043773c5-120a-4c6b-8485-8f1f5c47fd3e

aswArPot.sys :inline :inline

Description

aswArPot.sys is a vulnerable driver and more information will be added as found.

  • UUID: 043773c5-120a-4c6b-8485-8f1f5c47fd3e
  • Created: 2023-05-06
  • Author: Nasreddine Bencherchali
  • Acknowledgement: |

Download

This download link contains the vulnerable driver!

Commands

sc.exe create aswArPot.sys binPath=C:\windows\temp\aswArPot.sys type=kernel && sc.exe start aswArPot.sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • Internal Research

  • Known Vulnerable Samples

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2018-10-02 03:42:06
    MD5c61876aaca6ce822be18adb9d9bd4260
    SHA1186b6523e8e2fa121d6d3b8cb106e9a5b918af4f
    SHA2560b2ad05939b0aabbdc011082fad7960baa0c459ec16a2b29f37c1fa31795a46d
    Authentihash MD518893a7dd0bc23f4f4aa7b8350f0e75e
    Authentihash SHA127021d09730a1d7694137e123ba3a63cd0b9e040
    Authentihash SHA256fab3f1dbc49bd9f0219156fe49d4423c311f529f7d3653f5f69d2b10b9b0bc98
    RichPEHeaderHash MD5382c4767d71156621da4d8ab3193017a
    RichPEHeaderHash SHA120e40fd8dd4465dfd940c017e5cb26819d5cbed7
    RichPEHeaderHash SHA256cc76cbedaf6062b99e917cf31a8cce723c854d10d1afd041e4ca85ceabb39c4b
    CompanyAVG Technologies CZ, s.r.o.
    DescriptionAVG anti rootkit
    ProductAVG Internet Security System
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 611cb28a000000000026
    FieldValue
    ToBeSigned (TBS) MD5983a0c315a50542362f2bd6a5d71c8d0
    ToBeSigned (TBS) SHA18047f476001f5cb16a661d2a3fd0c3576168f5e2
    ToBeSigned (TBS) SHA2565f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
    ValidFrom2011-04-15 19:41:37
    ValidTo2021-04-15 19:51:37
    Signature5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611cb28a000000000026
    Version3
    Certificate 0557955e02a6b53dd1d574ede15f310e
    FieldValue
    ToBeSigned (TBS) MD5f9b558280379fbd2ac831a9850ec9c0e
    ToBeSigned (TBS) SHA1c22448dd1388c2011166e2a203fe984bd702f355
    ToBeSigned (TBS) SHA256c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
    SubjectC=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.
    ValidFrom2018-01-30 00:00:00
    ValidTo2021-01-22 12:00:00
    Signature64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0557955e02a6b53dd1d574ede15f310e
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 0fa8490615d700a0be2176fdc5ec6dbd
    FieldValue
    ToBeSigned (TBS) MD5a9a31555bbc92b6033975c5428fb3679
    ToBeSigned (TBS) SHA147f4b9898631773231b32844ec0d49990ac4eb1e
    ToBeSigned (TBS) SHA256c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0fa8490615d700a0be2176fdc5ec6dbd
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • IoBuildDeviceIoControlRequest
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoThreadToProcess
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • PsInitialSystemProcess
    • IoCreateDevice
    • PsProcessType
    • KeDetachProcess
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2020-09-24 08:28:43
    MD556a9e9b5334f8698a0ede27c64140982
    SHA1762a5b4c7beb2af675617dca6dcd6afd36ce0afd
    SHA2560b542e47248611a1895018ec4f4033ea53464f259c74eb014d018b19ad818917
    Authentihash MD5a75fd1dc0e0b04ba483ab56147868c5f
    Authentihash SHA1aad76f7285cc00fffce801147036331610943062
    Authentihash SHA2561faa125c9442b20c646411f629dd48afe2d962554c45fc4a8e2d45c1fc611b6c
    RichPEHeaderHash MD5e8033ae063a3483aec0d2fa55081ff62
    RichPEHeaderHash SHA1fef047c18b115c601ddfd833e1cb5784ca1afbd7
    RichPEHeaderHash SHA256fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
    CompanyAVG Technologies CZ, s.r.o.
    DescriptionAVG Anti Rootkit
    ProductAVG Internet Security System
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03ec0c9015079fab8a6f3fc9f839311c
    FieldValue
    ToBeSigned (TBS) MD5bf2831557abdf7e58917d0a2608080a5
    ToBeSigned (TBS) SHA124ece342e4c4f2f17f32e6924f48c240ad6300ff
    ToBeSigned (TBS) SHA2561afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
    SubjectC=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC, OU=RE 999, CN=AVG Technologies USA, LLC
    ValidFrom2020-01-27 00:00:00
    ValidTo2022-10-20 12:00:00
    Signatureb02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03ec0c9015079fab8a6f3fc9f839311c
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • __C_specific_handler
    • KeDelayExecutionThread
    • IoAllocateWorkItem
    • MmIsAddressValid
    • MmUnlockPages
    • ExAllocatePool
    • RtlAnsiStringToUnicodeString
    • KeAcquireSpinLockRaiseToDpc
    • ZwQuerySystemInformation
    • PsRemoveLoadImageNotifyRoutine
    • ZwUnmapViewOfSection
    • ZwQuerySymbolicLinkObject
    • MmProbeAndLockPages
    • RtlVolumeDeviceToDosName
    • PsSetLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • ZwReadFile
    • ObQueryNameString
    • ZwOpenThreadTokenEx
    • ZwOpenProcessTokenEx
    • towlower
    • NtBuildNumber
    • ExReleaseFastMutex
    • _wcsicmp
    • _snwprintf
    • RtlConvertSidToUnicodeString
    • ObfDereferenceObject
    • IoAllocateMdl
    • ZwCreateSection
    • ZwQueryInformationProcess
    • PsGetProcessId
    • PsCreateSystemThread
    • ZwQueryInformationThread
    • RtlInitUnicodeString
    • ZwOpenSymbolicLinkObject
    • tolower
    • PsRemoveCreateThreadNotifyRoutine
    • IoDeleteDevice
    • IoBuildDeviceIoControlRequest
    • wcsncpy
    • IoGetDeviceObjectPointer
    • IoGetCurrentProcess
    • ObOpenObjectByPointer
    • strncpy
    • KeReleaseSpinLock
    • _strnicmp
    • IoFileObjectType
    • KeStackAttachProcess
    • PsLookupProcessByProcessId
    • PsGetCurrentProcessId
    • KeSetEvent
    • PsThreadType
    • RtlUnicodeStringToAnsiString
    • ZwQueryInformationToken
    • ZwMapViewOfSection
    • strncmp
    • ObReferenceObjectByHandle
    • RtlGetVersion
    • PsGetThreadId
    • PsGetVersion
    • KeClearEvent
    • IoGetBaseFileSystemDeviceObject
    • wcschr
    • ZwSetInformationFile
    • ZwEnumerateKey
    • IoFreeMdl
    • wcsstr
    • ExAcquireFastMutex
    • MmGetSystemRoutineAddress
    • IoFreeWorkItem
    • _stricmp
    • ExAllocatePoolWithTag
    • RtlInitString
    • IofCallDriver
    • IoDeviceObjectType
    • _snprintf
    • ExFreePoolWithTag
    • ZwOpenFile
    • KeSetSystemAffinityThread
    • strstr
    • KeInitializeEvent
    • ObReferenceObjectByName
    • strchr
    • _wcsnicmp
    • KeQueryActiveProcessors
    • RtlEqualSid
    • IoQueueWorkItem
    • MmUnmapLockedPages
    • MmMapLockedPagesSpecifyCache
    • PsSetCreateThreadNotifyRoutine
    • PsGetCurrentThreadId
    • IofCompleteRequest
    • PsGetProcessWin32Process
    • ExEventObjectType
    • ZwQueryInformationFile
    • KeWaitForSingleObject
    • IoCreateSymbolicLink
    • PsSetCreateProcessNotifyRoutine
    • IoDriverObjectType
    • PsLookupThreadByThreadId
    • IoGetDeviceInterfaces
    • ZwClose
    • PsTerminateSystemThread
    • wcsrchr
    • strrchr
    • SeExports
    • KeUnstackDetachProcess
    • KeResetEvent
    • KeRevertToUserAffinityThread
    • ZwOpenProcess
    • wcsncmp
    • ZwOpenKey
    • PsGetThreadProcess
    • IoDetachDevice
    • IoAttachDeviceToDeviceStackSafe
    • IoThreadToProcess
    • PsInitialSystemProcess
    • IoCreateDevice
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeInitializeDpc
    • KeSetTargetProcessorDpc
    • PsProcessType
    • MmMapIoSpace
    • MmUnmapIoSpace
    • ZwDeleteFile
    • KeAttachProcess
    • KeDetachProcess
    • RtlCompareUnicodeString
    • ZwWriteFile
    • NtClose
    • ObfReferenceObject
    • IoBuildSynchronousFsdRequest
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • IoFreeIrp
    • ZwQueryDirectoryObject
    • KeBugCheck
    • ZwOpenDirectoryObject
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • ZwSetSecurityObject
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlLengthSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • IoIsWdmVersionAvailable
    • RtlSetDaclSecurityDescriptor
    • ZwSetValueKey
    • ZwQueryValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • KeBugCheckEx
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExRegisterCallback
    • ExCreateCallback
    • ExUnregisterCallback
    • strcmp

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2020-04-28 12:47:02
    MD594999245e9580c6228b22ac44c66044c
    SHA14a04596acf79115f15add3921ce30a96f594d7ce
    SHA2560cd4ca335155062182608cad9ef5c8351a715bce92049719dd09c76422cd7b0c
    Authentihash MD5bd9f1ccc35bd6f7b1b10f29e34167f2d
    Authentihash SHA1e6822211c3f40414dd0d8ec6416db8b050859cd5
    Authentihash SHA256a801e12c32c0eb197b3cc507d096afc16a32dca6bc71d080e1ae2c17ad13b2ca
    RichPEHeaderHash MD55a489fed9ab25dab8eb1e8de57816a5b
    RichPEHeaderHash SHA1e1f992c705eb87c462152c01a8db69d1df44aacb
    RichPEHeaderHash SHA25613fb8d5234772b9e76b9929957aa21c6a9395cc3892f69dcd599f7682daff315
    CompanyAVG Technologies CZ, s.r.o.
    DescriptionAVG Anti Rootkit
    ProductAVG Internet Security System
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03ec0c9015079fab8a6f3fc9f839311c
    FieldValue
    ToBeSigned (TBS) MD5bf2831557abdf7e58917d0a2608080a5
    ToBeSigned (TBS) SHA124ece342e4c4f2f17f32e6924f48c240ad6300ff
    ToBeSigned (TBS) SHA2561afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
    SubjectC=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC, OU=RE 999, CN=AVG Technologies USA, LLC
    ValidFrom2020-01-27 00:00:00
    ValidTo2022-10-20 12:00:00
    Signatureb02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03ec0c9015079fab8a6f3fc9f839311c
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • __C_specific_handler
    • KeDelayExecutionThread
    • IoAllocateWorkItem
    • MmIsAddressValid
    • MmUnlockPages
    • ExAllocatePool
    • RtlAnsiStringToUnicodeString
    • KeAcquireSpinLockRaiseToDpc
    • ZwQuerySystemInformation
    • PsRemoveLoadImageNotifyRoutine
    • ZwUnmapViewOfSection
    • ZwQuerySymbolicLinkObject
    • MmProbeAndLockPages
    • RtlVolumeDeviceToDosName
    • PsSetLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • ZwReadFile
    • ObQueryNameString
    • ZwOpenThreadTokenEx
    • ZwOpenProcessTokenEx
    • towlower
    • NtBuildNumber
    • ExReleaseFastMutex
    • _wcsicmp
    • _snwprintf
    • RtlConvertSidToUnicodeString
    • ObfDereferenceObject
    • IoAllocateMdl
    • ZwCreateSection
    • ZwQueryInformationProcess
    • PsGetProcessId
    • PsCreateSystemThread
    • ZwQueryInformationThread
    • RtlInitUnicodeString
    • ZwOpenSymbolicLinkObject
    • tolower
    • PsRemoveCreateThreadNotifyRoutine
    • IoDeleteDevice
    • IoBuildDeviceIoControlRequest
    • wcsncpy
    • IoGetDeviceObjectPointer
    • IoGetCurrentProcess
    • ObOpenObjectByPointer
    • strncpy
    • KeReleaseSpinLock
    • _strnicmp
    • IoFileObjectType
    • KeStackAttachProcess
    • PsLookupProcessByProcessId
    • PsGetCurrentProcessId
    • KeSetEvent
    • PsThreadType
    • RtlUnicodeStringToAnsiString
    • ZwQueryInformationToken
    • ZwMapViewOfSection
    • strncmp
    • ObReferenceObjectByHandle
    • RtlGetVersion
    • PsGetThreadId
    • PsGetVersion
    • KeClearEvent
    • IoGetBaseFileSystemDeviceObject
    • wcschr
    • ZwSetInformationFile
    • ZwEnumerateKey
    • IoFreeMdl
    • wcsstr
    • ExAcquireFastMutex
    • MmGetSystemRoutineAddress
    • IoFreeWorkItem
    • _stricmp
    • ExAllocatePoolWithTag
    • RtlInitString
    • IofCallDriver
    • IoDeviceObjectType
    • _snprintf
    • ExFreePoolWithTag
    • ZwOpenFile
    • KeSetSystemAffinityThread
    • strstr
    • KeInitializeEvent
    • ObReferenceObjectByName
    • strchr
    • _wcsnicmp
    • KeQueryActiveProcessors
    • RtlEqualSid
    • IoQueueWorkItem
    • MmUnmapLockedPages
    • MmMapLockedPagesSpecifyCache
    • PsSetCreateThreadNotifyRoutine
    • PsGetCurrentThreadId
    • IofCompleteRequest
    • PsGetProcessWin32Process
    • ExEventObjectType
    • ZwQueryInformationFile
    • KeWaitForSingleObject
    • IoCreateSymbolicLink
    • PsSetCreateProcessNotifyRoutine
    • IoDriverObjectType
    • PsLookupThreadByThreadId
    • IoGetDeviceInterfaces
    • ZwClose
    • PsTerminateSystemThread
    • wcsrchr
    • strrchr
    • SeExports
    • KeUnstackDetachProcess
    • KeResetEvent
    • KeRevertToUserAffinityThread
    • ZwOpenProcess
    • wcsncmp
    • ZwOpenKey
    • PsGetThreadProcess
    • IoDetachDevice
    • IoAttachDeviceToDeviceStackSafe
    • IoThreadToProcess
    • PsInitialSystemProcess
    • IoCreateDevice
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeInitializeDpc
    • KeSetTargetProcessorDpc
    • PsProcessType
    • MmMapIoSpace
    • MmUnmapIoSpace
    • ZwDeleteFile
    • KeAttachProcess
    • KeDetachProcess
    • RtlCompareUnicodeString
    • ZwWriteFile
    • NtClose
    • ObfReferenceObject
    • IoBuildSynchronousFsdRequest
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • IoFreeIrp
    • ZwQueryDirectoryObject
    • KeBugCheck
    • ZwOpenDirectoryObject
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • ZwSetSecurityObject
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlLengthSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • IoIsWdmVersionAvailable
    • RtlSetDaclSecurityDescriptor
    • ZwSetValueKey
    • ZwQueryValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • KeBugCheckEx
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExRegisterCallback
    • ExCreateCallback
    • ExUnregisterCallback
    • strcmp

