
    ToBeSigned (TBS) MD55e1b3f4283ef844866a8ec5ade611af3
    ToBeSigned (TBS) SHA1db9237e8f298effd7cdd1ca7f804ee2330b0112c
    ToBeSigned (TBS) SHA256b9bd052aada420cdf0f6f5e50aa80cd8a38d94c7091bea582cbed83d7d5c632a
    Subject??=CN, ??=Fujian, ??=Fuzhou, ??=Private Organization, serialNumber=91350105MA347X7Y7X, C=CN, ST=Fujian, L=Fuzhou, postalCode=350015, ??=ZONE A,1240, 15/F, COMPLEX BUILDING, FUZHOU BONDED AREA, O=Pinchins Technology Company Limited, emailAddress=support@pinchins.com, CN=Pinchins Technology Company Limited
    ValidFrom2016-09-05 03:15:38
    ValidTo2018-11-05 03:15:38
    Signatureaadcb357f69b98196e7420fc2b8766d399782fb1a043a1480017279de4787277faea0d6ea942ac10cb1cd367f51cf273ceb71e1c6df9210476fea1ddf3b9bea3f1328b5f5492af007c2f94e02c470dfd370edc643a56fafc286c02acb1c08057370641f2a15538db5b9c11fb3f25b6666a0a017aa1626e1052a388cb17957600ff8232f24a57f341571ac39de67a3b4c27514b05277984b3abf2de7b187f25ae42b7a439ee8be0382d0352ad5eaf1ec25c5d1f5644679a6f59ac9502016d026e95cc2348b415a477ad0512c6d50a1fe5d89ff8a132cf87470e21b13b7850acc1b5a594425a33859490232bea5dab93090a845ffd7d8ae89acee976c5a4dac7d1
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber67ec2f35e172353a55ccff3e52540492
    Version3
    Certificate 6139bb9c000000000033
    FieldValue
    ToBeSigned (TBS) MD55b3304180221a8328ce477b1fd93898f
    ToBeSigned (TBS) SHA19b7f1e1653a52d801387f1e51d17fabb8d435d0c
    ToBeSigned (TBS) SHA25667070bcf2ee304cedd252a1dd8a7222c1be50fd2d5eabef9446cb633e133d264
    SubjectC=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
    ValidFrom2011-04-15 20:13:19
    ValidTo2021-04-15 20:23:19
    Signature375933ca5e487d489a5be42fdbdb59a8c61f77c0a58747e86508c6672688d95c58e2c631ac0c32b96f7cc58748db2c0a23484d0dcf1116ef60577ed5326e22de373cc7dc16f3c9ce2939fb37daf5e4e741d8a2f82db3498a601f64ef9c1364b3469a82cc650f18550776c9e9337790a644daefa64d551038316f3a58ed31486190c04615b4c0a64e5493c00db524e55017c6d62392226992e0abab297508255399959f50b65b6753aaa2ba905a6ea3e35b5c830e54426dbdb917a8205284b51a4fb24d68d2c28ff8f9ae837c24a6e6c17f9a932f2e550df87bc1be336fab0cd934585c9c40ce284a015529655d5bfd525a54591171470b3eff2c9ae931d9046a33871d2f880fc99aab14a8c20b4f8589ac25490dff54395513d6b84d6bf44aad1833bc8e0052b476c2eccd8beb60d57880844a0eb93d4d560d1b17176f60fcdbd867cd3d4082b55c567f8d274cc76d5da410b57c410c39912f41d2c6310686eb405087d8131e852f10448b7a0361693b29fedfcdd3e07d19ba3b84e34e9ad78c7cd73d9dd7fd50108f06683bd8be3bbbaa284552eadde83a334caf38c715e3e97cee83eb2a1cbdd8fdf5394e7c5f25b39349ca88e56152f0dd14f8394ead47182aefcc6b29493fd7a48e7abd6f6bee675db7b167a60055014532b842fe96fc06b9cecfcff9fb6eab728718451afce3846a414f36714c77eea3191ab87d098c01
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber6139bb9c000000000033
    Version3
    Certificate 19c28530e93b36
    FieldValue
    ToBeSigned (TBS) MD5dd50ed7562bd4ce20df7b5c24d9f1446
    ToBeSigned (TBS) SHA1188ce565932b1320e89f1c94e1b21eb49f714a6b
    ToBeSigned (TBS) SHA256e9c8df2dbd3edd63c701a9a6b71cf740eb8d54526dba56970712888237086691
    SubjectC=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
    ValidFrom2006-09-17 22:46:36
    ValidTo2019-12-31 23:59:59