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2018-11-02 05:23:13
    MD593a23503e26773c27ed1da06bb79e7a4
    SHA1da03799bb0025a476e3e15cc5f426e5412aeef02
    SHA2560f016c80c4938fbcd47a47409969b3925f54292eba2ce01a8e45222ce8615eb8
    Authentihash MD5c53ff2c139c291d9afe0a4831d0ca8b3
    Authentihash SHA1e6fb86d4de7362af1e3cd957bcc4e2e887aa5016
    Authentihash SHA25629a560a11292c4224a401392e091a8f08230fdfea35521035e2bfda0b3d1f952
    RichPEHeaderHash MD5382c4767d71156621da4d8ab3193017a
    RichPEHeaderHash SHA120e40fd8dd4465dfd940c017e5cb26819d5cbed7
    RichPEHeaderHash SHA256cc76cbedaf6062b99e917cf31a8cce723c854d10d1afd041e4ca85ceabb39c4b
    CompanyAVG Technologies CZ, s.r.o.
    DescriptionAVG anti rootkit
    ProductAVG Internet Security System
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 611cb28a000000000026
    FieldValue
    ToBeSigned (TBS) MD5983a0c315a50542362f2bd6a5d71c8d0
    ToBeSigned (TBS) SHA18047f476001f5cb16a661d2a3fd0c3576168f5e2
    ToBeSigned (TBS) SHA2565f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
    ValidFrom2011-04-15 19:41:37
    ValidTo2021-04-15 19:51:37
    Signature5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611cb28a000000000026
    Version3
    Certificate 0557955e02a6b53dd1d574ede15f310e
    FieldValue
    ToBeSigned (TBS) MD5f9b558280379fbd2ac831a9850ec9c0e
    ToBeSigned (TBS) SHA1c22448dd1388c2011166e2a203fe984bd702f355
    ToBeSigned (TBS) SHA256c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
    SubjectC=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.
    ValidFrom2018-01-30 00:00:00
    ValidTo2021-01-22 12:00:00
    Signature64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0557955e02a6b53dd1d574ede15f310e
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 0fa8490615d700a0be2176fdc5ec6dbd
    FieldValue
    ToBeSigned (TBS) MD5a9a31555bbc92b6033975c5428fb3679
    ToBeSigned (TBS) SHA147f4b9898631773231b32844ec0d49990ac4eb1e
    ToBeSigned (TBS) SHA256c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0fa8490615d700a0be2176fdc5ec6dbd
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • IoBuildDeviceIoControlRequest
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoThreadToProcess
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • PsInitialSystemProcess
    • IoCreateDevice
    • PsProcessType
    • KeDetachProcess
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2019-02-25 07:50:54
    MD525190f667f31318dd9a2e36383d5709f
    SHA16dac7a8fa9589caae0db9d6775361d26011c80b2
    SHA2560f17e5cfc5bdd74aff91bfb1a836071345ba2b5d1b47b0d5bf8e7e0d4d5e2dbf
    Authentihash MD57d20fc4bf882c254e43049b35c40abe5
    Authentihash SHA138ec7b2b736b7544fae9891c066a3f7231145ba2
    Authentihash SHA2569e51062d4249945e77c7d3fdecc9797ffc38017465c8068a5f1296bf85ae558c
    RichPEHeaderHash MD59626b493680953826324d269e208fa60
    RichPEHeaderHash SHA11a458000e2060911a31fcbed8ad9000b98f54944
    RichPEHeaderHash SHA256ace6a5d1d7b11c6668753f9f17b2bb60f496168179cfd2d50e4e9e66fc41a50f
    CompanyAVAST Software
    DescriptionAvast anti rootkit
    ProductAvast Antivirus
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 07c70f7cab145bc1ed385fbe69fa3130
    FieldValue
    ToBeSigned (TBS) MD52e1a5012cbe8b95785c794bc1c5584c3
    ToBeSigned (TBS) SHA1f4753b06b08938794c32c2475cee663143036d08
    ToBeSigned (TBS) SHA256fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
    SubjectC=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
    ValidFrom2016-09-06 00:00:00
    ValidTo2019-10-04 12:00:00
    Signature56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber07c70f7cab145bc1ed385fbe69fa3130
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • IoBuildDeviceIoControlRequest
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • tolower
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoThreadToProcess
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • PsInitialSystemProcess
    • IoCreateDevice
    • PsProcessType
    • MmUnmapIoSpace
    • KeDetachProcess
    • MmMapIoSpace
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2018-02-07 15:49:49
    MD5e7273e17ac85dc4272c4c4400091a19e
    SHA194b014123412fbe8709b58ec72594f8053037ae9
    SHA2561023dcd4c80db19e9f82f95b1c5e1ddb60db7ac034848dd5cc1c78104a6350f4
    Authentihash MD58c2b0e47a2de7bd04758041782b1b2a7
    Authentihash SHA1a7f1025ab664dd61800687724fce31fd3b765d1f
    Authentihash SHA25660ae64ade82e9364e95f779bbf950571484aa833ece6837489329517012c7757
    RichPEHeaderHash MD573f94453db44e5265861f0ce8df39fc1
    RichPEHeaderHash SHA16d710be934482758c43d9d19941be5ed522e371f
    RichPEHeaderHash SHA25639835922f0b2a2c24ed5fb74c468f28fc5b2c036c7a219352dc78f7f29ea13c3
    CompanyAVG Technologies CZ, s.r.o.
    DescriptionAVG anti rootkit
    ProductAVG Internet Security System
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 250ce8e030612e9f2b89f7054d7cf8fd
    FieldValue
    ToBeSigned (TBS) MD5918d9eb6a6cd36c531eceb926170a7e1
    ToBeSigned (TBS) SHA10ae95700d65e6f59715aa47048993ca7858e676a
    ToBeSigned (TBS) SHA25647c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
    ValidFrom2006-11-08 00:00:00
    ValidTo2021-11-07 23:59:59
    Signature1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber250ce8e030612e9f2b89f7054d7cf8fd
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3
    Certificate 4b5e1897903602425d3cb25d75c4f4ce
    FieldValue
    ToBeSigned (TBS) MD5d4ce3e543458edafb2db286a26226b5b
    ToBeSigned (TBS) SHA1e1f64883f78595bfbbbb6998babc3eaf8e335749
    ToBeSigned (TBS) SHA25652b100ec65c2b99f058ff89869ced270bf5e6a5db581962a69e073275339e0ae
    SubjectC=NL, ST=North Holland, L=Amsterdam, O=AVG Netherlands B.V., CN=AVG Netherlands B.V.
    ValidFrom2015-07-28 00:00:00
    ValidTo2018-09-25 23:59:59
    Signature6a77df4c2dc0ab59ee02d60398ece3dbed508ef731dfe2d64ecaeb0d78f918776b40e046c00dc921210237c8fe7f91b4f2101334f5f672eed5cc4a21825bd8be18fc38ca8f190e2e83e527aae99e956a9cb6a1fa9f52658e42b9fc5618bf7e644f9aea6af7409233ba6e92bc6ea8c07677f094369af597f236de3ffeec4f2d4191c825e1273bbafa6ecb7846f430655760a92f40de681304dc230eb1513082bd4249e3fdcd01cb82905f21cdf0d1f68f581e76f8bded6332cca3dcabf7d483c5e64255bca86d876454c614d9c14c961df6ce78555b9d61a482497dc36dc41179970a8ae7e5cba9306d14cfa79b59112dfa0bec9cf9f7f63853a833b146dc33d8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber4b5e1897903602425d3cb25d75c4f4ce
    Version3
    Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
    FieldValue
    ToBeSigned (TBS) MD5b30c31a572b0409383ed3fbe17e56e81
    ToBeSigned (TBS) SHA14843a82ed3b1f2bfbee9671960e1940c942f688d
    ToBeSigned (TBS) SHA25603cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber5200e5aa2556fc1a86ed96c9d44b33c7
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • IoCreateDevice
    • PsProcessType
    • KeDetachProcess
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • IoBuildDeviceIoControlRequest
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2019-03-07 03:04:31
    MD5812e960977116bf6d6c1ccf8b5dd351f
    SHA13eea0f5fb180c6f865fc83ac75ef3ad5b1376775
    SHA2561078af0c70e03ac17c7b8aa5ee03593f5decfef2f536716646a4ded1e98c153c
    Authentihash MD569e30d791a1b6a41c1ddd2d7394e5a86
    Authentihash SHA1a3c5c7127cd7376ddd3571edccfe8d9ecdc8b623
    Authentihash SHA25659e004cd839611cbc5f7c061827587dbb120d7aab8d0e44191c0c01aeed9e168
    RichPEHeaderHash MD59626b493680953826324d269e208fa60
    RichPEHeaderHash SHA11a458000e2060911a31fcbed8ad9000b98f54944
    RichPEHeaderHash SHA256ace6a5d1d7b11c6668753f9f17b2bb60f496168179cfd2d50e4e9e66fc41a50f
    CompanyAVG Technologies CZ, s.r.o.
    DescriptionAVG anti rootkit
    ProductAVG Internet Security System
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 611cb28a000000000026
    FieldValue
    ToBeSigned (TBS) MD5983a0c315a50542362f2bd6a5d71c8d0
    ToBeSigned (TBS) SHA18047f476001f5cb16a661d2a3fd0c3576168f5e2
    ToBeSigned (TBS) SHA2565f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
    ValidFrom2011-04-15 19:41:37
    ValidTo2021-04-15 19:51:37
    Signature5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611cb28a000000000026
    Version3
    Certificate 0557955e02a6b53dd1d574ede15f310e
    FieldValue
    ToBeSigned (TBS) MD5f9b558280379fbd2ac831a9850ec9c0e
    ToBeSigned (TBS) SHA1c22448dd1388c2011166e2a203fe984bd702f355
    ToBeSigned (TBS) SHA256c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
    SubjectC=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.
    ValidFrom2018-01-30 00:00:00
    ValidTo2021-01-22 12:00:00
    Signature64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0557955e02a6b53dd1d574ede15f310e
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 0fa8490615d700a0be2176fdc5ec6dbd
    FieldValue
    ToBeSigned (TBS) MD5a9a31555bbc92b6033975c5428fb3679
    ToBeSigned (TBS) SHA147f4b9898631773231b32844ec0d49990ac4eb1e
    ToBeSigned (TBS) SHA256c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0fa8490615d700a0be2176fdc5ec6dbd
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • IoBuildDeviceIoControlRequest
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • tolower
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoThreadToProcess
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • PsInitialSystemProcess
    • IoCreateDevice
    • PsProcessType
    • MmUnmapIoSpace
    • KeDetachProcess
    • MmMapIoSpace
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2018-06-12 01:27:49
    MD5595363661db3e50acc4de05b0215cc6f
    SHA1ec8c0b2f49756b8784b3523e70cd8821b05b95eb
    SHA2561273b74c3c1553eaa92e844fbd51f716356cc19cf77c2c780d4899ec7738fbd1
    Authentihash MD57890348aaadad057268d7273afd85c2f
    Authentihash SHA1276a8ba9fddb74586e3f50d49a784c0180619a86
    Authentihash SHA25668043583bc2f3fc1ca11458e8b921dce2573afdc04bd20ba85eeb806d884eb6f
    RichPEHeaderHash MD5382c4767d71156621da4d8ab3193017a
    RichPEHeaderHash SHA120e40fd8dd4465dfd940c017e5cb26819d5cbed7
    RichPEHeaderHash SHA256cc76cbedaf6062b99e917cf31a8cce723c854d10d1afd041e4ca85ceabb39c4b
    CompanyAVAST Software
    DescriptionAvast anti rootkit
    ProductAvast Antivirus
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 07c70f7cab145bc1ed385fbe69fa3130
    FieldValue
    ToBeSigned (TBS) MD52e1a5012cbe8b95785c794bc1c5584c3
    ToBeSigned (TBS) SHA1f4753b06b08938794c32c2475cee663143036d08
    ToBeSigned (TBS) SHA256fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
    SubjectC=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
    ValidFrom2016-09-06 00:00:00
    ValidTo2019-10-04 12:00:00
    Signature56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber07c70f7cab145bc1ed385fbe69fa3130
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoThreadToProcess
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • PsInitialSystemProcess
    • IoCreateDevice
    • PsProcessType
    • KeDetachProcess
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • IoBuildDeviceIoControlRequest
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2017-12-12 11:36:29
    MD56212832f13b296ddbc85b24e22edb5ec
    SHA1492a47426b04f00c0d5b711ad8c872aad3aa3a1d
    SHA25614adbf0bc43414a7700e5403100cff7fc6ade50bebfab16a17acf2fdda5a9da8
    Authentihash MD54031a1ee3682bcfb0b50423708cffc54
    Authentihash SHA16f4648a7e5aba2e64d62f00d72da0d5735ebea8a
    Authentihash SHA256e5183eda50e2c42d2ed10c015be87dff774da180928c076e99888b0d6a931df5
    RichPEHeaderHash MD59f01ca8ed93b73533b4b894bfa79f4bd
    RichPEHeaderHash SHA1017d43c1c1f23212519d8de54caf8049bb59aae7
    RichPEHeaderHash SHA256abb9be2d564989154e22b1dc4541f92c7859f64b7417c281aee3656fa0a4979d
    CompanyAVAST Software
    DescriptionAvast anti rootkit
    ProductAvast Antivirus
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 07c70f7cab145bc1ed385fbe69fa3130
    FieldValue
    ToBeSigned (TBS) MD52e1a5012cbe8b95785c794bc1c5584c3
    ToBeSigned (TBS) SHA1f4753b06b08938794c32c2475cee663143036d08
    ToBeSigned (TBS) SHA256fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
    SubjectC=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
    ValidFrom2016-09-06 00:00:00
    ValidTo2019-10-04 12:00:00
    Signature56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber07c70f7cab145bc1ed385fbe69fa3130
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • IoCreateDevice
    • PsProcessType
    • KeDetachProcess
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • IoBuildDeviceIoControlRequest
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2020-10-05 12:20:35
    MD5cc8855fe30a9cdef895177a4cf1a3dad
    SHA107c244739803f60a75d60347c17edc02d5d10b5d
    SHA25617687cba00ec2c9036dd3cb5430aa1f4851e64990dafb4c8f06d88de5283d6ca
    Authentihash MD53e14e8314e37d819e12a94610e0c7efc
    Authentihash SHA1c9e2da8df3086536c3fb8973c1848a39b9074bd1
    Authentihash SHA256a465cfa7a0bd76dfe8f261661d348e25d1a6a3975673336f90878618f2e6c21b
    RichPEHeaderHash MD5e8033ae063a3483aec0d2fa55081ff62
    RichPEHeaderHash SHA1fef047c18b115c601ddfd833e1cb5784ca1afbd7
    RichPEHeaderHash SHA256fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
    CompanyAVAST Software
    DescriptionAvast Anti Rootkit
    ProductAvast Antivirus
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 03f02aca051d1c9330eeabd3706e836f
    FieldValue
    ToBeSigned (TBS) MD5f251d9cde0901fb67831855b4a592b51
    ToBeSigned (TBS) SHA1cd0ac068faea4b875ded287512f20b6ba8dcb457
    ToBeSigned (TBS) SHA256247e040822854e1a4cbc3488782a9e96db6bffa9bdfe36406a46e3f88695d423
    SubjectC=CZ, L=Praha, O=Avast Software s.r.o., OU=RE 999, CN=Avast Software s.r.o.
    ValidFrom2019-12-02 00:00:00
    ValidTo2022-10-19 12:00:00
    Signature874d04f17ffc50e66100207e56ecc8ae7e81c1957a7600295ead9db28842c7c05e06e8e28ccfc1e9d45d7a55d6d4a2fb74d72600a79ef5bfa53acaa4f3a4fcaf90a2554fc37742dd44c83a90880f948f5538637c0d999b03ebbf20cc001293a5639d44ad950cacfce2a337f7a24b817a5b85df89f6acf49974adee1d867373e6534a3f3558e59f87d06afe5744ec575b66c76110a595471007b209c591984f0ff20ea4c87ac405c85f42f0b105b04ec2ced11ca9cfb6aef21a3c6ae9ccd2a9cb4a9f78244751b15bfccb32ec3a52d44258bad6fc6d9f24c24700e9e1c4c0c29b9db4683c526a92934d72367620c6a89119e7a678597d7603c62b1c22f54edfad
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03f02aca051d1c9330eeabd3706e836f
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • __C_specific_handler
    • KeDelayExecutionThread
    • IoAllocateWorkItem
    • MmIsAddressValid
    • MmUnlockPages
    • ExAllocatePool
    • RtlAnsiStringToUnicodeString
    • KeAcquireSpinLockRaiseToDpc
    • ZwQuerySystemInformation
    • PsRemoveLoadImageNotifyRoutine
    • ZwUnmapViewOfSection
    • ZwQuerySymbolicLinkObject
    • MmProbeAndLockPages
    • RtlVolumeDeviceToDosName
    • PsSetLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • ZwReadFile
    • ObQueryNameString
    • ZwOpenThreadTokenEx
    • ZwOpenProcessTokenEx
    • towlower
    • NtBuildNumber
    • ExReleaseFastMutex
    • _wcsicmp
    • _snwprintf
    • RtlConvertSidToUnicodeString
    • ObfDereferenceObject
    • IoAllocateMdl
    • ZwCreateSection
    • ZwQueryInformationProcess
    • PsGetProcessId
    • PsCreateSystemThread
    • ZwQueryInformationThread
    • RtlInitUnicodeString
    • ZwOpenSymbolicLinkObject
    • tolower
    • PsRemoveCreateThreadNotifyRoutine
    • IoDeleteDevice
    • IoBuildDeviceIoControlRequest
    • wcsncpy
    • IoGetDeviceObjectPointer
    • IoGetCurrentProcess
    • ObOpenObjectByPointer
    • strncpy
    • KeReleaseSpinLock
    • _strnicmp
    • IoFileObjectType
    • KeStackAttachProcess
    • PsLookupProcessByProcessId
    • PsGetCurrentProcessId
    • KeSetEvent
    • PsThreadType
    • RtlUnicodeStringToAnsiString
    • ZwQueryInformationToken
    • ZwMapViewOfSection
    • strncmp
    • ObReferenceObjectByHandle
    • RtlGetVersion
    • PsGetThreadId
    • PsGetVersion
    • KeClearEvent
    • IoGetBaseFileSystemDeviceObject
    • wcschr
    • ZwSetInformationFile
    • ZwEnumerateKey
    • IoFreeMdl
    • wcsstr
    • ExAcquireFastMutex
    • MmGetSystemRoutineAddress
    • IoFreeWorkItem
    • _stricmp
    • ExAllocatePoolWithTag
    • RtlInitString
    • IofCallDriver
    • IoDeviceObjectType
    • _snprintf
    • ExFreePoolWithTag
    • ZwOpenFile
    • KeSetSystemAffinityThread
    • strstr
    • KeInitializeEvent
    • ObReferenceObjectByName
    • strchr
    • _wcsnicmp
    • KeQueryActiveProcessors
    • RtlEqualSid
    • IoQueueWorkItem
    • MmUnmapLockedPages
    • MmMapLockedPagesSpecifyCache
    • PsSetCreateThreadNotifyRoutine
    • PsGetCurrentThreadId
    • IofCompleteRequest
    • PsGetProcessWin32Process
    • ExEventObjectType
    • ZwQueryInformationFile
    • KeWaitForSingleObject
    • IoCreateSymbolicLink
    • PsSetCreateProcessNotifyRoutine
    • IoDriverObjectType
    • PsLookupThreadByThreadId
    • IoGetDeviceInterfaces
    • ZwClose
    • PsTerminateSystemThread
    • wcsrchr
    • strrchr
    • SeExports
    • KeUnstackDetachProcess
    • KeResetEvent
    • KeRevertToUserAffinityThread
    • ZwOpenProcess
    • wcsncmp
    • ZwOpenKey
    • PsGetThreadProcess
    • IoDetachDevice
    • IoAttachDeviceToDeviceStackSafe
    • IoThreadToProcess
    • PsInitialSystemProcess
    • IoCreateDevice
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeInitializeDpc
    • KeSetTargetProcessorDpc
    • PsProcessType
    • MmMapIoSpace
    • MmUnmapIoSpace
    • ZwDeleteFile
    • KeAttachProcess
    • KeDetachProcess
    • RtlCompareUnicodeString
    • ZwWriteFile
    • NtClose
    • ObfReferenceObject
    • IoBuildSynchronousFsdRequest
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • IoFreeIrp
    • ZwQueryDirectoryObject
    • KeBugCheck
    • ZwOpenDirectoryObject
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • ZwSetSecurityObject
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlLengthSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • IoIsWdmVersionAvailable
    • RtlSetDaclSecurityDescriptor
    • ZwSetValueKey
    • ZwQueryValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • KeBugCheckEx
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExRegisterCallback
    • ExCreateCallback
    • ExUnregisterCallback
    • strcmp

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2020-08-21 04:32:58
    MD5f83c61adbb154d46dd8f77923aa7e9c3
    SHA1804013a12f2f6ba2e55c4542cbdc50ca01761905
    SHA25619d0fc91b70d7a719f7a28b4ad929f114bf1de94a4c7cba5ad821285a4485da0
    Authentihash MD542a26c6ef3e814bccfb68b994460aa0d
    Authentihash SHA1a8258d25d074281391109908b94130f39f7dbfbf
    Authentihash SHA256968258fe6b307a7887465c7fb0a0b7b45f973b91deb8638af1428d247430d777
    RichPEHeaderHash MD5e8033ae063a3483aec0d2fa55081ff62
    RichPEHeaderHash SHA1fef047c18b115c601ddfd833e1cb5784ca1afbd7
    RichPEHeaderHash SHA256fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
    CompanyAVG Technologies CZ, s.r.o.
    DescriptionAVG Anti Rootkit
    ProductAVG Internet Security System
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03ec0c9015079fab8a6f3fc9f839311c
    FieldValue
    ToBeSigned (TBS) MD5bf2831557abdf7e58917d0a2608080a5
    ToBeSigned (TBS) SHA124ece342e4c4f2f17f32e6924f48c240ad6300ff
    ToBeSigned (TBS) SHA2561afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
    SubjectC=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC, OU=RE 999, CN=AVG Technologies USA, LLC
    ValidFrom2020-01-27 00:00:00
    ValidTo2022-10-20 12:00:00
    Signatureb02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03ec0c9015079fab8a6f3fc9f839311c
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • __C_specific_handler
    • KeDelayExecutionThread
    • IoAllocateWorkItem
    • MmIsAddressValid
    • MmUnlockPages
    • ExAllocatePool
    • RtlAnsiStringToUnicodeString
    • KeAcquireSpinLockRaiseToDpc
    • ZwQuerySystemInformation
    • PsRemoveLoadImageNotifyRoutine
    • ZwUnmapViewOfSection
    • ZwQuerySymbolicLinkObject
    • MmProbeAndLockPages
    • RtlVolumeDeviceToDosName
    • PsSetLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • ZwReadFile
    • ObQueryNameString
    • ZwOpenThreadTokenEx
    • ZwOpenProcessTokenEx
    • towlower
    • NtBuildNumber
    • ExReleaseFastMutex
    • _wcsicmp
    • _snwprintf
    • RtlConvertSidToUnicodeString
    • ObfDereferenceObject
    • IoAllocateMdl
    • ZwCreateSection
    • ZwQueryInformationProcess
    • PsGetProcessId
    • PsCreateSystemThread
    • ZwQueryInformationThread
    • RtlInitUnicodeString
    • ZwOpenSymbolicLinkObject
    • tolower
    • PsRemoveCreateThreadNotifyRoutine
    • IoDeleteDevice
    • IoBuildDeviceIoControlRequest
    • wcsncpy
    • IoGetDeviceObjectPointer
    • IoGetCurrentProcess
    • ObOpenObjectByPointer
    • strncpy
    • KeReleaseSpinLock
    • _strnicmp
    • IoFileObjectType
    • KeStackAttachProcess
    • PsLookupProcessByProcessId
    • PsGetCurrentProcessId
    • KeSetEvent
    • PsThreadType
    • RtlUnicodeStringToAnsiString
    • ZwQueryInformationToken
    • ZwMapViewOfSection
    • strncmp
    • ObReferenceObjectByHandle
    • RtlGetVersion
    • PsGetThreadId
    • PsGetVersion
    • KeClearEvent
    • IoGetBaseFileSystemDeviceObject
    • wcschr
    • ZwSetInformationFile
    • ZwEnumerateKey
    • IoFreeMdl
    • wcsstr
    • ExAcquireFastMutex
    • MmGetSystemRoutineAddress
    • IoFreeWorkItem
    • _stricmp
    • ExAllocatePoolWithTag
    • RtlInitString
    • IofCallDriver
    • IoDeviceObjectType
    • _snprintf
    • ExFreePoolWithTag
    • ZwOpenFile
    • KeSetSystemAffinityThread
    • strstr
    • KeInitializeEvent
    • ObReferenceObjectByName
    • strchr
    • _wcsnicmp
    • KeQueryActiveProcessors
    • RtlEqualSid
    • IoQueueWorkItem
    • MmUnmapLockedPages
    • MmMapLockedPagesSpecifyCache
    • PsSetCreateThreadNotifyRoutine
    • PsGetCurrentThreadId
    • IofCompleteRequest
    • PsGetProcessWin32Process
    • ExEventObjectType
    • ZwQueryInformationFile
    • KeWaitForSingleObject
    • IoCreateSymbolicLink
    • PsSetCreateProcessNotifyRoutine
    • IoDriverObjectType
    • PsLookupThreadByThreadId
    • IoGetDeviceInterfaces
    • ZwClose
    • PsTerminateSystemThread
    • wcsrchr
    • strrchr
    • SeExports
    • KeUnstackDetachProcess
    • KeResetEvent
    • KeRevertToUserAffinityThread
    • ZwOpenProcess
    • wcsncmp
    • ZwOpenKey
    • PsGetThreadProcess
    • IoDetachDevice
    • IoAttachDeviceToDeviceStackSafe
    • IoThreadToProcess
    • PsInitialSystemProcess
    • IoCreateDevice
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeInitializeDpc
    • KeSetTargetProcessorDpc
    • PsProcessType
    • MmMapIoSpace
    • MmUnmapIoSpace
    • ZwDeleteFile
    • KeAttachProcess
    • KeDetachProcess
    • RtlCompareUnicodeString
    • ZwWriteFile
    • NtClose
    • ObfReferenceObject
    • IoBuildSynchronousFsdRequest
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • IoFreeIrp
    • ZwQueryDirectoryObject
    • KeBugCheck
    • ZwOpenDirectoryObject
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • ZwSetSecurityObject
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlLengthSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • IoIsWdmVersionAvailable
    • RtlSetDaclSecurityDescriptor
    • ZwSetValueKey
    • ZwQueryValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • KeBugCheckEx
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExRegisterCallback
    • ExCreateCallback
    • ExUnregisterCallback
    • strcmp

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2019-03-07 03:04:42
    MD5a3af4a4fa6cba27284f8289436c2f074
    SHA1ed3f11383a47710fa840e13a7a9286227fa1474c
    SHA2561a42ebde59e8f63804eaa404f79ee93a16bb33d27fb158c6bfbe6143226899a0
    Authentihash MD57f6e8583009bec91a51d479a2eb8b0e4
    Authentihash SHA185a0622ec6c77df0ce26c11380044039d908869d
    Authentihash SHA256d92b2f58c8fca3d3634b0c20578edd5004df571b29790690c97255e6096442c6
    RichPEHeaderHash MD59626b493680953826324d269e208fa60
    RichPEHeaderHash SHA11a458000e2060911a31fcbed8ad9000b98f54944
    RichPEHeaderHash SHA256ace6a5d1d7b11c6668753f9f17b2bb60f496168179cfd2d50e4e9e66fc41a50f
    CompanyAVAST Software
    DescriptionAvast anti rootkit
    ProductAvast Antivirus
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 07c70f7cab145bc1ed385fbe69fa3130
    FieldValue
    ToBeSigned (TBS) MD52e1a5012cbe8b95785c794bc1c5584c3
    ToBeSigned (TBS) SHA1f4753b06b08938794c32c2475cee663143036d08
    ToBeSigned (TBS) SHA256fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
    SubjectC=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
    ValidFrom2016-09-06 00:00:00
    ValidTo2019-10-04 12:00:00
    Signature56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber07c70f7cab145bc1ed385fbe69fa3130
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • IoBuildDeviceIoControlRequest
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • tolower
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoThreadToProcess
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • PsInitialSystemProcess
    • IoCreateDevice
    • PsProcessType
    • MmUnmapIoSpace
    • KeDetachProcess
    • MmMapIoSpace
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2018-03-28 08:03:49
    MD588d5fc86f0dd3a8b42463f8d5503a570
    SHA1d0452363b41385f6a6778f970f3744dde4701d8f
    SHA2562594b3ef3675ca3a7b465b8ed4962e3251364bab13b12af00ebba7fa2211abb2
    Authentihash MD5beaca8c2a09b87bf9c63febf94f1de1c
    Authentihash SHA13a74bc87abd401e34b291f5118358fef7173af46
    Authentihash SHA2562cd8e9eb8e4754f07fdfc8c3aae4d7fc0d25b346884c3474db35c757d2994b34
    RichPEHeaderHash MD573f94453db44e5265861f0ce8df39fc1
    RichPEHeaderHash SHA16d710be934482758c43d9d19941be5ed522e371f
    RichPEHeaderHash SHA25639835922f0b2a2c24ed5fb74c468f28fc5b2c036c7a219352dc78f7f29ea13c3
    CompanyAVG Technologies CZ, s.r.o.
    DescriptionAVG anti rootkit
    ProductAVG Internet Security System
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 250ce8e030612e9f2b89f7054d7cf8fd
    FieldValue
    ToBeSigned (TBS) MD5918d9eb6a6cd36c531eceb926170a7e1
    ToBeSigned (TBS) SHA10ae95700d65e6f59715aa47048993ca7858e676a
    ToBeSigned (TBS) SHA25647c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
    ValidFrom2006-11-08 00:00:00
    ValidTo2021-11-07 23:59:59
    Signature1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber250ce8e030612e9f2b89f7054d7cf8fd
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3
    Certificate 4b5e1897903602425d3cb25d75c4f4ce
    FieldValue
    ToBeSigned (TBS) MD5d4ce3e543458edafb2db286a26226b5b
    ToBeSigned (TBS) SHA1e1f64883f78595bfbbbb6998babc3eaf8e335749
    ToBeSigned (TBS) SHA25652b100ec65c2b99f058ff89869ced270bf5e6a5db581962a69e073275339e0ae
    SubjectC=NL, ST=North Holland, L=Amsterdam, O=AVG Netherlands B.V., CN=AVG Netherlands B.V.
    ValidFrom2015-07-28 00:00:00
    ValidTo2018-09-25 23:59:59
    Signature6a77df4c2dc0ab59ee02d60398ece3dbed508ef731dfe2d64ecaeb0d78f918776b40e046c00dc921210237c8fe7f91b4f2101334f5f672eed5cc4a21825bd8be18fc38ca8f190e2e83e527aae99e956a9cb6a1fa9f52658e42b9fc5618bf7e644f9aea6af7409233ba6e92bc6ea8c07677f094369af597f236de3ffeec4f2d4191c825e1273bbafa6ecb7846f430655760a92f40de681304dc230eb1513082bd4249e3fdcd01cb82905f21cdf0d1f68f581e76f8bded6332cca3dcabf7d483c5e64255bca86d876454c614d9c14c961df6ce78555b9d61a482497dc36dc41179970a8ae7e5cba9306d14cfa79b59112dfa0bec9cf9f7f63853a833b146dc33d8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber4b5e1897903602425d3cb25d75c4f4ce
    Version3
    Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
    FieldValue
    ToBeSigned (TBS) MD5b30c31a572b0409383ed3fbe17e56e81
    ToBeSigned (TBS) SHA14843a82ed3b1f2bfbee9671960e1940c942f688d
    ToBeSigned (TBS) SHA25603cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber5200e5aa2556fc1a86ed96c9d44b33c7
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • IoCreateDevice
    • PsProcessType
    • KeDetachProcess
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • IoBuildDeviceIoControlRequest
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2018-12-10 07:43:57
    MD5e4d4a22cbf94e6b0a92fc36d46741f56
    SHA11013d5a0fd6074a8c40dbf3a88e3e06fbf3bcf41
    SHA2562732050a7d836ae0bdc5c0aea4cdf8ce205618c3e7f613b8139c176e86476d0c
    Authentihash MD519758f499cc41d3fecb06ee83152e7d6
    Authentihash SHA1bfbb65d893f45a289417b6d45a060759ad4478d5
    Authentihash SHA25662b89fab85cf77b1e6730d2b55b4f9458f368f89d3ca5672d450e3c3365d8c37
    RichPEHeaderHash MD56132f6d32bf124e5f0bbebe21876c5ea
    RichPEHeaderHash SHA115b4ffef2a2b3a862a0eab844af3cfc4b1900d6f
    RichPEHeaderHash SHA2560b8a681dd006525cd3655d98f39d2c65123a186d1781bb2331ae1b0c927d5ee0
    CompanyAVAST Software
    DescriptionAvast anti rootkit
    ProductAvast Antivirus
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 07c70f7cab145bc1ed385fbe69fa3130
    FieldValue
    ToBeSigned (TBS) MD52e1a5012cbe8b95785c794bc1c5584c3
    ToBeSigned (TBS) SHA1f4753b06b08938794c32c2475cee663143036d08
    ToBeSigned (TBS) SHA256fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
    SubjectC=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
    ValidFrom2016-09-06 00:00:00
    ValidTo2019-10-04 12:00:00
    Signature56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber07c70f7cab145bc1ed385fbe69fa3130
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • IoBuildDeviceIoControlRequest
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • tolower
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoThreadToProcess
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • PsInitialSystemProcess
    • IoCreateDevice
    • PsProcessType
    • KeDetachProcess
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2020-12-01 01:05:41
    MD5a22626febc924eb219a953f1ee2b9600
    SHA1f61e56359c663a769073782a0a3ffd3679c2694a
    SHA2562ce81759bfa236913bbbb9b2cbc093140b099486fd002910b18e2c6e31fdc4f1
    Authentihash MD5dbff97e1c14c4c58e54ab1c0a5bfb5dc
    Authentihash SHA18b374284e8269100798b4471a0dae9a70a2f906c
    Authentihash SHA2565512aea158c30e4f52c1e27136c1c803c98388d1d8c7269e497728fd0b57d9f5
    RichPEHeaderHash MD5edc05997bbdab8acd04f275b386ffdab
    RichPEHeaderHash SHA1b47a65e11021476840629d33996069e4638e241c
    RichPEHeaderHash SHA256fe13709d1d6fd5734b2d61d1661e6ac2540c5ee2f4f96e56418d1db86c0bdb20
    CompanyAVG Technologies CZ, s.r.o.
    DescriptionAVG Anti Rootkit
    ProductAVG Internet Security System
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03ec0c9015079fab8a6f3fc9f839311c
    FieldValue
    ToBeSigned (TBS) MD5bf2831557abdf7e58917d0a2608080a5
    ToBeSigned (TBS) SHA124ece342e4c4f2f17f32e6924f48c240ad6300ff
    ToBeSigned (TBS) SHA2561afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
    SubjectC=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC, OU=RE 999, CN=AVG Technologies USA, LLC
    ValidFrom2020-01-27 00:00:00
    ValidTo2022-10-20 12:00:00
    Signatureb02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03ec0c9015079fab8a6f3fc9f839311c
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • __C_specific_handler
    • KeDelayExecutionThread
    • IoAllocateWorkItem
    • MmIsAddressValid
    • MmUnlockPages
    • ExAllocatePool
    • RtlAnsiStringToUnicodeString
    • KeAcquireSpinLockRaiseToDpc
    • ZwQuerySystemInformation
    • PsRemoveLoadImageNotifyRoutine
    • ZwUnmapViewOfSection
    • ZwQuerySymbolicLinkObject
    • MmProbeAndLockPages
    • RtlVolumeDeviceToDosName
    • PsSetLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • ZwReadFile
    • ObQueryNameString
    • IoDetachDevice
    • ZwOpenThreadTokenEx
    • ZwOpenProcessTokenEx
    • towlower
    • NtBuildNumber
    • ExReleaseFastMutex
    • _wcsicmp
    • _snwprintf
    • RtlConvertSidToUnicodeString
    • ObfDereferenceObject
    • IoAllocateMdl
    • ZwCreateSection
    • ZwQueryInformationProcess
    • IoAttachDeviceToDeviceStackSafe
    • PsGetProcessId
    • PsCreateSystemThread
    • ZwQueryInformationThread
    • RtlInitUnicodeString
    • ZwOpenSymbolicLinkObject
    • tolower
    • PsRemoveCreateThreadNotifyRoutine
    • IoDeleteDevice
    • IoBuildDeviceIoControlRequest
    • wcsncpy
    • IoGetDeviceObjectPointer
    • IoGetCurrentProcess
    • ObOpenObjectByPointer
    • strncpy
    • KeReleaseSpinLock
    • _strnicmp
    • IoFileObjectType
    • KeStackAttachProcess
    • PsLookupProcessByProcessId
    • PsGetCurrentProcessId
    • KeSetEvent
    • PsThreadType
    • RtlUnicodeStringToAnsiString
    • ZwQueryInformationToken
    • ZwMapViewOfSection
    • strncmp
    • ObReferenceObjectByHandle
    • RtlGetVersion
    • PsGetThreadId
    • PsGetVersion
    • KeClearEvent
    • IoGetBaseFileSystemDeviceObject
    • wcschr
    • ZwSetInformationFile
    • ZwEnumerateKey
    • IoFreeMdl
    • wcsstr
    • ExAcquireFastMutex
    • MmGetSystemRoutineAddress
    • IoFreeWorkItem
    • _stricmp
    • ExAllocatePoolWithTag
    • RtlInitString
    • IoCreateDevice
    • IofCallDriver
    • IoDeviceObjectType
    • _snprintf
    • ExFreePoolWithTag
    • ZwOpenFile
    • KeSetSystemAffinityThread
    • strstr
    • KeInitializeEvent
    • ObReferenceObjectByName
    • strchr
    • _wcsnicmp
    • KeQueryActiveProcessors
    • RtlEqualSid
    • IoQueueWorkItem
    • MmUnmapLockedPages
    • MmMapLockedPagesSpecifyCache
    • PsSetCreateThreadNotifyRoutine
    • PsGetCurrentThreadId
    • IofCompleteRequest
    • PsGetProcessWin32Process
    • ExEventObjectType
    • ZwQueryInformationFile
    • KeWaitForSingleObject
    • IoCreateSymbolicLink
    • PsSetCreateProcessNotifyRoutine
    • IoDriverObjectType
    • PsLookupThreadByThreadId
    • IoGetDeviceInterfaces
    • ZwClose
    • PsTerminateSystemThread
    • wcsrchr
    • strrchr
    • SeExports
    • KeUnstackDetachProcess
    • KeResetEvent
    • KeRevertToUserAffinityThread
    • ZwOpenProcess
    • wcsncmp
    • ZwOpenKey
    • PsGetThreadProcess
    • IoThreadToProcess
    • PsInitialSystemProcess
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeInitializeDpc
    • KeSetTargetProcessorDpc
    • PsProcessType
    • MmMapIoSpace
    • MmUnmapIoSpace
    • ZwDeleteFile
    • KeAttachProcess
    • KeDetachProcess
    • RtlCompareUnicodeString
    • ZwWriteFile
    • NtClose
    • ObfReferenceObject
    • IoBuildSynchronousFsdRequest
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • IoFreeIrp
    • ZwQueryDirectoryObject
    • KeBugCheck
    • ZwOpenDirectoryObject
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • ZwSetSecurityObject
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlLengthSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • IoIsWdmVersionAvailable
    • RtlSetDaclSecurityDescriptor
    • ZwSetValueKey
    • ZwQueryValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • KeBugCheckEx
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExRegisterCallback
    • ExCreateCallback
    • ExUnregisterCallback
    • strcmp

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2020-06-23 10:34:33
    MD566e0db8a5b0425459d0430547ecbb3db
    SHA17cee31d3aaee8771c872626feedeeb5d09db008c
    SHA25634e0364a4952d914f23f271d36e11161fb6bb7b64aea22ff965a967825a4a4bf
    Authentihash MD5b8a542fc08dd527ce67d711ff876a3db
    Authentihash SHA147edc88c38f2abfbc06a5d7d1b54d14ac93acc22
    Authentihash SHA256f6cb70c945e7b3723de1d334aa2fb97bb8ddb9f68e409deeb9988f446546a57c
    RichPEHeaderHash MD5e8033ae063a3483aec0d2fa55081ff62
    RichPEHeaderHash SHA1fef047c18b115c601ddfd833e1cb5784ca1afbd7
    RichPEHeaderHash SHA256fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
    CompanyAVG Technologies CZ, s.r.o.
    DescriptionAVG Anti Rootkit
    ProductAVG Internet Security System
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03ec0c9015079fab8a6f3fc9f839311c
    FieldValue
    ToBeSigned (TBS) MD5bf2831557abdf7e58917d0a2608080a5
    ToBeSigned (TBS) SHA124ece342e4c4f2f17f32e6924f48c240ad6300ff
    ToBeSigned (TBS) SHA2561afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
    SubjectC=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC, OU=RE 999, CN=AVG Technologies USA, LLC
    ValidFrom2020-01-27 00:00:00
    ValidTo2022-10-20 12:00:00
    Signatureb02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03ec0c9015079fab8a6f3fc9f839311c
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • __C_specific_handler
    • KeDelayExecutionThread
    • IoAllocateWorkItem
    • MmIsAddressValid
    • MmUnlockPages
    • ExAllocatePool
    • RtlAnsiStringToUnicodeString
    • KeAcquireSpinLockRaiseToDpc
    • ZwQuerySystemInformation
    • PsRemoveLoadImageNotifyRoutine
    • ZwUnmapViewOfSection
    • ZwQuerySymbolicLinkObject
    • MmProbeAndLockPages
    • RtlVolumeDeviceToDosName
    • PsSetLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • ZwReadFile
    • ObQueryNameString
    • ZwOpenThreadTokenEx
    • ZwOpenProcessTokenEx
    • towlower
    • NtBuildNumber
    • ExReleaseFastMutex
    • _wcsicmp
    • _snwprintf
    • RtlConvertSidToUnicodeString
    • ObfDereferenceObject
    • IoAllocateMdl
    • ZwCreateSection
    • ZwQueryInformationProcess
    • PsGetProcessId
    • PsCreateSystemThread
    • ZwQueryInformationThread
    • RtlInitUnicodeString
    • ZwOpenSymbolicLinkObject
    • tolower
    • PsRemoveCreateThreadNotifyRoutine
    • IoDeleteDevice
    • IoBuildDeviceIoControlRequest
    • wcsncpy
    • IoGetDeviceObjectPointer
    • IoGetCurrentProcess
    • ObOpenObjectByPointer
    • strncpy
    • KeReleaseSpinLock
    • _strnicmp
    • IoFileObjectType
    • KeStackAttachProcess
    • PsLookupProcessByProcessId
    • PsGetCurrentProcessId
    • KeSetEvent
    • PsThreadType
    • RtlUnicodeStringToAnsiString
    • ZwQueryInformationToken
    • ZwMapViewOfSection
    • strncmp
    • ObReferenceObjectByHandle
    • RtlGetVersion
    • PsGetThreadId
    • PsGetVersion
    • KeClearEvent
    • IoGetBaseFileSystemDeviceObject
    • wcschr
    • ZwSetInformationFile
    • ZwEnumerateKey
    • IoFreeMdl
    • wcsstr
    • ExAcquireFastMutex
    • MmGetSystemRoutineAddress
    • IoFreeWorkItem
    • _stricmp
    • ExAllocatePoolWithTag
    • RtlInitString
    • IofCallDriver
    • IoDeviceObjectType
    • _snprintf
    • ExFreePoolWithTag
    • ZwOpenFile
    • KeSetSystemAffinityThread
    • strstr
    • KeInitializeEvent
    • ObReferenceObjectByName
    • strchr
    • _wcsnicmp
    • KeQueryActiveProcessors
    • RtlEqualSid
    • IoQueueWorkItem
    • MmUnmapLockedPages
    • MmMapLockedPagesSpecifyCache
    • PsSetCreateThreadNotifyRoutine
    • PsGetCurrentThreadId
    • IofCompleteRequest
    • PsGetProcessWin32Process
    • ExEventObjectType
    • ZwQueryInformationFile
    • KeWaitForSingleObject
    • IoCreateSymbolicLink
    • PsSetCreateProcessNotifyRoutine
    • IoDriverObjectType
    • PsLookupThreadByThreadId
    • IoGetDeviceInterfaces
    • ZwClose
    • PsTerminateSystemThread
    • wcsrchr
    • strrchr
    • SeExports
    • KeUnstackDetachProcess
    • KeResetEvent
    • KeRevertToUserAffinityThread
    • ZwOpenProcess
    • wcsncmp
    • ZwOpenKey
    • PsGetThreadProcess
    • IoDetachDevice
    • IoAttachDeviceToDeviceStackSafe
    • IoThreadToProcess
    • PsInitialSystemProcess
    • IoCreateDevice
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeInitializeDpc
    • KeSetTargetProcessorDpc
    • PsProcessType
    • MmMapIoSpace
    • MmUnmapIoSpace
    • ZwDeleteFile
    • KeAttachProcess
    • KeDetachProcess
    • RtlCompareUnicodeString
    • ZwWriteFile
    • NtClose
    • ObfReferenceObject
    • IoBuildSynchronousFsdRequest
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • IoFreeIrp
    • ZwQueryDirectoryObject
    • KeBugCheck
    • ZwOpenDirectoryObject
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • ZwSetSecurityObject
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlLengthSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • IoIsWdmVersionAvailable
    • RtlSetDaclSecurityDescriptor
    • ZwSetValueKey
    • ZwQueryValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • KeBugCheckEx
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExRegisterCallback
    • ExCreateCallback
    • ExUnregisterCallback
    • strcmp