    Signatureb66df870fbe20d4c98b3074915f504c46ccacaf568a008fe126d9c0406c9ad9a91523e78c45cee9f541deee3f15e30c949e139e0a69d366c57fae6344f55e887a82cdd05f1581291e8cace28788fdf078501a5dc459605d480b22b059acb9aa58be03a67e67347be4afd27b188efe6cacf8d0e269ffa5f5778ad6dfeae9b3508b1c3bac1004a4b7d14bdf7f1d35518acd03370886dc4097114a62b4f8881e70b0037a9157d7ed701963f2faf7b62ae0a4abf4b392e35108bfe0439e43c3a0c0956403ab5f4c2680cb5f952cdee9df898fc78e758478f1c73586933abffdddf8e24017798193ab06679bce108a30e4fc104b3f301c8ebd3591c35d2931e7065827fdbcffbc8991260c3446f3a804bd7be21aa147a64cbdd3743455b322e45f0d9591f6b18f07ce9553619615fb57df18dbd88e4754b98dd27b0e484442a6184570582111faa3558f3200eaf59effa5572720d26d09b5349acce372e6561fff6ec1beaf6f1a6d3d1b57bbe35f422c1bc8d01bd685e830d2fecd6da630c27d1543ee4a8d3ce4b32b89194fffb5b492d7518a8ba719a3baed9c0a94f8791ed8b7b6b20988939834f80c469cc17c9c84ebee4a9a5817670060432cd8365f4bc7d3e13bcd2e86f63aab53bda8d863282789dd9ccffbf576474ed283d446215614bf794b00d2a671cf0cb9ba592bff8415ac13d60ed9fbbb86d9bcea96a163f7eea06f1
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber19c28530e93b36
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • IoCreateNotificationEvent
    • ExInitializeNPagedLookasideList
    • ExAcquireFastMutex
    • RtlInitUnicodeString
    • IoDeleteDevice
    • ExpInterlockedPushEntrySList
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • ExpInterlockedPopEntrySList
    • RtlDeleteElementGenericTable
    • IoDetachDevice
    • PsSetCreateProcessNotifyRoutine
    • RtlEqualUnicodeString
    • KeDelayExecutionThread
    • ObQueryNameString
    • ZwQueryValueKey
    • _vsnwprintf
    • ZwClose
    • ExQueryDepthSList
    • KeWaitForSingleObject
    • IoAttachDeviceToDeviceStack
    • PsGetVersion
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • IoCreateSymbolicLink
    • ObfDereferenceObject
    • IoCreateDevice
    • IoRegisterFsRegistrationChange
    • RtlIsGenericTableEmpty
    • IofCallDriver
    • RtlInitializeGenericTable
    • ZwOpenKey
    • ExQueueWorkItem
    • _wcsnicmp
    • KeSetPriorityThread
    • KeSetEvent
    • wcsncpy
    • ZwCreateFile
    • wcsrchr
    • MmMapLockedPagesSpecifyCache
    • ExSystemTimeToLocalTime
    • ExInterlockedInsertTailList
    • PsTerminateSystemThread
    • RtlLookupElementGenericTable
    • IofCompleteRequest
    • RtlTimeToTimeFields
    • ExInterlockedRemoveHeadList
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • ZwQueryInformationFile
    • RtlInsertElementGenericTable
    • PsProcessType
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • ZwReadFile
    • ExReleaseFastMutex
    • ZwOpenSymbolicLinkObject
    • IoVolumeDeviceToDosName
    • IoFileObjectType
    • IoDriverObjectType
    • IoGetDeviceObjectPointer
    • ExAllocatePool
    • ObReferenceObjectByHandle
    • IoCreateFileSpecifyDeviceObjectHint
    • IoFreeIrp
    • ZwDeleteFile
    • IoAllocateIrp
    • ZwDeviceIoControlFile
    • IoGetTopLevelIrp
    • ObReferenceObjectByName
    • ZwWriteFile
    • ObReferenceObjectByPointer
    • ObOpenObjectByPointer
    • DbgPrint
    • _stricmp
    • _wcsicmp
    • PsGetProcessImageFileName
    • PsCreateSystemThread
    • PsGetProcessId
    • CmRegisterCallback
    • MmIsAddressValid
    • RtlVolumeDeviceToDosName
    • _snwprintf
    • RtlAppendUnicodeToString
    • RtlAppendUnicodeStringToString
    • RtlCopyUnicodeString
    • ExAcquireResourceExclusiveLite
    • KeLeaveCriticalRegion
    • RtlAnsiStringToUnicodeString
    • RtlInitAnsiString
    • KeEnterCriticalRegion
    • ExAcquireResourceSharedLite
    • ExReleaseResourceLite
    • ExInitializeResourceLite
    • ZwDeleteValueKey
    • MmFlushImageSection
    • ExIsResourceAcquiredExclusiveLite
    • CcPurgeCacheSection
    • CcFlushCache
    • ZwSetInformationFile
    • ZwOpenFile
    • KeBugCheckEx
    • ExFreePoolWithTag
    • IoDeleteSymbolicLink