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2020-04-28 12:47:01
    MD5cb31f1b637056a3d374e22865c41e6d9
    SHA124b47ba7179755e3b12a59d55ae6b2c3d2bd1505
    SHA25636e3127f045ef1fa7426a3ff8c441092d3b66923d2b69826034e48306609e289
    Authentihash MD50f3a942c946055cb40ee138ceb5f57d9
    Authentihash SHA12989078f9ab5fc078bf801fcdc49674e3fc1d187
    Authentihash SHA2565af59d6ca109b5cae3350b48b85274ce181e45be4c7f7156bdf58ca3ca7f4188
    RichPEHeaderHash MD55a489fed9ab25dab8eb1e8de57816a5b
    RichPEHeaderHash SHA1e1f992c705eb87c462152c01a8db69d1df44aacb
    RichPEHeaderHash SHA25613fb8d5234772b9e76b9929957aa21c6a9395cc3892f69dcd599f7682daff315
    CompanyAVAST Software
    DescriptionAvast Anti Rootkit
    ProductAvast Antivirus
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 03f02aca051d1c9330eeabd3706e836f
    FieldValue
    ToBeSigned (TBS) MD5f251d9cde0901fb67831855b4a592b51
    ToBeSigned (TBS) SHA1cd0ac068faea4b875ded287512f20b6ba8dcb457
    ToBeSigned (TBS) SHA256247e040822854e1a4cbc3488782a9e96db6bffa9bdfe36406a46e3f88695d423
    SubjectC=CZ, L=Praha, O=Avast Software s.r.o., OU=RE 999, CN=Avast Software s.r.o.
    ValidFrom2019-12-02 00:00:00
    ValidTo2022-10-19 12:00:00
    Signature874d04f17ffc50e66100207e56ecc8ae7e81c1957a7600295ead9db28842c7c05e06e8e28ccfc1e9d45d7a55d6d4a2fb74d72600a79ef5bfa53acaa4f3a4fcaf90a2554fc37742dd44c83a90880f948f5538637c0d999b03ebbf20cc001293a5639d44ad950cacfce2a337f7a24b817a5b85df89f6acf49974adee1d867373e6534a3f3558e59f87d06afe5744ec575b66c76110a595471007b209c591984f0ff20ea4c87ac405c85f42f0b105b04ec2ced11ca9cfb6aef21a3c6ae9ccd2a9cb4a9f78244751b15bfccb32ec3a52d44258bad6fc6d9f24c24700e9e1c4c0c29b9db4683c526a92934d72367620c6a89119e7a678597d7603c62b1c22f54edfad
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03f02aca051d1c9330eeabd3706e836f
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • __C_specific_handler
    • KeDelayExecutionThread
    • IoAllocateWorkItem
    • MmIsAddressValid
    • MmUnlockPages
    • ExAllocatePool
    • RtlAnsiStringToUnicodeString
    • KeAcquireSpinLockRaiseToDpc
    • ZwQuerySystemInformation
    • PsRemoveLoadImageNotifyRoutine
    • ZwUnmapViewOfSection
    • ZwQuerySymbolicLinkObject
    • MmProbeAndLockPages
    • RtlVolumeDeviceToDosName
    • PsSetLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • ZwReadFile
    • ObQueryNameString
    • ZwOpenThreadTokenEx
    • ZwOpenProcessTokenEx
    • towlower
    • NtBuildNumber
    • ExReleaseFastMutex
    • _wcsicmp
    • _snwprintf
    • RtlConvertSidToUnicodeString
    • ObfDereferenceObject
    • IoAllocateMdl
    • ZwCreateSection
    • ZwQueryInformationProcess
    • PsGetProcessId
    • PsCreateSystemThread
    • ZwQueryInformationThread
    • RtlInitUnicodeString
    • ZwOpenSymbolicLinkObject
    • tolower
    • PsRemoveCreateThreadNotifyRoutine
    • IoDeleteDevice
    • IoBuildDeviceIoControlRequest
    • wcsncpy
    • IoGetDeviceObjectPointer
    • IoGetCurrentProcess
    • ObOpenObjectByPointer
    • strncpy
    • KeReleaseSpinLock
    • _strnicmp
    • IoFileObjectType
    • KeStackAttachProcess
    • PsLookupProcessByProcessId
    • PsGetCurrentProcessId
    • KeSetEvent
    • PsThreadType
    • RtlUnicodeStringToAnsiString
    • ZwQueryInformationToken
    • ZwMapViewOfSection
    • strncmp
    • ObReferenceObjectByHandle
    • RtlGetVersion
    • PsGetThreadId
    • PsGetVersion
    • KeClearEvent
    • IoGetBaseFileSystemDeviceObject
    • wcschr
    • ZwSetInformationFile
    • ZwEnumerateKey
    • IoFreeMdl
    • wcsstr
    • ExAcquireFastMutex
    • MmGetSystemRoutineAddress
    • IoFreeWorkItem
    • _stricmp
    • ExAllocatePoolWithTag
    • RtlInitString
    • IofCallDriver
    • IoDeviceObjectType
    • _snprintf
    • ExFreePoolWithTag
    • ZwOpenFile
    • KeSetSystemAffinityThread
    • strstr
    • KeInitializeEvent
    • ObReferenceObjectByName
    • strchr
    • _wcsnicmp
    • KeQueryActiveProcessors
    • RtlEqualSid
    • IoQueueWorkItem
    • MmUnmapLockedPages
    • MmMapLockedPagesSpecifyCache
    • PsSetCreateThreadNotifyRoutine
    • PsGetCurrentThreadId
    • IofCompleteRequest
    • PsGetProcessWin32Process
    • ExEventObjectType
    • ZwQueryInformationFile
    • KeWaitForSingleObject
    • IoCreateSymbolicLink
    • PsSetCreateProcessNotifyRoutine
    • IoDriverObjectType
    • PsLookupThreadByThreadId
    • IoGetDeviceInterfaces
    • ZwClose
    • PsTerminateSystemThread
    • wcsrchr
    • strrchr
    • SeExports
    • KeUnstackDetachProcess
    • KeResetEvent
    • KeRevertToUserAffinityThread
    • ZwOpenProcess
    • wcsncmp
    • ZwOpenKey
    • PsGetThreadProcess
    • IoDetachDevice
    • IoAttachDeviceToDeviceStackSafe
    • IoThreadToProcess
    • PsInitialSystemProcess
    • IoCreateDevice
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeInitializeDpc
    • KeSetTargetProcessorDpc
    • PsProcessType
    • MmMapIoSpace
    • MmUnmapIoSpace
    • ZwDeleteFile
    • KeAttachProcess
    • KeDetachProcess
    • RtlCompareUnicodeString
    • ZwWriteFile
    • NtClose
    • ObfReferenceObject
    • IoBuildSynchronousFsdRequest
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • IoFreeIrp
    • ZwQueryDirectoryObject
    • KeBugCheck
    • ZwOpenDirectoryObject
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • ZwSetSecurityObject
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlLengthSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • IoIsWdmVersionAvailable
    • RtlSetDaclSecurityDescriptor
    • ZwSetValueKey
    • ZwQueryValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • KeBugCheckEx
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExRegisterCallback
    • ExCreateCallback
    • ExUnregisterCallback
    • strcmp

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2020-08-21 04:32:58
    MD5d0a5b98788e480c12afc65ad3e6d4478
    SHA16c445ceb38d5b1212ce2e7498888dd9562a57875
    SHA2563b6e85c8fed9e39b21b2eab0b69bc464272b2c92961510c36e2e2df7aa39861b
    Authentihash MD58bbe86720ded843c4a0023310a403879
    Authentihash SHA12035334476f2c5f82a5e71c04bbf82aa51b2f41b
    Authentihash SHA2564e89a5a25969953961db2a2a1a5c73c8af48f7af169ac3fd098171556bf0854d
    RichPEHeaderHash MD5e8033ae063a3483aec0d2fa55081ff62
    RichPEHeaderHash SHA1fef047c18b115c601ddfd833e1cb5784ca1afbd7
    RichPEHeaderHash SHA256fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
    CompanyAVAST Software
    DescriptionAvast Anti Rootkit
    ProductAvast Antivirus
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 03f02aca051d1c9330eeabd3706e836f
    FieldValue
    ToBeSigned (TBS) MD5f251d9cde0901fb67831855b4a592b51
    ToBeSigned (TBS) SHA1cd0ac068faea4b875ded287512f20b6ba8dcb457
    ToBeSigned (TBS) SHA256247e040822854e1a4cbc3488782a9e96db6bffa9bdfe36406a46e3f88695d423
    SubjectC=CZ, L=Praha, O=Avast Software s.r.o., OU=RE 999, CN=Avast Software s.r.o.
    ValidFrom2019-12-02 00:00:00
    ValidTo2022-10-19 12:00:00
    Signature874d04f17ffc50e66100207e56ecc8ae7e81c1957a7600295ead9db28842c7c05e06e8e28ccfc1e9d45d7a55d6d4a2fb74d72600a79ef5bfa53acaa4f3a4fcaf90a2554fc37742dd44c83a90880f948f5538637c0d999b03ebbf20cc001293a5639d44ad950cacfce2a337f7a24b817a5b85df89f6acf49974adee1d867373e6534a3f3558e59f87d06afe5744ec575b66c76110a595471007b209c591984f0ff20ea4c87ac405c85f42f0b105b04ec2ced11ca9cfb6aef21a3c6ae9ccd2a9cb4a9f78244751b15bfccb32ec3a52d44258bad6fc6d9f24c24700e9e1c4c0c29b9db4683c526a92934d72367620c6a89119e7a678597d7603c62b1c22f54edfad
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03f02aca051d1c9330eeabd3706e836f
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • __C_specific_handler
    • KeDelayExecutionThread
    • IoAllocateWorkItem
    • MmIsAddressValid
    • MmUnlockPages
    • ExAllocatePool
    • RtlAnsiStringToUnicodeString
    • KeAcquireSpinLockRaiseToDpc
    • ZwQuerySystemInformation
    • PsRemoveLoadImageNotifyRoutine
    • ZwUnmapViewOfSection
    • ZwQuerySymbolicLinkObject
    • MmProbeAndLockPages
    • RtlVolumeDeviceToDosName
    • PsSetLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • ZwReadFile
    • ObQueryNameString
    • ZwOpenThreadTokenEx
    • ZwOpenProcessTokenEx
    • towlower
    • NtBuildNumber
    • ExReleaseFastMutex
    • _wcsicmp
    • _snwprintf
    • RtlConvertSidToUnicodeString
    • ObfDereferenceObject
    • IoAllocateMdl
    • ZwCreateSection
    • ZwQueryInformationProcess
    • PsGetProcessId
    • PsCreateSystemThread
    • ZwQueryInformationThread
    • RtlInitUnicodeString
    • ZwOpenSymbolicLinkObject
    • tolower
    • PsRemoveCreateThreadNotifyRoutine
    • IoDeleteDevice
    • IoBuildDeviceIoControlRequest
    • wcsncpy
    • IoGetDeviceObjectPointer
    • IoGetCurrentProcess
    • ObOpenObjectByPointer
    • strncpy
    • KeReleaseSpinLock
    • _strnicmp
    • IoFileObjectType
    • KeStackAttachProcess
    • PsLookupProcessByProcessId
    • PsGetCurrentProcessId
    • KeSetEvent
    • PsThreadType
    • RtlUnicodeStringToAnsiString
    • ZwQueryInformationToken
    • ZwMapViewOfSection
    • strncmp
    • ObReferenceObjectByHandle
    • RtlGetVersion
    • PsGetThreadId
    • PsGetVersion
    • KeClearEvent
    • IoGetBaseFileSystemDeviceObject
    • wcschr
    • ZwSetInformationFile
    • ZwEnumerateKey
    • IoFreeMdl
    • wcsstr
    • ExAcquireFastMutex
    • MmGetSystemRoutineAddress
    • IoFreeWorkItem
    • _stricmp
    • ExAllocatePoolWithTag
    • RtlInitString
    • IofCallDriver
    • IoDeviceObjectType
    • _snprintf
    • ExFreePoolWithTag
    • ZwOpenFile
    • KeSetSystemAffinityThread
    • strstr
    • KeInitializeEvent
    • ObReferenceObjectByName
    • strchr
    • _wcsnicmp
    • KeQueryActiveProcessors
    • RtlEqualSid
    • IoQueueWorkItem
    • MmUnmapLockedPages
    • MmMapLockedPagesSpecifyCache
    • PsSetCreateThreadNotifyRoutine
    • PsGetCurrentThreadId
    • IofCompleteRequest
    • PsGetProcessWin32Process
    • ExEventObjectType
    • ZwQueryInformationFile
    • KeWaitForSingleObject
    • IoCreateSymbolicLink
    • PsSetCreateProcessNotifyRoutine
    • IoDriverObjectType
    • PsLookupThreadByThreadId
    • IoGetDeviceInterfaces
    • ZwClose
    • PsTerminateSystemThread
    • wcsrchr
    • strrchr
    • SeExports
    • KeUnstackDetachProcess
    • KeResetEvent
    • KeRevertToUserAffinityThread
    • ZwOpenProcess
    • wcsncmp
    • ZwOpenKey
    • PsGetThreadProcess
    • IoDetachDevice
    • IoAttachDeviceToDeviceStackSafe
    • IoThreadToProcess
    • PsInitialSystemProcess
    • IoCreateDevice
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeInitializeDpc
    • KeSetTargetProcessorDpc
    • PsProcessType
    • MmMapIoSpace
    • MmUnmapIoSpace
    • ZwDeleteFile
    • KeAttachProcess
    • KeDetachProcess
    • RtlCompareUnicodeString
    • ZwWriteFile
    • NtClose
    • ObfReferenceObject
    • IoBuildSynchronousFsdRequest
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • IoFreeIrp
    • ZwQueryDirectoryObject
    • KeBugCheck
    • ZwOpenDirectoryObject
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • ZwSetSecurityObject
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlLengthSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • IoIsWdmVersionAvailable
    • RtlSetDaclSecurityDescriptor
    • ZwSetValueKey
    • ZwQueryValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • KeBugCheckEx
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExRegisterCallback
    • ExCreateCallback
    • ExUnregisterCallback
    • strcmp

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2018-09-24 07:23:41
    MD584c4d8ae023ca9bb60694fa467141247
    SHA179f1a6f5486523e6d8dcfef696bc949fc767613d
    SHA2564da08c0681fbe028b60a1eaf5cb8890bd3eba4d0e6a8b976495ddcd315e147ba
    Authentihash MD5739b545edae1f711d7c566f740cdc018
    Authentihash SHA1a3eb3e15e851a8744781889ca4e728bb9c67070f
    Authentihash SHA256cd3b38875c8b727f18cec382698624679d6413f02cf33d82a7c93b9595860b6d
    RichPEHeaderHash MD5382c4767d71156621da4d8ab3193017a
    RichPEHeaderHash SHA120e40fd8dd4465dfd940c017e5cb26819d5cbed7
    RichPEHeaderHash SHA256cc76cbedaf6062b99e917cf31a8cce723c854d10d1afd041e4ca85ceabb39c4b
    CompanyAVAST Software
    DescriptionAvast anti rootkit
    ProductAvast Antivirus
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 07c70f7cab145bc1ed385fbe69fa3130
    FieldValue
    ToBeSigned (TBS) MD52e1a5012cbe8b95785c794bc1c5584c3
    ToBeSigned (TBS) SHA1f4753b06b08938794c32c2475cee663143036d08
    ToBeSigned (TBS) SHA256fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
    SubjectC=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
    ValidFrom2016-09-06 00:00:00
    ValidTo2019-10-04 12:00:00
    Signature56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber07c70f7cab145bc1ed385fbe69fa3130
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • IoBuildDeviceIoControlRequest
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoThreadToProcess
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • PsInitialSystemProcess
    • IoCreateDevice
    • PsProcessType
    • KeDetachProcess
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2020-07-23 06:09:55
    MD514add4f16d80595e6e816abf038141e5
    SHA1218e4bbdd5ce810c48b938307d01501c442b75f4
    SHA2565bd41a29cbba0d24e639f49d1f201b9bd119b11f5e3b8a5fefa3a5c6f1e7692c
    Authentihash MD5d81a508b30f8107d9b43c7eef68821b9
    Authentihash SHA1c1c619cdc11eecf093afe9d9a96a3236d1dab348
    Authentihash SHA2560bc755f3e24023d931c637b4c734ae3a4d50567c87fd025114e0520413721751
    RichPEHeaderHash MD5e8033ae063a3483aec0d2fa55081ff62
    RichPEHeaderHash SHA1fef047c18b115c601ddfd833e1cb5784ca1afbd7
    RichPEHeaderHash SHA256fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
    CompanyAVG Technologies CZ, s.r.o.
    DescriptionAVG Anti Rootkit
    ProductAVG Internet Security System
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03ec0c9015079fab8a6f3fc9f839311c
    FieldValue
    ToBeSigned (TBS) MD5bf2831557abdf7e58917d0a2608080a5
    ToBeSigned (TBS) SHA124ece342e4c4f2f17f32e6924f48c240ad6300ff
    ToBeSigned (TBS) SHA2561afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
    SubjectC=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC, OU=RE 999, CN=AVG Technologies USA, LLC
    ValidFrom2020-01-27 00:00:00
    ValidTo2022-10-20 12:00:00
    Signatureb02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03ec0c9015079fab8a6f3fc9f839311c
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • __C_specific_handler
    • KeDelayExecutionThread
    • IoAllocateWorkItem
    • MmIsAddressValid
    • MmUnlockPages
    • ExAllocatePool
    • RtlAnsiStringToUnicodeString
    • KeAcquireSpinLockRaiseToDpc
    • ZwQuerySystemInformation
    • PsRemoveLoadImageNotifyRoutine
    • ZwUnmapViewOfSection
    • ZwQuerySymbolicLinkObject
    • MmProbeAndLockPages
    • RtlVolumeDeviceToDosName
    • PsSetLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • ZwReadFile
    • ObQueryNameString
    • ZwOpenThreadTokenEx
    • ZwOpenProcessTokenEx
    • towlower
    • NtBuildNumber
    • ExReleaseFastMutex
    • _wcsicmp
    • _snwprintf
    • RtlConvertSidToUnicodeString
    • ObfDereferenceObject
    • IoAllocateMdl
    • ZwCreateSection
    • ZwQueryInformationProcess
    • PsGetProcessId
    • PsCreateSystemThread
    • ZwQueryInformationThread
    • RtlInitUnicodeString
    • ZwOpenSymbolicLinkObject
    • tolower
    • PsRemoveCreateThreadNotifyRoutine
    • IoDeleteDevice
    • IoBuildDeviceIoControlRequest
    • wcsncpy
    • IoGetDeviceObjectPointer
    • IoGetCurrentProcess
    • ObOpenObjectByPointer
    • strncpy
    • KeReleaseSpinLock
    • _strnicmp
    • IoFileObjectType
    • KeStackAttachProcess
    • PsLookupProcessByProcessId
    • PsGetCurrentProcessId
    • KeSetEvent
    • PsThreadType
    • RtlUnicodeStringToAnsiString
    • ZwQueryInformationToken
    • ZwMapViewOfSection
    • strncmp
    • ObReferenceObjectByHandle
    • RtlGetVersion
    • PsGetThreadId
    • PsGetVersion
    • KeClearEvent
    • IoGetBaseFileSystemDeviceObject
    • wcschr
    • ZwSetInformationFile
    • ZwEnumerateKey
    • IoFreeMdl
    • wcsstr
    • ExAcquireFastMutex
    • MmGetSystemRoutineAddress
    • IoFreeWorkItem
    • _stricmp
    • ExAllocatePoolWithTag
    • RtlInitString
    • IofCallDriver
    • IoDeviceObjectType
    • _snprintf
    • ExFreePoolWithTag
    • ZwOpenFile
    • KeSetSystemAffinityThread
    • strstr
    • KeInitializeEvent
    • ObReferenceObjectByName
    • strchr
    • _wcsnicmp
    • KeQueryActiveProcessors
    • RtlEqualSid
    • IoQueueWorkItem
    • MmUnmapLockedPages
    • MmMapLockedPagesSpecifyCache
    • PsSetCreateThreadNotifyRoutine
    • PsGetCurrentThreadId
    • IofCompleteRequest
    • PsGetProcessWin32Process
    • ExEventObjectType
    • ZwQueryInformationFile
    • KeWaitForSingleObject
    • IoCreateSymbolicLink
    • PsSetCreateProcessNotifyRoutine
    • IoDriverObjectType
    • PsLookupThreadByThreadId
    • IoGetDeviceInterfaces
    • ZwClose
    • PsTerminateSystemThread
    • wcsrchr
    • strrchr
    • SeExports
    • KeUnstackDetachProcess
    • KeResetEvent
    • KeRevertToUserAffinityThread
    • ZwOpenProcess
    • wcsncmp
    • ZwOpenKey
    • PsGetThreadProcess
    • IoDetachDevice
    • IoAttachDeviceToDeviceStackSafe
    • IoThreadToProcess
    • PsInitialSystemProcess
    • IoCreateDevice
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeInitializeDpc
    • KeSetTargetProcessorDpc
    • PsProcessType
    • MmMapIoSpace
    • MmUnmapIoSpace
    • ZwDeleteFile
    • KeAttachProcess
    • KeDetachProcess
    • RtlCompareUnicodeString
    • ZwWriteFile
    • NtClose
    • ObfReferenceObject
    • IoBuildSynchronousFsdRequest
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • IoFreeIrp
    • ZwQueryDirectoryObject
    • KeBugCheck
    • ZwOpenDirectoryObject
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • ZwSetSecurityObject
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlLengthSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • IoIsWdmVersionAvailable
    • RtlSetDaclSecurityDescriptor
    • ZwSetValueKey
    • ZwQueryValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • KeBugCheckEx
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExRegisterCallback
    • ExCreateCallback
    • ExUnregisterCallback
    • strcmp

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2019-04-30 05:59:06
    MD553bb10742e10991af4ad280fcb134151
    SHA1d6b1b3311263bfb170f2091d22f373c2215051b7
    SHA25665008817eb97635826a8708a6411d7b50f762bab81304e457119d669382944c3
    Authentihash MD504a76d94db489fdaf72161aa467b2acb
    Authentihash SHA157d45edbab6745991e54c3e50f768eb5714a76cd
    Authentihash SHA2569d736f624a306d6e2399778dd92ab7f4f7ab33c6ca0528657bc026214f990a4f
    RichPEHeaderHash MD575b13c227d5208aed34b2687daf4ff12
    RichPEHeaderHash SHA174ea061adc0690a674274c70e479258dff68f6b5
    RichPEHeaderHash SHA25689b1537c5094e9ccb980e1cbc109f742c686ac06078ce71c08767731dbafdc39
    CompanyAVAST Software
    DescriptionAvast anti rootkit
    ProductAvast Antivirus
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 07c70f7cab145bc1ed385fbe69fa3130
    FieldValue
    ToBeSigned (TBS) MD52e1a5012cbe8b95785c794bc1c5584c3
    ToBeSigned (TBS) SHA1f4753b06b08938794c32c2475cee663143036d08
    ToBeSigned (TBS) SHA256fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
    SubjectC=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
    ValidFrom2016-09-06 00:00:00
    ValidTo2019-10-04 12:00:00
    Signature56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber07c70f7cab145bc1ed385fbe69fa3130
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • IoBuildDeviceIoControlRequest
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsGetThreadId
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • tolower
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • PsGetThreadProcess
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • PsGetProcessId
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoThreadToProcess
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • PsInitialSystemProcess
    • IoCreateDevice
    • PsProcessType
    • MmUnmapIoSpace
    • KeDetachProcess
    • MmMapIoSpace
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2019-06-19 22:05:36
    MD5045ef7a39288ba1f4b8d6eca43def44f
    SHA1a0bf00e4ef2b1a79ccf2361c6b303688641ed94c
    SHA2566e0aa67cfdbe27a059cbd066443337f81c5b6d37444d14792d1c765d9d122dcf
    Authentihash MD5ef1a7d935ae5e49c42d632f550e6f5e0
    Authentihash SHA1a62c27dedfb91de6404e2358fdd14b67fdb43767
    Authentihash SHA256596c497e7e405ceb79ba0ba45f993125d88d50fc18867048d0c7a356ebd0c0ed
    RichPEHeaderHash MD575b13c227d5208aed34b2687daf4ff12
    RichPEHeaderHash SHA174ea061adc0690a674274c70e479258dff68f6b5
    RichPEHeaderHash SHA25689b1537c5094e9ccb980e1cbc109f742c686ac06078ce71c08767731dbafdc39
    CompanyAVG Technologies CZ, s.r.o.
    DescriptionAVG anti rootkit
    ProductAVG Internet Security System
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 611cb28a000000000026
    FieldValue
    ToBeSigned (TBS) MD5983a0c315a50542362f2bd6a5d71c8d0
    ToBeSigned (TBS) SHA18047f476001f5cb16a661d2a3fd0c3576168f5e2
    ToBeSigned (TBS) SHA2565f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
    ValidFrom2011-04-15 19:41:37
    ValidTo2021-04-15 19:51:37
    Signature5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611cb28a000000000026
    Version3
    Certificate 0557955e02a6b53dd1d574ede15f310e
    FieldValue
    ToBeSigned (TBS) MD5f9b558280379fbd2ac831a9850ec9c0e
    ToBeSigned (TBS) SHA1c22448dd1388c2011166e2a203fe984bd702f355
    ToBeSigned (TBS) SHA256c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
    SubjectC=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.
    ValidFrom2018-01-30 00:00:00
    ValidTo2021-01-22 12:00:00
    Signature64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0557955e02a6b53dd1d574ede15f310e
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 0fa8490615d700a0be2176fdc5ec6dbd
    FieldValue
    ToBeSigned (TBS) MD5a9a31555bbc92b6033975c5428fb3679
    ToBeSigned (TBS) SHA147f4b9898631773231b32844ec0d49990ac4eb1e
    ToBeSigned (TBS) SHA256c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0fa8490615d700a0be2176fdc5ec6dbd
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • IoBuildDeviceIoControlRequest
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsGetThreadId
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • tolower
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • PsGetThreadProcess
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • PsGetProcessId
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoThreadToProcess
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • PsInitialSystemProcess
    • IoCreateDevice
    • PsProcessType
    • MmUnmapIoSpace
    • KeDetachProcess
    • MmMapIoSpace
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2019-04-30 06:00:34
    MD511dc5523bb559f8d2ce637f6a2b70dea
    SHA10edf51a0fac3b90f6961c2b20bbaeb4ccfc1ea84
    SHA2566fb5bc9c51f6872de116c7db8a2134461743908efc306373f6de59a0646c4f5d
    Authentihash MD50b253942e96233f5999ffea9ac6cc07a
    Authentihash SHA112079ccb38494c101d23667282452f87845868eb
    Authentihash SHA25603a54ad77fc453c9889e170a811d232a305d46fb7f59582d3f1cb234598507a1
    RichPEHeaderHash MD575b13c227d5208aed34b2687daf4ff12
    RichPEHeaderHash SHA174ea061adc0690a674274c70e479258dff68f6b5
    RichPEHeaderHash SHA25689b1537c5094e9ccb980e1cbc109f742c686ac06078ce71c08767731dbafdc39
    CompanyAVG Technologies CZ, s.r.o.
    DescriptionAVG anti rootkit
    ProductAVG Internet Security System
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 611cb28a000000000026
    FieldValue
    ToBeSigned (TBS) MD5983a0c315a50542362f2bd6a5d71c8d0
    ToBeSigned (TBS) SHA18047f476001f5cb16a661d2a3fd0c3576168f5e2
    ToBeSigned (TBS) SHA2565f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
    ValidFrom2011-04-15 19:41:37
    ValidTo2021-04-15 19:51:37
    Signature5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611cb28a000000000026
    Version3
    Certificate 0557955e02a6b53dd1d574ede15f310e
    FieldValue
    ToBeSigned (TBS) MD5f9b558280379fbd2ac831a9850ec9c0e
    ToBeSigned (TBS) SHA1c22448dd1388c2011166e2a203fe984bd702f355
    ToBeSigned (TBS) SHA256c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
    SubjectC=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.
    ValidFrom2018-01-30 00:00:00
    ValidTo2021-01-22 12:00:00
    Signature64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0557955e02a6b53dd1d574ede15f310e
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 0fa8490615d700a0be2176fdc5ec6dbd
    FieldValue
    ToBeSigned (TBS) MD5a9a31555bbc92b6033975c5428fb3679
    ToBeSigned (TBS) SHA147f4b9898631773231b32844ec0d49990ac4eb1e
    ToBeSigned (TBS) SHA256c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0fa8490615d700a0be2176fdc5ec6dbd
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • IoBuildDeviceIoControlRequest
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsGetThreadId
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • tolower
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • PsGetThreadProcess
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • PsGetProcessId
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoThreadToProcess
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • PsInitialSystemProcess
    • IoCreateDevice
    • PsProcessType
    • MmUnmapIoSpace
    • KeDetachProcess
    • MmMapIoSpace
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2020-06-01 01:48:04
    MD59f3b5de6fe46429bed794813c6ae8421
    SHA15236728c7562b047a9371403137a6e169e2026a6
    SHA2567ad0ab23023bc500c3b46f414a8b363c5f8700861bc4745cecc14dd34bcee9ed
    Authentihash MD5e4d36098f543d3e4d5bbe1bd50cc42cd
    Authentihash SHA1e51d18476af7dd376eaaedf2a3533b6fbdab95c0
    Authentihash SHA256c13745de817eb38a092524cd3dae805c8fbde967e635e485243782db955508cc
    RichPEHeaderHash MD56f0b02025c12b8e1130f9d4e2a7eef19
    RichPEHeaderHash SHA19598ea9769e18149497654ec5d20bfc585e43bfd
    RichPEHeaderHash SHA2562cbb75695a831c017d18fd2c0446a087ce3f11c1333658a42e84d1384a738a4b
    CompanyAVAST Software
    DescriptionAvast Anti Rootkit
    ProductAvast Antivirus
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 03f02aca051d1c9330eeabd3706e836f
    FieldValue
    ToBeSigned (TBS) MD5f251d9cde0901fb67831855b4a592b51
    ToBeSigned (TBS) SHA1cd0ac068faea4b875ded287512f20b6ba8dcb457
    ToBeSigned (TBS) SHA256247e040822854e1a4cbc3488782a9e96db6bffa9bdfe36406a46e3f88695d423
    SubjectC=CZ, L=Praha, O=Avast Software s.r.o., OU=RE 999, CN=Avast Software s.r.o.
    ValidFrom2019-12-02 00:00:00
    ValidTo2022-10-19 12:00:00
    Signature874d04f17ffc50e66100207e56ecc8ae7e81c1957a7600295ead9db28842c7c05e06e8e28ccfc1e9d45d7a55d6d4a2fb74d72600a79ef5bfa53acaa4f3a4fcaf90a2554fc37742dd44c83a90880f948f5538637c0d999b03ebbf20cc001293a5639d44ad950cacfce2a337f7a24b817a5b85df89f6acf49974adee1d867373e6534a3f3558e59f87d06afe5744ec575b66c76110a595471007b209c591984f0ff20ea4c87ac405c85f42f0b105b04ec2ced11ca9cfb6aef21a3c6ae9ccd2a9cb4a9f78244751b15bfccb32ec3a52d44258bad6fc6d9f24c24700e9e1c4c0c29b9db4683c526a92934d72367620c6a89119e7a678597d7603c62b1c22f54edfad
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03f02aca051d1c9330eeabd3706e836f
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • ZwQuerySymbolicLinkObject
    • MmProbeAndLockPages
    • RtlVolumeDeviceToDosName
    • PsSetLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • ZwReadFile
    • ObQueryNameString
    • ZwOpenThreadTokenEx
    • ZwOpenProcessTokenEx
    • towlower
    • NtBuildNumber
    • _wcsicmp
    • KeGetCurrentThread
    • _snwprintf
    • RtlConvertSidToUnicodeString
    • ObfDereferenceObject
    • IoAllocateMdl
    • ZwCreateSection
    • ZwQueryInformationProcess
    • PsGetProcessId
    • PsCreateSystemThread
    • ZwQueryInformationThread
    • RtlInitUnicodeString
    • ZwOpenSymbolicLinkObject
    • PsRemoveCreateThreadNotifyRoutine
    • IoDeleteDevice
    • wcsncpy
    • IoGetDeviceObjectPointer
    • IoGetCurrentProcess
    • ObOpenObjectByPointer
    • strncpy
    • _strnicmp
    • IoFileObjectType
    • KeStackAttachProcess
    • PsLookupProcessByProcessId
    • PsGetCurrentProcessId
    • KeSetEvent
    • PsThreadType
    • RtlUnicodeStringToAnsiString
    • ZwQueryInformationToken
    • ZwMapViewOfSection
    • strncmp
    • ObReferenceObjectByHandle
    • PsGetThreadId
    • PsGetVersion
    • KeClearEvent
    • IoGetBaseFileSystemDeviceObject
    • wcschr
    • ZwSetInformationFile
    • ZwEnumerateKey
    • IoFreeMdl
    • wcsstr
    • MmGetSystemRoutineAddress
    • IoFreeWorkItem
    • _stricmp
    • ExAllocatePoolWithTag
    • RtlInitString
    • IofCallDriver
    • KeQuerySystemTime
    • IoDeviceObjectType
    • _snprintf
    • ExFreePoolWithTag
    • ZwOpenFile
    • KeSetSystemAffinityThread
    • strstr
    • KeInitializeEvent
    • ObReferenceObjectByName
    • strchr
    • _wcsnicmp
    • KeQueryActiveProcessors
    • RtlEqualSid
    • IoQueueWorkItem
    • MmUnmapLockedPages
    • MmMapLockedPagesSpecifyCache
    • PsSetCreateThreadNotifyRoutine
    • ZwUnmapViewOfSection
    • IofCompleteRequest
    • PsGetProcessWin32Process
    • ExEventObjectType
    • ZwQueryInformationFile
    • KeWaitForSingleObject
    • IoCreateSymbolicLink
    • PsSetCreateProcessNotifyRoutine
    • IoDriverObjectType
    • PsLookupThreadByThreadId
    • IoGetDeviceInterfaces
    • ZwClose
    • PsTerminateSystemThread
    • wcsrchr
    • strrchr
    • SeExports
    • KeUnstackDetachProcess
    • KeResetEvent
    • KeRevertToUserAffinityThread
    • ZwOpenProcess
    • wcsncmp
    • ZwOpenKey
    • PsGetThreadProcess
    • IoDetachDevice
    • IoAttachDeviceToDeviceStackSafe
    • IoThreadToProcess
    • PsInitialSystemProcess
    • IoCreateDevice
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeInitializeDpc
    • IoBuildDeviceIoControlRequest
    • KeSetTargetProcessorDpc
    • PsProcessType
    • MmMapIoSpace
    • MmUnmapIoSpace
    • ZwDeleteFile
    • KeAttachProcess
    • KeDetachProcess
    • RtlCompareUnicodeString
    • KeBugCheckEx
    • ZwWriteFile
    • NtClose
    • ObfReferenceObject
    • IoBuildSynchronousFsdRequest
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • IoFreeIrp
    • ZwQueryDirectoryObject
    • KeBugCheck
    • ZwOpenDirectoryObject
    • IoAllocateIrp
    • RtlUnwind
    • ZwSetSecurityObject
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlLengthSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • IoIsWdmVersionAvailable
    • RtlSetDaclSecurityDescriptor
    • memcpy
    • memset
    • ZwSetValueKey
    • ZwQueryValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • PsRemoveLoadImageNotifyRoutine
    • ZwQuerySystemInformation
    • RtlAnsiStringToUnicodeString
    • ExAllocatePool
    • MmUnlockPages
    • MmIsAddressValid
    • IoAllocateWorkItem
    • PsGetCurrentThreadId
    • KeDelayExecutionThread
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExRegisterCallback
    • ExCreateCallback
    • ExUnregisterCallback
    • KfLowerIrql
    • ExAcquireFastMutex
    • KfAcquireSpinLock
    • KfReleaseSpinLock
    • ExReleaseFastMutex
    • KeGetCurrentIrql
    • KeRaiseIrqlToDpcLevel
    • KfRaiseIrql