    • RtlGetElementGenericTable
    • IoBuildDeviceIoControlRequest
    • KeClearEvent
    • swprintf
    • ExAllocatePoolWithTag
    • __C_specific_handler
    • HalReturnToFirmware

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rc0
    • .reloc
    • .rsrc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "2b6bd65459d70cd8e213b1c4113be213",
          "Signature": "26be3926c8bc7f267da8d15f7febe4bb3101707380adcd8c56c0a79ab07905805ac50219087fcdd2698fe902234c3f29ae30e877bfda43093a8f5b3a65e9522786d1e4c751c82dd87dea75521da7d25c28425918d87e6cbff131407de959c498174254303e1c4dbdaa19d410924155506b166ad4e5f64e37238a3a67c03ab559f73f13c143e3b67e8c309e0b25ba226ee84cad577a9a5d30881ba5e5e0b19c34085725a2226ba9a687eaa22611a09fef925acfe986ea328aba3b52c8c46a7e14dd74e056c177bfc018be92ee49d63c3b02c7672cb2f3ddc669638465342d7eeba89219dfd93bb98015c570bae03840801f8cc8fdebf445024b8e9255e251245a1c617cc749687c9f09b8e8befb2d1e8439c6bed52ff5bf60f313f6a90f30dd3799372cb876b6eafb3bfaab9a1cc9d598e5a72d165f2bb577e01076b75bf62df21fabf718c4d0fdb948ab2dcc176350279428ce4a793660a8832d719c2583f684603a3bece107f868c649e81cfd1c1b15d966dee69ed6d8b05ccbf741a7c4fb34ebd87d91a55a06cec7cf11dec3a03ecb9059d3f025bf29203d5a928876aa089c02cfca37062650fb6eec15d28ab89dbdee6200177927524504e213b4e6fec63c6d2f02e12f1daca17758cfd44af9571b49350cfe633452eceb53dcba2674afa484dc3c0a98b315592d9964fcadb9afd296e2e66344e28dfee4d479fc975d2e56",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=CN, O=WoSign CA Limited, CN=WoSign EV Code Signing CA",
          "TBS": {
            "MD5": "1b1b63b6c5bcca2bbe08f6d91d0fb222",
            "SHA1": "99e402e691ee22e237b59c2c95ef07f396393a6b",
            "SHA256": "e3f9ea7f77a3b7349399ae5c40ef533c06c7d6e551949e0c7898d298fb7463cf",
            "SHA384": "8d4c0779c89895a8a595b8823196d10eed2bdc9cc3c462490c51fdf1938778878b64c82f78e36f6f4c6a74b9366fbb11"
          },
          "ValidFrom": "2015-04-18 00:58:58",
          "ValidTo": "2025-04-18 00:58:58",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "67ec2f35e172353a55ccff3e52540492",
          "Signature": "aadcb357f69b98196e7420fc2b8766d399782fb1a043a1480017279de4787277faea0d6ea942ac10cb1cd367f51cf273ceb71e1c6df9210476fea1ddf3b9bea3f1328b5f5492af007c2f94e02c470dfd370edc643a56fafc286c02acb1c08057370641f2a15538db5b9c11fb3f25b6666a0a017aa1626e1052a388cb17957600ff8232f24a57f341571ac39de67a3b4c27514b05277984b3abf2de7b187f25ae42b7a439ee8be0382d0352ad5eaf1ec25c5d1f5644679a6f59ac9502016d026e95cc2348b415a477ad0512c6d50a1fe5d89ff8a132cf87470e21b13b7850acc1b5a594425a33859490232bea5dab93090a845ffd7d8ae89acee976c5a4dac7d1",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "??=CN, ??=Fujian, ??=Fuzhou, ??=Private Organization, serialNumber=91350105MA347X7Y7X, C=CN, ST=Fujian, L=Fuzhou, postalCode=350015, ??=ZONE A,1240, 15/F, COMPLEX BUILDING, FUZHOU BONDED AREA, O=Pinchins Technology Company Limited, emailAddress=support@pinchins.com, CN=Pinchins Technology Company Limited",
          "TBS": {
            "MD5": "5e1b3f4283ef844866a8ec5ade611af3",
            "SHA1": "db9237e8f298effd7cdd1ca7f804ee2330b0112c",
            "SHA256": "b9bd052aada420cdf0f6f5e50aa80cd8a38d94c7091bea582cbed83d7d5c632a",
            "SHA384": "3239cb107de6796fd1765919f9443a75640e71e12864b6c0879d2a61bf68952a300820eb331592a061b665ee5ad61ff9"
          },
          "ValidFrom": "2016-09-05 03:15:38",
          "ValidTo": "2018-11-05 03:15:38",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "6139bb9c000000000033",