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rwtext
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2017-12-19 11:09:16
    MD5f0aeb731d83f7ab6008c92c97faf6233
    SHA1aaffdc89befa42e375f822366bbded8c245baf94
    SHA2567d43769b353d63093228a59eb19bba87ce6b552d7e1a99bf34a54eee641aa0ea
    Authentihash MD5444a4760f447dafc01a359829e17dcab
    Authentihash SHA183f7c19b66f53302e371d9f0987fc4adc37b1e46
    Authentihash SHA256c8b5fddf52551259d7d936283aa4fdc4579c5e4b030a11267496cdbdc143e15b
    RichPEHeaderHash MD59f01ca8ed93b73533b4b894bfa79f4bd
    RichPEHeaderHash SHA1017d43c1c1f23212519d8de54caf8049bb59aae7
    RichPEHeaderHash SHA256abb9be2d564989154e22b1dc4541f92c7859f64b7417c281aee3656fa0a4979d
    CompanyAVG Technologies CZ, s.r.o.
    DescriptionAVG anti rootkit
    ProductAVG Internet Security System
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 250ce8e030612e9f2b89f7054d7cf8fd
    FieldValue
    ToBeSigned (TBS) MD5918d9eb6a6cd36c531eceb926170a7e1
    ToBeSigned (TBS) SHA10ae95700d65e6f59715aa47048993ca7858e676a
    ToBeSigned (TBS) SHA25647c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
    ValidFrom2006-11-08 00:00:00
    ValidTo2021-11-07 23:59:59
    Signature1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber250ce8e030612e9f2b89f7054d7cf8fd
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3
    Certificate 266d333ede17a8b472053e4fa3934572
    FieldValue
    ToBeSigned (TBS) MD556b59f4aab381d13396d1c100a2f46dc
    ToBeSigned (TBS) SHA116943ddbd3b569119a81be71548717abd03f1736
    ToBeSigned (TBS) SHA25665aa0decb458c1c34aea982ea1cfbb6cc2228a07641251e2190f29c633aed21b
    SubjectC=CZ, ST=Jihomoravsky kraj, L=Brno, O=AVG Technologies CZ, s.r.o., CN=AVG Technologies CZ, s.r.o.
    ValidFrom2014-10-22 00:00:00
    ValidTo2018-01-20 23:59:59
    Signature3d93ae390468d2f9d7dae44754afe395ca0a9dae3e2e78d96f1fb865662d5336479c70f7f75dd2e478dfeee4afd56418f03491e2758d3b9907892a1d5425ce69fd560ab580589451c26ccb281b08eac55d446d391de4d1eb3b6161ee879927ef9e700c1e827957ebfd201eda47fdf3cbeeec5a61fdad2496055d39804d3525a9fdf1fb15d54f5d7089daebde48a226a4532d815ca0b98808cf072975df3756f8bb5fd97ec97877b6243dc33ae787cae89da9419da2d818ff892179a561b4e3208acfd7b956eeaa3396d91f36cba96269abbc0a54764daab47ada4589de2e318dc0ae82ffa7aa327cc73b42f84e472a834c804f77a3883600e0bd8faf126d7d82
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber266d333ede17a8b472053e4fa3934572
    Version3
    Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
    FieldValue
    ToBeSigned (TBS) MD5b30c31a572b0409383ed3fbe17e56e81
    ToBeSigned (TBS) SHA14843a82ed3b1f2bfbee9671960e1940c942f688d
    ToBeSigned (TBS) SHA25603cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber5200e5aa2556fc1a86ed96c9d44b33c7
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • IoCreateDevice
    • PsProcessType
    • KeDetachProcess
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • IoBuildDeviceIoControlRequest
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2018-11-02 05:51:13
    MD5700d6a0331befd4ed9cfbb3234b335e7
    SHA1c1a5aacf05c00080e04d692a99c46ab445bf8b6e
    SHA25686a1b1bacc0c51332c9979e6aad84b5fba335df6b9a096ccb7681ab0779a8882
    Authentihash MD5200e978d48ef267fa8fe5eef7fe798b8
    Authentihash SHA1f7979e778214d8d32844e6b65b8f4a56c3a12354
    Authentihash SHA2566c919efdad21b7d9884903b9d539fbb50dc418ff2c2753c12b35b9ace4c96d73
    RichPEHeaderHash MD5382c4767d71156621da4d8ab3193017a
    RichPEHeaderHash SHA120e40fd8dd4465dfd940c017e5cb26819d5cbed7
    RichPEHeaderHash SHA256cc76cbedaf6062b99e917cf31a8cce723c854d10d1afd041e4ca85ceabb39c4b
    CompanyAVAST Software
    DescriptionAvast anti rootkit
    ProductAvast Antivirus
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 07c70f7cab145bc1ed385fbe69fa3130
    FieldValue
    ToBeSigned (TBS) MD52e1a5012cbe8b95785c794bc1c5584c3
    ToBeSigned (TBS) SHA1f4753b06b08938794c32c2475cee663143036d08
    ToBeSigned (TBS) SHA256fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
    SubjectC=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
    ValidFrom2016-09-06 00:00:00
    ValidTo2019-10-04 12:00:00
    Signature56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber07c70f7cab145bc1ed385fbe69fa3130
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • IoBuildDeviceIoControlRequest
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoThreadToProcess
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • PsInitialSystemProcess
    • IoCreateDevice
    • PsProcessType
    • KeDetachProcess
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2019-08-11 14:14:15
    MD59eb524c5f92e5b80374b8261292fdeb5
    SHA180ea425e193bd0e05161e8e1dc34fb0eae5f9017
    SHA2568cfd5b2102fbc77018c7fe6019ec15f07da497f6d73c32a31f4ba07e67ec85d9
    Authentihash MD5996cd1b1cf33931bfaf2217e22fc82f0
    Authentihash SHA1ba761efd5a552ccdd4363277acf95cd54b9dff4c
    Authentihash SHA2563b38427f167fde644868a62f0aa1ed03790137905c97024ac21729fa6153eca2
    RichPEHeaderHash MD575b13c227d5208aed34b2687daf4ff12
    RichPEHeaderHash SHA174ea061adc0690a674274c70e479258dff68f6b5
    RichPEHeaderHash SHA25689b1537c5094e9ccb980e1cbc109f742c686ac06078ce71c08767731dbafdc39
    CompanyAVG Technologies CZ, s.r.o.
    DescriptionAVG anti rootkit
    ProductAVG Internet Security System
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 611cb28a000000000026
    FieldValue
    ToBeSigned (TBS) MD5983a0c315a50542362f2bd6a5d71c8d0
    ToBeSigned (TBS) SHA18047f476001f5cb16a661d2a3fd0c3576168f5e2
    ToBeSigned (TBS) SHA2565f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
    ValidFrom2011-04-15 19:41:37
    ValidTo2021-04-15 19:51:37
    Signature5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611cb28a000000000026
    Version3
    Certificate 0557955e02a6b53dd1d574ede15f310e
    FieldValue
    ToBeSigned (TBS) MD5f9b558280379fbd2ac831a9850ec9c0e
    ToBeSigned (TBS) SHA1c22448dd1388c2011166e2a203fe984bd702f355
    ToBeSigned (TBS) SHA256c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
    SubjectC=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.
    ValidFrom2018-01-30 00:00:00
    ValidTo2021-01-22 12:00:00
    Signature64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0557955e02a6b53dd1d574ede15f310e
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 0fa8490615d700a0be2176fdc5ec6dbd
    FieldValue
    ToBeSigned (TBS) MD5a9a31555bbc92b6033975c5428fb3679
    ToBeSigned (TBS) SHA147f4b9898631773231b32844ec0d49990ac4eb1e
    ToBeSigned (TBS) SHA256c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0fa8490615d700a0be2176fdc5ec6dbd
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • IoBuildDeviceIoControlRequest
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsGetThreadId
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • tolower
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • PsGetThreadProcess
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • PsGetProcessId
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoThreadToProcess
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • PsInitialSystemProcess
    • IoCreateDevice
    • PsProcessType
    • MmUnmapIoSpace
    • KeDetachProcess
    • MmMapIoSpace
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2020-06-01 01:48:53
    MD59496585198d726000ea505abc39dbfe9
    SHA119977d45e98b48c901596fb0a49a7623cee4c782
    SHA25694911fe6f2aba9683b10353094caf71ee4a882de63b4620797629d79f18feec5
    Authentihash MD5e7f217b2e9cafd1fd529fac02570b6ba
    Authentihash SHA1172b630f5d54c70ce0ee43cf1afdbb6f488eb4b7
    Authentihash SHA2562537f2ad83f5efc841ed75081d5dfffeb04eea92abfb9844adc091ff2a671b56
    RichPEHeaderHash MD5e8033ae063a3483aec0d2fa55081ff62
    RichPEHeaderHash SHA1fef047c18b115c601ddfd833e1cb5784ca1afbd7
    RichPEHeaderHash SHA256fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
    CompanyAVG Technologies CZ, s.r.o.
    DescriptionAVG Anti Rootkit
    ProductAVG Internet Security System
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03ec0c9015079fab8a6f3fc9f839311c
    FieldValue
    ToBeSigned (TBS) MD5bf2831557abdf7e58917d0a2608080a5
    ToBeSigned (TBS) SHA124ece342e4c4f2f17f32e6924f48c240ad6300ff
    ToBeSigned (TBS) SHA2561afa061865098b2da9d030bc9f5815ad98e59fa847903692e52d6ba0bbf260dd
    SubjectC=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, LLC, OU=RE 999, CN=AVG Technologies USA, LLC
    ValidFrom2020-01-27 00:00:00
    ValidTo2022-10-20 12:00:00
    Signatureb02cbaf178caf97fa7c0182c25b4c97d4e68127e4d5634609757bcbc051eb94254bb50e112e72505e7f9c6dbd92622287bacbcd726fa911b3b3e36ccc88f8794e980c0b0409efc87fb04d88a15df20dedb23ced152779b799359e4d3b553eb4c6c6ea61216899a0d9cc97de7f7e21ce374d5430e2dcfbb3b6f653db2d236f59bb22bd65e0787a65610c4fde1463a5be08e4710fb4e1ae7c00080edb315995b06297431ce4a9821d1050aa7061ef26c182482d09ba42001ab103c882c01f312411130490aa7820ff72902e723a864b881066e2d7883afdb5ba9d3027550f6a3761669e42b425ad61f76e2add3dd012558bd769b76f8f37843243dfbd0a2efa363
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03ec0c9015079fab8a6f3fc9f839311c
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • __C_specific_handler
    • KeDelayExecutionThread
    • IoAllocateWorkItem
    • MmIsAddressValid
    • MmUnlockPages
    • ExAllocatePool
    • RtlAnsiStringToUnicodeString
    • KeAcquireSpinLockRaiseToDpc
    • ZwQuerySystemInformation
    • PsRemoveLoadImageNotifyRoutine
    • ZwUnmapViewOfSection
    • ZwQuerySymbolicLinkObject
    • MmProbeAndLockPages
    • RtlVolumeDeviceToDosName
    • PsSetLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • ZwReadFile
    • ObQueryNameString
    • ZwOpenThreadTokenEx
    • ZwOpenProcessTokenEx
    • towlower
    • NtBuildNumber
    • ExReleaseFastMutex
    • _wcsicmp
    • _snwprintf
    • RtlConvertSidToUnicodeString
    • ObfDereferenceObject
    • IoAllocateMdl
    • ZwCreateSection
    • ZwQueryInformationProcess
    • PsGetProcessId
    • PsCreateSystemThread
    • ZwQueryInformationThread
    • RtlInitUnicodeString
    • ZwOpenSymbolicLinkObject
    • tolower
    • PsRemoveCreateThreadNotifyRoutine
    • IoDeleteDevice
    • IoBuildDeviceIoControlRequest
    • wcsncpy
    • IoGetDeviceObjectPointer
    • IoGetCurrentProcess
    • ObOpenObjectByPointer
    • strncpy
    • KeReleaseSpinLock
    • _strnicmp
    • IoFileObjectType
    • KeStackAttachProcess
    • PsLookupProcessByProcessId
    • PsGetCurrentProcessId
    • KeSetEvent
    • PsThreadType
    • RtlUnicodeStringToAnsiString
    • ZwQueryInformationToken
    • ZwMapViewOfSection
    • strncmp
    • ObReferenceObjectByHandle
    • RtlGetVersion
    • PsGetThreadId
    • PsGetVersion
    • KeClearEvent
    • IoGetBaseFileSystemDeviceObject
    • wcschr
    • ZwSetInformationFile
    • ZwEnumerateKey
    • IoFreeMdl
    • wcsstr
    • ExAcquireFastMutex
    • MmGetSystemRoutineAddress
    • IoFreeWorkItem
    • _stricmp
    • ExAllocatePoolWithTag
    • RtlInitString
    • IofCallDriver
    • IoDeviceObjectType
    • _snprintf
    • ExFreePoolWithTag
    • ZwOpenFile
    • KeSetSystemAffinityThread
    • strstr
    • KeInitializeEvent
    • ObReferenceObjectByName
    • strchr
    • _wcsnicmp
    • KeQueryActiveProcessors
    • RtlEqualSid
    • IoQueueWorkItem
    • MmUnmapLockedPages
    • MmMapLockedPagesSpecifyCache
    • PsSetCreateThreadNotifyRoutine
    • PsGetCurrentThreadId
    • IofCompleteRequest
    • PsGetProcessWin32Process
    • ExEventObjectType
    • ZwQueryInformationFile
    • KeWaitForSingleObject
    • IoCreateSymbolicLink
    • PsSetCreateProcessNotifyRoutine
    • IoDriverObjectType
    • PsLookupThreadByThreadId
    • IoGetDeviceInterfaces
    • ZwClose
    • PsTerminateSystemThread
    • wcsrchr
    • strrchr
    • SeExports
    • KeUnstackDetachProcess
    • KeResetEvent
    • KeRevertToUserAffinityThread
    • ZwOpenProcess
    • wcsncmp
    • ZwOpenKey
    • PsGetThreadProcess
    • IoDetachDevice
    • IoAttachDeviceToDeviceStackSafe
    • IoThreadToProcess
    • PsInitialSystemProcess
    • IoCreateDevice
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeInitializeDpc
    • KeSetTargetProcessorDpc
    • PsProcessType
    • MmMapIoSpace
    • MmUnmapIoSpace
    • ZwDeleteFile
    • KeAttachProcess
    • KeDetachProcess
    • RtlCompareUnicodeString
    • ZwWriteFile
    • NtClose
    • ObfReferenceObject
    • IoBuildSynchronousFsdRequest
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • IoFreeIrp
    • ZwQueryDirectoryObject
    • KeBugCheck
    • ZwOpenDirectoryObject
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • ZwSetSecurityObject
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlLengthSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • IoIsWdmVersionAvailable
    • RtlSetDaclSecurityDescriptor
    • ZwSetValueKey
    • ZwQueryValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • KeBugCheckEx
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExRegisterCallback
    • ExCreateCallback
    • ExUnregisterCallback
    • strcmp

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2018-12-10 07:58:34
    MD5ceac1347acae9ad9496d4b0593256522
    SHA136a6f75f05ac348af357fdecbabe1a184fe8d315
    SHA2569a54ef5cfbe6db599322967ee2c84db7daabcb468be10a3ccfcaa0f64d9173c7
    Authentihash MD5d09a1bf39b8055fc11ac2bad634f36c5
    Authentihash SHA13016bec15d07a845d6cf40aafbd4d63a06c403f2
    Authentihash SHA2569e309324897edf07776adbb2b05252d7a2ad8140c6636bc28a5050e4ea183d40
    RichPEHeaderHash MD56132f6d32bf124e5f0bbebe21876c5ea
    RichPEHeaderHash SHA115b4ffef2a2b3a862a0eab844af3cfc4b1900d6f
    RichPEHeaderHash SHA2560b8a681dd006525cd3655d98f39d2c65123a186d1781bb2331ae1b0c927d5ee0
    CompanyAVG Technologies CZ, s.r.o.
    DescriptionAVG anti rootkit
    ProductAVG Internet Security System
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 611cb28a000000000026
    FieldValue
    ToBeSigned (TBS) MD5983a0c315a50542362f2bd6a5d71c8d0
    ToBeSigned (TBS) SHA18047f476001f5cb16a661d2a3fd0c3576168f5e2
    ToBeSigned (TBS) SHA2565f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
    ValidFrom2011-04-15 19:41:37
    ValidTo2021-04-15 19:51:37
    Signature5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611cb28a000000000026
    Version3
    Certificate 0557955e02a6b53dd1d574ede15f310e
    FieldValue
    ToBeSigned (TBS) MD5f9b558280379fbd2ac831a9850ec9c0e
    ToBeSigned (TBS) SHA1c22448dd1388c2011166e2a203fe984bd702f355
    ToBeSigned (TBS) SHA256c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
    SubjectC=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.
    ValidFrom2018-01-30 00:00:00
    ValidTo2021-01-22 12:00:00
    Signature64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0557955e02a6b53dd1d574ede15f310e
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 0fa8490615d700a0be2176fdc5ec6dbd
    FieldValue
    ToBeSigned (TBS) MD5a9a31555bbc92b6033975c5428fb3679
    ToBeSigned (TBS) SHA147f4b9898631773231b32844ec0d49990ac4eb1e
    ToBeSigned (TBS) SHA256c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0fa8490615d700a0be2176fdc5ec6dbd
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • IoBuildDeviceIoControlRequest
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • tolower
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoThreadToProcess
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • PsInitialSystemProcess
    • IoCreateDevice
    • PsProcessType
    • KeDetachProcess
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2019-01-30 13:27:34
    MD535c8fdf881909fa28c92b1c2741ac60b
    SHA1d942dac4033dcd681161181d50ce3661d1e12b96
    SHA256a2f45d95d54f4e110b577e621fefa0483fa0e3dcca14c500c298fb9209e491c1
    Authentihash MD5e56d6c4be652c01f178ecef18428f567
    Authentihash SHA1816088e3f2c6e3be17abe236bc905acc10733fda
    Authentihash SHA25611f0f2395b3e7a9849bf3f050bfda6b48ae2de856d8541a16b51d9097afb8306
    RichPEHeaderHash MD5d35f2d33b54b350bbf39cbac221c6154
    RichPEHeaderHash SHA1e101b17cd430037f7f7a190f31271340e96fc272
    RichPEHeaderHash SHA256b97429cb64da49991e6729b0342b0a9a67edb37ad01c1199191203097aba8631
    CompanyAVG Technologies CZ, s.r.o.
    DescriptionAVG anti rootkit
    ProductAVG Internet Security System
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 611cb28a000000000026
    FieldValue
    ToBeSigned (TBS) MD5983a0c315a50542362f2bd6a5d71c8d0
    ToBeSigned (TBS) SHA18047f476001f5cb16a661d2a3fd0c3576168f5e2
    ToBeSigned (TBS) SHA2565f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
    ValidFrom2011-04-15 19:41:37
    ValidTo2021-04-15 19:51:37
    Signature5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611cb28a000000000026
    Version3
    Certificate 0557955e02a6b53dd1d574ede15f310e
    FieldValue
    ToBeSigned (TBS) MD5f9b558280379fbd2ac831a9850ec9c0e
    ToBeSigned (TBS) SHA1c22448dd1388c2011166e2a203fe984bd702f355
    ToBeSigned (TBS) SHA256c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
    SubjectC=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.
    ValidFrom2018-01-30 00:00:00
    ValidTo2021-01-22 12:00:00
    Signature64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0557955e02a6b53dd1d574ede15f310e
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 0fa8490615d700a0be2176fdc5ec6dbd
    FieldValue
    ToBeSigned (TBS) MD5a9a31555bbc92b6033975c5428fb3679
    ToBeSigned (TBS) SHA147f4b9898631773231b32844ec0d49990ac4eb1e
    ToBeSigned (TBS) SHA256c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0fa8490615d700a0be2176fdc5ec6dbd
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • wcsrchr
    • towlower
    • MmGetSystemRoutineAddress
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • MmIsAddressValid
    • RtlAnsiStringToUnicodeString
    • strncmp
    • MmUnlockPages
    • MmUnmapLockedPages
    • IoFreeMdl
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • ObfDereferenceObject
    • ObReferenceObjectByName
    • IoDriverObjectType
    • _snwprintf
    • ZwClose
    • IoGetBaseFileSystemDeviceObject
    • ObReferenceObjectByHandle
    • ZwOpenFile
    • ExFreePoolWithTag
    • ZwReadFile
    • ExAllocatePoolWithTag
    • ZwSetInformationFile
    • ZwQueryInformationFile
    • PsLookupProcessByProcessId
    • KeSetEvent
    • KeResetEvent
    • ZwMapViewOfSection
    • ZwCreateSection
    • ZwUnmapViewOfSection
    • KeRevertToUserAffinityThread
    • KeSetSystemAffinityThread
    • KeQueryActiveProcessors
    • _snprintf
    • memset
    • ZwQuerySystemInformation
    • ZwQueryInformationProcess
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • PsThreadType
    • PsLookupThreadByThreadId
    • KeUnstackDetachProcess
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeWaitForSingleObject
    • KeClearEvent
    • KeQuerySystemTime
    • ZwEnumerateKey
    • ZwOpenKey
    • IoFreeWorkItem
    • IoQueueWorkItem
    • IoAllocateWorkItem
    • strchr
    • strrchr
    • strstr
    • PsGetCurrentProcessId
    • _alldiv
    • ZwQuerySymbolicLinkObject
    • ZwOpenSymbolicLinkObject
    • RtlVolumeDeviceToDosName
    • IoGetDeviceObjectPointer
    • wcsncpy
    • wcsncmp
    • IoGetDeviceInterfaces
    • _stricmp
    • strncpy
    • IoGetCurrentProcess
    • RtlInitString
    • ZwOpenThreadTokenEx
    • ZwOpenProcessTokenEx
    • RtlConvertSidToUnicodeString
    • RtlEqualSid
    • SeExports
    • ZwQueryInformationToken
    • PsGetCurrentThreadId
    • ExEventObjectType
    • NtBuildNumber
    • IoFileObjectType
    • IoDeviceObjectType
    • PsSetLoadImageNotifyRoutine
    • PsSetCreateProcessNotifyRoutine
    • PsGetProcessWin32Process
    • ExAllocatePool
    • PsTerminateSystemThread
    • PsCreateSystemThread
    • ObQueryNameString
    • _allmul
    • PsSetCreateThreadNotifyRoutine
    • PsRemoveCreateThreadNotifyRoutine
    • PsRemoveLoadImageNotifyRoutine
    • IofCompleteRequest
    • IoGetRequestorProcessId
    • IofCallDriver
    • IoDeleteDevice
    • IoCreateSymbolicLink
    • PsGetVersion
    • IoDetachDevice
    • IoAttachDeviceToDeviceStackSafe
    • IoCreateDevice
    • PsInitialSystemProcess
    • IoThreadToProcess
    • KeAttachProcess
    • MmMapLockedPages
    • ZwDeleteFile
    • MmUnmapIoSpace
    • MmMapIoSpace
    • PsProcessType
    • KeDetachProcess
    • ZwWriteFile
    • NtClose
    • ObfReferenceObject
    • KeBugCheckEx
    • RtlCompareUnicodeString
    • IoBuildSynchronousFsdRequest
    • ZwTerminateProcess
    • ZwOpenThread
    • IoFreeIrp
    • RtlEqualUnicodeString
    • IoAllocateIrp
    • ZwQueryDirectoryObject
    • ZwOpenDirectoryObject
    • KeBugCheck
    • KeInsertQueueDpc
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • KeNumberProcessors
    • IoBuildDeviceIoControlRequest
    • KeTickCount
    • RtlUnwind
    • _strnicmp
    • _wcsnicmp
    • _wcsicmp
    • wcschr
    • KeDelayExecutionThread
    • MmMapLockedPagesSpecifyCache
    • KeGetCurrentThread
    • wcsstr
    • KeInitializeEvent
    • ZwSetSecurityObject
    • RtlGetDaclSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • IoIsWdmVersionAvailable
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • RtlAbsoluteToSelfRelativeSD
    • RtlSetDaclSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • ExUnregisterCallback
    • ExCreateCallback
    • ExRegisterCallback
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • KfAcquireSpinLock
    • KfReleaseSpinLock
    • KeGetCurrentIrql
    • ExAcquireFastMutex
    • ExReleaseFastMutex
    • KeRaiseIrqlToDpcLevel
    • KfLowerIrql
    • KfRaiseIrql