          "Signature": "375933ca5e487d489a5be42fdbdb59a8c61f77c0a58747e86508c6672688d95c58e2c631ac0c32b96f7cc58748db2c0a23484d0dcf1116ef60577ed5326e22de373cc7dc16f3c9ce2939fb37daf5e4e741d8a2f82db3498a601f64ef9c1364b3469a82cc650f18550776c9e9337790a644daefa64d551038316f3a58ed31486190c04615b4c0a64e5493c00db524e55017c6d62392226992e0abab297508255399959f50b65b6753aaa2ba905a6ea3e35b5c830e54426dbdb917a8205284b51a4fb24d68d2c28ff8f9ae837c24a6e6c17f9a932f2e550df87bc1be336fab0cd934585c9c40ce284a015529655d5bfd525a54591171470b3eff2c9ae931d9046a33871d2f880fc99aab14a8c20b4f8589ac25490dff54395513d6b84d6bf44aad1833bc8e0052b476c2eccd8beb60d57880844a0eb93d4d560d1b17176f60fcdbd867cd3d4082b55c567f8d274cc76d5da410b57c410c39912f41d2c6310686eb405087d8131e852f10448b7a0361693b29fedfcdd3e07d19ba3b84e34e9ad78c7cd73d9dd7fd50108f06683bd8be3bbbaa284552eadde83a334caf38c715e3e97cee83eb2a1cbdd8fdf5394e7c5f25b39349ca88e56152f0dd14f8394ead47182aefcc6b29493fd7a48e7abd6f6bee675db7b167a60055014532b842fe96fc06b9cecfcff9fb6eab728718451afce3846a414f36714c77eea3191ab87d098c01",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority",
          "TBS": {
            "MD5": "5b3304180221a8328ce477b1fd93898f",
            "SHA1": "9b7f1e1653a52d801387f1e51d17fabb8d435d0c",
            "SHA256": "67070bcf2ee304cedd252a1dd8a7222c1be50fd2d5eabef9446cb633e133d264",
            "SHA384": "be36b1ba9a006afb9eb53263634cb8ca38dd6ca7f95ec56f943324f3a26f9c34c2dff1a3a5c72c88513e23e1f20c8824"
          },
          "ValidFrom": "2011-04-15 20:13:19",
          "ValidTo": "2021-04-15 20:23:19",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "19c28530e93b36",
          "Signature": "b66df870fbe20d4c98b3074915f504c46ccacaf568a008fe126d9c0406c9ad9a91523e78c45cee9f541deee3f15e30c949e139e0a69d366c57fae6344f55e887a82cdd05f1581291e8cace28788fdf078501a5dc459605d480b22b059acb9aa58be03a67e67347be4afd27b188efe6cacf8d0e269ffa5f5778ad6dfeae9b3508b1c3bac1004a4b7d14bdf7f1d35518acd03370886dc4097114a62b4f8881e70b0037a9157d7ed701963f2faf7b62ae0a4abf4b392e35108bfe0439e43c3a0c0956403ab5f4c2680cb5f952cdee9df898fc78e758478f1c73586933abffdddf8e24017798193ab06679bce108a30e4fc104b3f301c8ebd3591c35d2931e7065827fdbcffbc8991260c3446f3a804bd7be21aa147a64cbdd3743455b322e45f0d9591f6b18f07ce9553619615fb57df18dbd88e4754b98dd27b0e484442a6184570582111faa3558f3200eaf59effa5572720d26d09b5349acce372e6561fff6ec1beaf6f1a6d3d1b57bbe35f422c1bc8d01bd685e830d2fecd6da630c27d1543ee4a8d3ce4b32b89194fffb5b492d7518a8ba719a3baed9c0a94f8791ed8b7b6b20988939834f80c469cc17c9c84ebee4a9a5817670060432cd8365f4bc7d3e13bcd2e86f63aab53bda8d863282789dd9ccffbf576474ed283d446215614bf794b00d2a671cf0cb9ba592bff8415ac13d60ed9fbbb86d9bcea96a163f7eea06f1",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
          "Subject": "C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign",
          "TBS": {
            "MD5": "dd50ed7562bd4ce20df7b5c24d9f1446",
            "SHA1": "188ce565932b1320e89f1c94e1b21eb49f714a6b",
            "SHA256": "e9c8df2dbd3edd63c701a9a6b71cf740eb8d54526dba56970712888237086691",
            "SHA384": "3c0a92298ab549c53c98518786164baadde65fa06a197de4784bf34053752ce84ba6b943ae4dcc9944bb334c9e346c91"
          },
          "ValidFrom": "2006-09-17 22:46:36",
          "ValidTo": "2019-12-31 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=CN, O=WoSign CA Limited, CN=WoSign EV Code Signing CA",
          "SerialNumber": "67ec2f35e172353a55ccff3e52540492",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    source

    last_updated: 2025-01-13