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rwtext
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2018-03-19 13:51:14
    MD5300d6ac47a146eb8eb159f51bc13f7cf
    SHA102316decf9e5165b431c599643f6856e86b95e7c
    SHA256a5a50449e2cc4d0dbc80496f757935ae38bf8a1bebdd6555a3495d8c219df2ad
    Authentihash MD5dc4869ad1497f7bd21ae89c9ecbcefca
    Authentihash SHA11b7496a00aa6fd9328b41bf48a692f2648f6a7fb
    Authentihash SHA25660f79c1b60a74b98b4f436d6bbbf5aeb9ce6febbe1443d318eea7581962b75a4
    RichPEHeaderHash MD573f94453db44e5265861f0ce8df39fc1
    RichPEHeaderHash SHA16d710be934482758c43d9d19941be5ed522e371f
    RichPEHeaderHash SHA25639835922f0b2a2c24ed5fb74c468f28fc5b2c036c7a219352dc78f7f29ea13c3
    CompanyAVAST Software
    DescriptionAvast anti rootkit
    ProductAvast Antivirus
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 07c70f7cab145bc1ed385fbe69fa3130
    FieldValue
    ToBeSigned (TBS) MD52e1a5012cbe8b95785c794bc1c5584c3
    ToBeSigned (TBS) SHA1f4753b06b08938794c32c2475cee663143036d08
    ToBeSigned (TBS) SHA256fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
    SubjectC=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
    ValidFrom2016-09-06 00:00:00
    ValidTo2019-10-04 12:00:00
    Signature56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber07c70f7cab145bc1ed385fbe69fa3130
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • IoCreateDevice
    • PsProcessType
    • KeDetachProcess
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • IoBuildDeviceIoControlRequest
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2018-02-26 05:01:25
    MD5dcd966874b4c8c952662d2d16ddb4d7c
    SHA1135b261eb03e830c57b1729e3a4653f9c27c7522
    SHA256aaa3459bcac25423f78ed72dbae4d7ef19e7c5c65770cbe5210b14e33cd1816c
    Authentihash MD531deadc1bcfdcac3b86e05ad2aa9eb1d
    Authentihash SHA16a02a8de97682af43b1a5831c4b4991caf94094a
    Authentihash SHA256f2e97fb72237dbbd8981d13a056dd3544c41d802efd129e1ea7e3f655de661b8
    RichPEHeaderHash MD573f94453db44e5265861f0ce8df39fc1
    RichPEHeaderHash SHA16d710be934482758c43d9d19941be5ed522e371f
    RichPEHeaderHash SHA25639835922f0b2a2c24ed5fb74c468f28fc5b2c036c7a219352dc78f7f29ea13c3
    CompanyAVAST Software
    DescriptionAvast anti rootkit
    ProductAvast Antivirus
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 07c70f7cab145bc1ed385fbe69fa3130
    FieldValue
    ToBeSigned (TBS) MD52e1a5012cbe8b95785c794bc1c5584c3
    ToBeSigned (TBS) SHA1f4753b06b08938794c32c2475cee663143036d08
    ToBeSigned (TBS) SHA256fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
    SubjectC=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
    ValidFrom2016-09-06 00:00:00
    ValidTo2019-10-04 12:00:00
    Signature56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber07c70f7cab145bc1ed385fbe69fa3130
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • IoCreateDevice
    • PsProcessType
    • KeDetachProcess
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • IoBuildDeviceIoControlRequest
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2020-07-23 06:10:00
    MD5991230087394738976dbd44f92516cae
    SHA1e2f40590b404a24e775f781525d8ed01f1b1156d
    SHA256ad8ffccfde782bc287241152cf24245a8bf21c2530d81c57e17631b3c4adb833
    Authentihash MD56a9312463a34c79194223951fc89b195
    Authentihash SHA16439725334c47247763a76d4ba8ebab4c1caedfa
    Authentihash SHA256f8e307f2af1c1ae3d5ef6581e651823e3b6bfb9d7b565353cbd50e455c1dc9c8
    RichPEHeaderHash MD5e8033ae063a3483aec0d2fa55081ff62
    RichPEHeaderHash SHA1fef047c18b115c601ddfd833e1cb5784ca1afbd7
    RichPEHeaderHash SHA256fe30a08a31a5f4687353c7b08444b72fb6402a51b0586f0ade667983f833c4a5
    CompanyAVAST Software
    DescriptionAvast Anti Rootkit
    ProductAvast Antivirus
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 03f02aca051d1c9330eeabd3706e836f
    FieldValue
    ToBeSigned (TBS) MD5f251d9cde0901fb67831855b4a592b51
    ToBeSigned (TBS) SHA1cd0ac068faea4b875ded287512f20b6ba8dcb457
    ToBeSigned (TBS) SHA256247e040822854e1a4cbc3488782a9e96db6bffa9bdfe36406a46e3f88695d423
    SubjectC=CZ, L=Praha, O=Avast Software s.r.o., OU=RE 999, CN=Avast Software s.r.o.
    ValidFrom2019-12-02 00:00:00
    ValidTo2022-10-19 12:00:00
    Signature874d04f17ffc50e66100207e56ecc8ae7e81c1957a7600295ead9db28842c7c05e06e8e28ccfc1e9d45d7a55d6d4a2fb74d72600a79ef5bfa53acaa4f3a4fcaf90a2554fc37742dd44c83a90880f948f5538637c0d999b03ebbf20cc001293a5639d44ad950cacfce2a337f7a24b817a5b85df89f6acf49974adee1d867373e6534a3f3558e59f87d06afe5744ec575b66c76110a595471007b209c591984f0ff20ea4c87ac405c85f42f0b105b04ec2ced11ca9cfb6aef21a3c6ae9ccd2a9cb4a9f78244751b15bfccb32ec3a52d44258bad6fc6d9f24c24700e9e1c4c0c29b9db4683c526a92934d72367620c6a89119e7a678597d7603c62b1c22f54edfad
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03f02aca051d1c9330eeabd3706e836f
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • __C_specific_handler
    • KeDelayExecutionThread
    • IoAllocateWorkItem
    • MmIsAddressValid
    • MmUnlockPages
    • ExAllocatePool
    • RtlAnsiStringToUnicodeString
    • KeAcquireSpinLockRaiseToDpc
    • ZwQuerySystemInformation
    • PsRemoveLoadImageNotifyRoutine
    • ZwUnmapViewOfSection
    • ZwQuerySymbolicLinkObject
    • MmProbeAndLockPages
    • RtlVolumeDeviceToDosName
    • PsSetLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • ZwReadFile
    • ObQueryNameString
    • ZwOpenThreadTokenEx
    • ZwOpenProcessTokenEx
    • towlower
    • NtBuildNumber
    • ExReleaseFastMutex
    • _wcsicmp
    • _snwprintf
    • RtlConvertSidToUnicodeString
    • ObfDereferenceObject
    • IoAllocateMdl
    • ZwCreateSection
    • ZwQueryInformationProcess
    • PsGetProcessId
    • PsCreateSystemThread
    • ZwQueryInformationThread
    • RtlInitUnicodeString
    • ZwOpenSymbolicLinkObject
    • tolower
    • PsRemoveCreateThreadNotifyRoutine
    • IoDeleteDevice
    • IoBuildDeviceIoControlRequest
    • wcsncpy
    • IoGetDeviceObjectPointer
    • IoGetCurrentProcess
    • ObOpenObjectByPointer
    • strncpy
    • KeReleaseSpinLock
    • _strnicmp
    • IoFileObjectType
    • KeStackAttachProcess
    • PsLookupProcessByProcessId
    • PsGetCurrentProcessId
    • KeSetEvent
    • PsThreadType
    • RtlUnicodeStringToAnsiString
    • ZwQueryInformationToken
    • ZwMapViewOfSection
    • strncmp
    • ObReferenceObjectByHandle
    • RtlGetVersion
    • PsGetThreadId
    • PsGetVersion
    • KeClearEvent
    • IoGetBaseFileSystemDeviceObject
    • wcschr
    • ZwSetInformationFile
    • ZwEnumerateKey
    • IoFreeMdl
    • wcsstr
    • ExAcquireFastMutex
    • MmGetSystemRoutineAddress
    • IoFreeWorkItem
    • _stricmp
    • ExAllocatePoolWithTag
    • RtlInitString
    • IofCallDriver
    • IoDeviceObjectType
    • _snprintf
    • ExFreePoolWithTag
    • ZwOpenFile
    • KeSetSystemAffinityThread
    • strstr
    • KeInitializeEvent
    • ObReferenceObjectByName
    • strchr
    • _wcsnicmp
    • KeQueryActiveProcessors
    • RtlEqualSid
    • IoQueueWorkItem
    • MmUnmapLockedPages
    • MmMapLockedPagesSpecifyCache
    • PsSetCreateThreadNotifyRoutine
    • PsGetCurrentThreadId
    • IofCompleteRequest
    • PsGetProcessWin32Process
    • ExEventObjectType
    • ZwQueryInformationFile
    • KeWaitForSingleObject
    • IoCreateSymbolicLink
    • PsSetCreateProcessNotifyRoutine
    • IoDriverObjectType
    • PsLookupThreadByThreadId
    • IoGetDeviceInterfaces
    • ZwClose
    • PsTerminateSystemThread
    • wcsrchr
    • strrchr
    • SeExports
    • KeUnstackDetachProcess
    • KeResetEvent
    • KeRevertToUserAffinityThread
    • ZwOpenProcess
    • wcsncmp
    • ZwOpenKey
    • PsGetThreadProcess
    • IoDetachDevice
    • IoAttachDeviceToDeviceStackSafe
    • IoThreadToProcess
    • PsInitialSystemProcess
    • IoCreateDevice
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeInitializeDpc
    • KeSetTargetProcessorDpc
    • PsProcessType
    • MmMapIoSpace
    • MmUnmapIoSpace
    • ZwDeleteFile
    • KeAttachProcess
    • KeDetachProcess
    • RtlCompareUnicodeString
    • ZwWriteFile
    • NtClose
    • ObfReferenceObject
    • IoBuildSynchronousFsdRequest
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • IoFreeIrp
    • ZwQueryDirectoryObject
    • KeBugCheck
    • ZwOpenDirectoryObject
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • ZwSetSecurityObject
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlLengthSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • IoIsWdmVersionAvailable
    • RtlSetDaclSecurityDescriptor
    • ZwSetValueKey
    • ZwQueryValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • KeBugCheckEx
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExRegisterCallback
    • ExCreateCallback
    • ExUnregisterCallback
    • strcmp

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2018-04-27 12:33:22
    MD5259381daae0357fbfefe1d92188c496a
    SHA13f347117d21cd8229dd99fa03d6c92601067c604
    SHA256be8dd2d39a527649e34dc77ef8bc07193a4234b38597b8f51e519dadc5479ec2
    Authentihash MD563451cd1b804978b26b8b04869749d76
    Authentihash SHA12c96a59141c58c42a871671fd2c3dfac9bb43a37
    Authentihash SHA25672f100edc998bb2fc40a3a7e7d76c6c37f7173b812f5cd7ae62c824b3fc63d57
    RichPEHeaderHash MD573f94453db44e5265861f0ce8df39fc1
    RichPEHeaderHash SHA16d710be934482758c43d9d19941be5ed522e371f
    RichPEHeaderHash SHA25639835922f0b2a2c24ed5fb74c468f28fc5b2c036c7a219352dc78f7f29ea13c3
    CompanyAVAST Software
    DescriptionAvast anti rootkit
    ProductAvast Antivirus
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 07c70f7cab145bc1ed385fbe69fa3130
    FieldValue
    ToBeSigned (TBS) MD52e1a5012cbe8b95785c794bc1c5584c3
    ToBeSigned (TBS) SHA1f4753b06b08938794c32c2475cee663143036d08
    ToBeSigned (TBS) SHA256fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
    SubjectC=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
    ValidFrom2016-09-06 00:00:00
    ValidTo2019-10-04 12:00:00
    Signature56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber07c70f7cab145bc1ed385fbe69fa3130
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • IoCreateDevice
    • PsProcessType
    • KeDetachProcess
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • IoBuildDeviceIoControlRequest
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2018-08-17 02:44:48
    MD516472fca75ab4b5647c99de608949cde
    SHA124daa825adedcbbb1d098cbe9d68c40389901b64
    SHA256d5c4ff35eaa74ccdb80c7197d3d113c9cd38561070f2aa69c0affe8ed84a77c9
    Authentihash MD5f778cb0515b1db1cb133286ed8e3f284
    Authentihash SHA17ab72d197214b2792893a14b80ed6e5a546d0b9b
    Authentihash SHA2565eb493fc07a9573176f87297a002183d8e60104619a7b83940ce6e83ac54cd7b
    RichPEHeaderHash MD58f27968d54353190563abf5d170857a7
    RichPEHeaderHash SHA14f025cb639a0c6de2121a3f920731370c9d2ac4f
    RichPEHeaderHash SHA25699759a45bb45fa627b27179f12e3d9906bd82fbc603268d549b820f10ca3ee71
    CompanyAVAST Software
    DescriptionAvast anti rootkit
    ProductAvast Antivirus
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 07c70f7cab145bc1ed385fbe69fa3130
    FieldValue
    ToBeSigned (TBS) MD52e1a5012cbe8b95785c794bc1c5584c3
    ToBeSigned (TBS) SHA1f4753b06b08938794c32c2475cee663143036d08
    ToBeSigned (TBS) SHA256fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
    SubjectC=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
    ValidFrom2016-09-06 00:00:00
    ValidTo2019-10-04 12:00:00
    Signature56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber07c70f7cab145bc1ed385fbe69fa3130
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • wcsrchr
    • towlower
    • MmGetSystemRoutineAddress
    • RtlInitUnicodeString
    • RtlUnicodeStringToAnsiString
    • MmIsAddressValid
    • RtlAnsiStringToUnicodeString
    • strncmp
    • MmUnlockPages
    • MmUnmapLockedPages
    • IoFreeMdl
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • ObfDereferenceObject
    • ObReferenceObjectByName
    • IoDriverObjectType
    • _snwprintf
    • ZwClose
    • IoGetBaseFileSystemDeviceObject
    • ObReferenceObjectByHandle
    • ZwOpenFile
    • ExFreePoolWithTag
    • ZwReadFile
    • ExAllocatePoolWithTag
    • ZwSetInformationFile
    • ZwQueryInformationFile
    • PsLookupProcessByProcessId
    • KeSetEvent
    • KeResetEvent
    • ZwMapViewOfSection
    • ZwCreateSection
    • ZwUnmapViewOfSection
    • KeRevertToUserAffinityThread
    • KeSetSystemAffinityThread
    • KeQueryActiveProcessors
    • _snprintf
    • memset
    • ZwQuerySystemInformation
    • ZwQueryInformationProcess
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • PsThreadType
    • PsLookupThreadByThreadId
    • KeUnstackDetachProcess
    • ZwOpenProcess
    • KeStackAttachProcess
    • KeWaitForSingleObject
    • KeClearEvent
    • KeQuerySystemTime
    • ZwEnumerateKey
    • ZwOpenKey
    • IoFreeWorkItem
    • IoQueueWorkItem
    • IoAllocateWorkItem
    • strchr
    • strstr
    • PsGetCurrentProcessId
    • _alldiv
    • ZwQuerySymbolicLinkObject
    • ZwOpenSymbolicLinkObject
    • RtlVolumeDeviceToDosName
    • IoGetDeviceObjectPointer
    • wcsncpy
    • wcsncmp
    • IoGetDeviceInterfaces
    • wcschr
    • strncpy
    • IoGetCurrentProcess
    • RtlInitString
    • ZwOpenThreadTokenEx
    • ZwOpenProcessTokenEx
    • RtlConvertSidToUnicodeString
    • RtlEqualSid
    • SeExports
    • ZwQueryInformationToken
    • PsGetCurrentThreadId
    • ExEventObjectType
    • NtBuildNumber
    • IoFileObjectType
    • IoDeviceObjectType
    • PsSetLoadImageNotifyRoutine
    • PsSetCreateProcessNotifyRoutine
    • PsGetProcessWin32Process
    • strrchr
    • ExAllocatePool
    • PsTerminateSystemThread
    • PsCreateSystemThread
    • ObQueryNameString
    • _allmul
    • PsSetCreateThreadNotifyRoutine
    • PsRemoveCreateThreadNotifyRoutine
    • PsRemoveLoadImageNotifyRoutine
    • IofCompleteRequest
    • IoGetRequestorProcessId
    • IofCallDriver
    • IoDeleteDevice
    • IoCreateSymbolicLink
    • PsGetVersion
    • IoDetachDevice
    • IoAttachDeviceToDeviceStackSafe
    • IoCreateDevice
    • PsInitialSystemProcess
    • IoThreadToProcess
    • KeAttachProcess
    • MmMapLockedPages
    • ZwDeleteFile
    • PsProcessType
    • KeDetachProcess
    • ZwWriteFile
    • NtClose
    • ObfReferenceObject
    • KeBugCheckEx
    • RtlCompareUnicodeString
    • IoBuildSynchronousFsdRequest
    • ZwTerminateProcess
    • ZwOpenThread
    • IoFreeIrp
    • RtlEqualUnicodeString
    • IoAllocateIrp
    • ZwQueryDirectoryObject
    • ZwOpenDirectoryObject
    • KeBugCheck
    • KeInsertQueueDpc
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • KeNumberProcessors
    • IoBuildDeviceIoControlRequest
    • KeTickCount
    • RtlUnwind
    • _stricmp
    • _strnicmp
    • _wcsicmp
    • _wcsnicmp
    • KeDelayExecutionThread
    • MmMapLockedPagesSpecifyCache
    • KeGetCurrentThread
    • wcsstr
    • KeInitializeEvent
    • ZwSetSecurityObject
    • RtlGetDaclSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • IoIsWdmVersionAvailable
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • RtlAbsoluteToSelfRelativeSD
    • RtlSetDaclSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • ExUnregisterCallback
    • ExCreateCallback
    • ExRegisterCallback
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • KfAcquireSpinLock
    • KfReleaseSpinLock
    • KeGetCurrentIrql
    • ExAcquireFastMutex
    • ExReleaseFastMutex
    • KeRaiseIrqlToDpcLevel
    • KfLowerIrql
    • KfRaiseIrql

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rwtext
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2019-08-11 14:15:51
    MD50e207ef80361b3d047a2358d0e2206b4
    SHA19393698058ce1187eb87e8c148cfe4804761142d
    SHA256dcb815eb8e9016608d0d917101b6af8c84b96fb709dc0344bceed02cbc4ed258
    Authentihash MD557dfa53fc7b8280adbe9a32a00241e17
    Authentihash SHA120812c39a2bb52c80eec322d8fecbef4d8138a73
    Authentihash SHA25600716eab8a3277128fb5ea8b1ac863e4b81b40674f7c6eb0f201e96341fd87c9
    RichPEHeaderHash MD575b13c227d5208aed34b2687daf4ff12
    RichPEHeaderHash SHA174ea061adc0690a674274c70e479258dff68f6b5
    RichPEHeaderHash SHA25689b1537c5094e9ccb980e1cbc109f742c686ac06078ce71c08767731dbafdc39
    CompanyAVAST Software
    DescriptionAvast anti rootkit
    ProductAvast Antivirus
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 07c70f7cab145bc1ed385fbe69fa3130
    FieldValue
    ToBeSigned (TBS) MD52e1a5012cbe8b95785c794bc1c5584c3
    ToBeSigned (TBS) SHA1f4753b06b08938794c32c2475cee663143036d08
    ToBeSigned (TBS) SHA256fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
    SubjectC=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
    ValidFrom2016-09-06 00:00:00
    ValidTo2019-10-04 12:00:00
    Signature56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber07c70f7cab145bc1ed385fbe69fa3130
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • IoBuildDeviceIoControlRequest
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsGetThreadId
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • tolower
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • PsGetThreadProcess
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • PsGetProcessId
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoThreadToProcess
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • PsInitialSystemProcess
    • IoCreateDevice
    • PsProcessType
    • MmUnmapIoSpace
    • KeDetachProcess
    • MmMapIoSpace
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2019-03-28 09:56:24
    MD5a4531040276080441974d9e00d8d4cfa
    SHA1d8e8dcc8531b8d07f8dabc9e79c19aac6eeca793
    SHA256e2e79f1e696f27fa70d72f97e448081b1fa14d59cbb89bb4a40428534dd5c6f6
    Authentihash MD52288e600dfcf6eb8f176f9c5df5e7fcf
    Authentihash SHA12cc6204ab44715a8d7c5189c524d8213a917e00a
    Authentihash SHA256e27fa56ceff3fe7d5a723c5f4192ce6aa16994f88cf05935645f9e398292376a
    RichPEHeaderHash MD59626b493680953826324d269e208fa60
    RichPEHeaderHash SHA11a458000e2060911a31fcbed8ad9000b98f54944
    RichPEHeaderHash SHA256ace6a5d1d7b11c6668753f9f17b2bb60f496168179cfd2d50e4e9e66fc41a50f
    CompanyAVG Technologies CZ, s.r.o.
    DescriptionAVG anti rootkit
    ProductAVG Internet Security System
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 611cb28a000000000026
    FieldValue
    ToBeSigned (TBS) MD5983a0c315a50542362f2bd6a5d71c8d0
    ToBeSigned (TBS) SHA18047f476001f5cb16a661d2a3fd0c3576168f5e2
    ToBeSigned (TBS) SHA2565f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
    ValidFrom2011-04-15 19:41:37
    ValidTo2021-04-15 19:51:37
    Signature5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611cb28a000000000026
    Version3
    Certificate 0557955e02a6b53dd1d574ede15f310e
    FieldValue
    ToBeSigned (TBS) MD5f9b558280379fbd2ac831a9850ec9c0e
    ToBeSigned (TBS) SHA1c22448dd1388c2011166e2a203fe984bd702f355
    ToBeSigned (TBS) SHA256c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe
    SubjectC=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.
    ValidFrom2018-01-30 00:00:00
    ValidTo2021-01-22 12:00:00
    Signature64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0557955e02a6b53dd1d574ede15f310e
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 0fa8490615d700a0be2176fdc5ec6dbd
    FieldValue
    ToBeSigned (TBS) MD5a9a31555bbc92b6033975c5428fb3679
    ToBeSigned (TBS) SHA147f4b9898631773231b32844ec0d49990ac4eb1e
    ToBeSigned (TBS) SHA256c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0fa8490615d700a0be2176fdc5ec6dbd
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • IoBuildDeviceIoControlRequest
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • tolower
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoThreadToProcess
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • PsInitialSystemProcess
    • IoCreateDevice
    • PsProcessType
    • MmUnmapIoSpace
    • KeDetachProcess
    • MmMapIoSpace
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2018-02-27 04:28:46
    MD57fbd3b4488a12eab56c54e7bb91516f3
    SHA161d44c9a1ef992bc29502f725d1672d551b9bc3f
    SHA256e4522e2cfa0b1f5d258a3cf85b87681d6969e0572f668024c465d635c236b5d9
    Authentihash MD5e9dca8f16d7d0074a212dd73f33f94f1
    Authentihash SHA1b844ef5bb029ccfd144dc6f3d705b7c3d0e6efdb
    Authentihash SHA25647f64d6753f40388382097351a26dad54b8fdf59529a24acc65e9ced440ee2c6
    RichPEHeaderHash MD573f94453db44e5265861f0ce8df39fc1
    RichPEHeaderHash SHA16d710be934482758c43d9d19941be5ed522e371f
    RichPEHeaderHash SHA25639835922f0b2a2c24ed5fb74c468f28fc5b2c036c7a219352dc78f7f29ea13c3
    CompanyAVG Technologies CZ, s.r.o.
    DescriptionAVG anti rootkit
    ProductAVG Internet Security System
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 250ce8e030612e9f2b89f7054d7cf8fd
    FieldValue
    ToBeSigned (TBS) MD5918d9eb6a6cd36c531eceb926170a7e1
    ToBeSigned (TBS) SHA10ae95700d65e6f59715aa47048993ca7858e676a
    ToBeSigned (TBS) SHA25647c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
    ValidFrom2006-11-08 00:00:00
    ValidTo2021-11-07 23:59:59
    Signature1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber250ce8e030612e9f2b89f7054d7cf8fd
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3
    Certificate 4b5e1897903602425d3cb25d75c4f4ce
    FieldValue
    ToBeSigned (TBS) MD5d4ce3e543458edafb2db286a26226b5b
    ToBeSigned (TBS) SHA1e1f64883f78595bfbbbb6998babc3eaf8e335749
    ToBeSigned (TBS) SHA25652b100ec65c2b99f058ff89869ced270bf5e6a5db581962a69e073275339e0ae
    SubjectC=NL, ST=North Holland, L=Amsterdam, O=AVG Netherlands B.V., CN=AVG Netherlands B.V.
    ValidFrom2015-07-28 00:00:00
    ValidTo2018-09-25 23:59:59
    Signature6a77df4c2dc0ab59ee02d60398ece3dbed508ef731dfe2d64ecaeb0d78f918776b40e046c00dc921210237c8fe7f91b4f2101334f5f672eed5cc4a21825bd8be18fc38ca8f190e2e83e527aae99e956a9cb6a1fa9f52658e42b9fc5618bf7e644f9aea6af7409233ba6e92bc6ea8c07677f094369af597f236de3ffeec4f2d4191c825e1273bbafa6ecb7846f430655760a92f40de681304dc230eb1513082bd4249e3fdcd01cb82905f21cdf0d1f68f581e76f8bded6332cca3dcabf7d483c5e64255bca86d876454c614d9c14c961df6ce78555b9d61a482497dc36dc41179970a8ae7e5cba9306d14cfa79b59112dfa0bec9cf9f7f63853a833b146dc33d8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber4b5e1897903602425d3cb25d75c4f4ce
    Version3
    Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
    FieldValue
    ToBeSigned (TBS) MD5b30c31a572b0409383ed3fbe17e56e81
    ToBeSigned (TBS) SHA14843a82ed3b1f2bfbee9671960e1940c942f688d
    ToBeSigned (TBS) SHA25603cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber5200e5aa2556fc1a86ed96c9d44b33c7
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • IoCreateDevice
    • PsProcessType
    • KeDetachProcess
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • IoBuildDeviceIoControlRequest
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    FilenameaswArPot.sys
    Creation Timestamp2019-01-16 11:17:09
    MD565e6718a547495c692e090d7887d247b
    SHA151b9867c391be3ce56ba7e1c3cba8c76777245b2
    SHA256ebe2e9ec6d5d94c2d58fbcc9d78c5f0ee7a2f2c1aed6d1b309f383186d11dfa3
    Authentihash MD52be74c85587978badcc47079d1eb1c5b
    Authentihash SHA1eaaaeba2313000a501688f7b8416fec2b705ef7a
    Authentihash SHA256fca5f90ce2b210e6026cbf6f2c281fe17a08ddb2e936200847823ef83eaab1eb
    RichPEHeaderHash MD59626b493680953826324d269e208fa60
    RichPEHeaderHash SHA11a458000e2060911a31fcbed8ad9000b98f54944
    RichPEHeaderHash SHA256ace6a5d1d7b11c6668753f9f17b2bb60f496168179cfd2d50e4e9e66fc41a50f
    CompanyAVAST Software
    DescriptionAvast anti rootkit
    ProductAvast Antivirus
    OriginalFilenameaswArPot.sys

    Download

    Certificates

    Expand
    Certificate 07c70f7cab145bc1ed385fbe69fa3130
    FieldValue
    ToBeSigned (TBS) MD52e1a5012cbe8b95785c794bc1c5584c3
    ToBeSigned (TBS) SHA1f4753b06b08938794c32c2475cee663143036d08
    ToBeSigned (TBS) SHA256fcad609a3259e3ca079248302a7e694f40e66a7090e510c8c3e821d7a8da82a5
    SubjectC=CZ, L=Praha 4, O=AVAST Software s.r.o., CN=AVAST Software s.r.o.
    ValidFrom2016-09-06 00:00:00
    ValidTo2019-10-04 12:00:00
    Signature56220de8a9a65fffbff97ff463c4026ec9be68fe98bfa0b20a722df84322a44dbc98f25b87ee42da3a06a6cedef076de22e0d7e02d41201156875341cd24badedb8aa5afa133e9ed688fc45aeb37a74fbe399828143561fd717fa7bed97cb5d42643494462fef349f3300daff13660a9e50f85d1110de96d1300e0e730d2b6689fd53eb7a72f4f3112dffa2c1caf17cb64c22509d82b5ce1c2181c2faac22fce3981e683183d6da50d1c17dec375c370f5feb5abfbc6dca4cdd47a5b14375870de6dc346361d8997e79f19819f5168f9b01c9aacc210f2322248adc375a2782b64881c6a557677815c39b024555cc0adca920a617e0ecb385eb47213b1553c80
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber07c70f7cab145bc1ed385fbe69fa3130
    Version3
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 02c4d1e58a4a680c568da3047e7e4d5f
    FieldValue
    ToBeSigned (TBS) MD5829995f702421dea833a24fb2c7f4442
    ToBeSigned (TBS) SHA11d7e838accd498c2e5ba9373af819ec097bb955c
    ToBeSigned (TBS) SHA25692914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1
    ValidFrom2011-02-11 12:00:00
    ValidTo2026-02-10 12:00:00
    Signature49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber02c4d1e58a4a680c568da3047e7e4d5f
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • wcschr
    • MmUnmapLockedPages
    • _stricmp
    • _wcsicmp
    • towlower
    • _strnicmp
    • ExAllocatePoolWithTag
    • PsGetProcessWin32Process
    • KeClearEvent
    • RtlVolumeDeviceToDosName
    • KeQueryActiveProcessors
    • RtlConvertSidToUnicodeString
    • IoBuildDeviceIoControlRequest
    • ExFreePoolWithTag
    • KeResetEvent
    • ExReleaseFastMutex
    • IoGetBaseFileSystemDeviceObject
    • strncmp
    • ZwOpenThreadTokenEx
    • RtlAnsiStringToUnicodeString
    • ExAcquireFastMutex
    • PsSetLoadImageNotifyRoutine
    • _snwprintf
    • NtBuildNumber
    • PsRemoveCreateThreadNotifyRoutine
    • PsLookupProcessByProcessId
    • ZwQuerySymbolicLinkObject
    • _wcsnicmp
    • ZwReadFile
    • strstr
    • ZwMapViewOfSection
    • RtlInitUnicodeString
    • IoDeleteDevice
    • KeSetEvent
    • wcsncpy
    • RtlEqualSid
    • strchr
    • IoFreeWorkItem
    • MmGetSystemRoutineAddress
    • KeInitializeEvent
    • PsSetCreateThreadNotifyRoutine
    • RtlUnicodeStringToAnsiString
    • _snprintf
    • RtlGetVersion
    • ZwQuerySystemInformation
    • RtlInitString
    • KeReleaseSpinLock
    • PsSetCreateProcessNotifyRoutine
    • ZwOpenSymbolicLinkObject
    • IoFreeMdl
    • KeUnstackDetachProcess
    • ZwOpenProcessTokenEx
    • ZwSetInformationFile
    • tolower
    • KeDelayExecutionThread
    • ObQueryNameString
    • strncpy
    • IoFileObjectType
    • IoDriverObjectType
    • wcsrchr
    • wcsstr
    • PsCreateSystemThread
    • MmMapLockedPagesSpecifyCache
    • IoGetDeviceObjectPointer
    • ZwUnmapViewOfSection
    • ExAllocatePool
    • PsTerminateSystemThread
    • IoGetCurrentProcess
    • ExEventObjectType
    • IoAllocateWorkItem
    • ZwClose
    • IofCompleteRequest
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • IoGetRequestorProcessId
    • MmProbeAndLockPages
    • PsGetVersion
    • KeRevertToUserAffinityThread
    • PsThreadType
    • IoGetDeviceInterfaces
    • ZwOpenProcess
    • SeExports
    • MmUnlockPages
    • strrchr
    • ZwQueryInformationProcess
    • IoCreateSymbolicLink
    • PsGetCurrentThreadId
    • PsGetCurrentProcessId
    • KeSetSystemAffinityThread
    • MmIsAddressValid
    • ObfDereferenceObject
    • ZwCreateSection
    • ObReferenceObjectByName
    • IoQueueWorkItem
    • IoDeviceObjectType
    • ZwOpenFile
    • wcsncmp
    • ZwQueryInformationToken
    • ZwQueryInformationFile
    • ZwQueryInformationThread
    • ObOpenObjectByPointer
    • KeStackAttachProcess
    • PsLookupThreadByThreadId
    • ZwEnumerateKey
    • IoAllocateMdl
    • IofCallDriver
    • ZwOpenKey
    • KeAcquireSpinLockRaiseToDpc
    • IoThreadToProcess
    • IoAttachDeviceToDeviceStackSafe
    • IoDetachDevice
    • PsInitialSystemProcess
    • IoCreateDevice
    • PsProcessType
    • MmUnmapIoSpace
    • KeDetachProcess
    • MmMapIoSpace
    • KeAttachProcess
    • ZwDeleteFile
    • IoBuildSynchronousFsdRequest
    • NtClose
    • RtlCompareUnicodeString
    • ObfReferenceObject
    • ZwWriteFile
    • ZwOpenThread
    • ZwTerminateProcess
    • RtlEqualUnicodeString
    • ZwOpenDirectoryObject
    • KeBugCheck
    • ZwQueryDirectoryObject
    • IoFreeIrp
    • IoAllocateIrp
    • KdDebuggerNotPresent
    • KeSetTargetProcessorDpc
    • KeInitializeDpc
    • KeInsertQueueDpc
    • KeNumberProcessors
    • KeBugCheckEx
    • ZwSetSecurityObject
    • RtlLengthSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • RtlAbsoluteToSelfRelativeSD
    • IoIsWdmVersionAvailable
    • RtlLengthSid
    • RtlAddAccessAllowedAce
    • RtlGetSaclSecurityDescriptor
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • ZwCreateKey
    • ZwQueryValueKey
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • RtlQueryRegistryValues
    • RtlPrefixUnicodeString
    • ExUnregisterCallback
    • ExRegisterCallback
    • ExCreateCallback
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611cb28a000000000026",
          "Signature": "5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA",
          "TBS": {
            "MD5": "983a0c315a50542362f2bd6a5d71c8d0",
            "SHA1": "8047f476001f5cb16a661d2a3fd0c3576168f5e2",
            "SHA256": "5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83",
            "SHA384": "5f014b60511ddab3247ef0b3c03fe82c622237ba76015e2911d1adc50dc632d56ebd1ee532f3c2b6cbfe68d80a2c91dc"
          },
          "ValidFrom": "2011-04-15 19:41:37",
          "ValidTo": "2021-04-15 19:51:37",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Signature": "64a3846966f4f2a1ffd87657c43ac13664775a70d059fd4447ee6588de3e0bf2b1a228291c0a01222cab6b4bbbcaabb94662396476d5525c952e7fd0048588028be1ba1c55c1ac200b523e7234ded93661acf83becee39c27823e22ec23d4ff8266eea3241ed9fbfd6bba155c7c39ed31db5e810dd7ea0858b0a2e9b824f23b9002f04e35375d54e5237f575e221914fd6a11590fdac7bc2ee5d66eb08e3c560414f6144111bef12350d70d9bdc513fb8d2407de5f1c7cca824feb4fb2a51057c2609f8d6419078879d64840ed870385d645f08f022a306ba5309883eacf4967dbbeb36961c73f2ed047d6cf85d2c3ee86c9913e8374be078155a4ffa36d9fa8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=Newton, O=AVG Technologies USA, Inc., OU=Release Engineering, CN=AVG Technologies USA, Inc.",
          "TBS": {
            "MD5": "f9b558280379fbd2ac831a9850ec9c0e",
            "SHA1": "c22448dd1388c2011166e2a203fe984bd702f355",
            "SHA256": "c2f472e92e35af2565c8973f388a3602f43929f9e41befa85cdeff4446c5b9fe",
            "SHA384": "5ee6139861e1ad7af4f34277455f9239b9ae156de69550c1f6b567afa2038498f9edb2464632655aac52899243ff84b3"
          },
          "ValidFrom": "2018-01-30 00:00:00",
          "ValidTo": "2021-01-22 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
          "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
          "TBS": {
            "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
            "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
            "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
            "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
          },
          "ValidFrom": "2014-10-22 00:00:00",
          "ValidTo": "2024-10-22 00:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0fa8490615d700a0be2176fdc5ec6dbd",
          "Signature": "7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "TBS": {
            "MD5": "a9a31555bbc92b6033975c5428fb3679",
            "SHA1": "47f4b9898631773231b32844ec0d49990ac4eb1e",
            "SHA256": "c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1",
            "SHA384": "86f49574f368a561914a52d7ae043ec6784ef8c718960700f834e123594605d25d39f1ad45f1eb5052c9567f3edd0e16"
          },
          "ValidFrom": "2011-02-11 12:00:00",
          "ValidTo": "2026-02-10 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
          "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
          "TBS": {
            "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
            "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
            "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
            "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
          },
          "ValidFrom": "2006-11-10 00:00:00",
          "ValidTo": "2021-11-10 00:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1",
          "SerialNumber": "0557955e02a6b53dd1d574ede15f310e",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    source

    last_updated: 2024-03-28