Description The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable drivers (237 file hashes) accepting firmware access. Six allow kernel memory access. All give full control of the devices to non-admin users. By exploiting the vulnerable drivers, an attacker without the system privilege may erase/alter firmware, and/or elevate privileges. As of the time of writing in October 2023, the filenames of the vulnerable drivers have not been made public until now.
UUID : 0f749d4e-145e-4b8e-bea6-47003d228043Created : 2023-11-02Author : Takahiro HaruyamaDownload
This download link contains the vulnerable driver!
Block ecsiodriverx64.sys across your endpoints Add this driver to your block policy in minutes with MagicSword, threat-driven application control. Free for up to 100 endpoints.
Start Blocking for Free Commands sc.exe create ecsiodriverx64sys binPath= C:\windows\temp\ecsiodriverx64sys.sys type=kernel && sc.exe start ecsiodriverx64sys
Use Case Privileges Operating System Elevate privileges kernel Windows 10
Detections Sigma 🛡️ Expand Names
detects loading using name only
Hashes
detects loading using hashes only
Resources https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html Known Vulnerable Samples Download
Certificates Expand Certificate 3825d7faf861af9ef490e726b5d65ad5 Field Value ToBeSigned (TBS) MD5 d6c7684e9aaa508cf268335f83afe040 ToBeSigned (TBS) SHA1 18066d20ad92409c567cdfde745279ff71c75226 ToBeSigned (TBS) SHA256 a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff Subject C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2 ValidFrom 2007-06-15 00:00:00 ValidTo 2012-06-14 23:59:59 Signature 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 3825d7faf861af9ef490e726b5d65ad5 Version 3
Certificate 47bf1995df8d524643f7db6d480d31a4 Field Value ToBeSigned (TBS) MD5 518d2ea8a21e879c942d504824ac211c ToBeSigned (TBS) SHA1 21ce87d827077e61abddf2beba69fde5432ea031 ToBeSigned (TBS) SHA256 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7 Subject C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA ValidFrom 2003-12-04 00:00:00 ValidTo 2013-12-03 23:59:59 Signature 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 47bf1995df8d524643f7db6d480d31a4 Version 3
Certificate 0400000000011e44a5e24e Field Value ToBeSigned (TBS) MD5 1523b60530a241a9dc96e8890e42a0fa ToBeSigned (TBS) SHA1 879269f3f467a6d59641960a62fe9cb419355ff6 ToBeSigned (TBS) SHA256 6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022 Subject C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign Primary Object Publishing CA ValidFrom 1999-01-28 13:00:00 ValidTo 2017-01-27 12:00:00 Signature 4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 0400000000011e44a5e24e Version 3
Certificate 0100000000012278a99c57 Field Value ToBeSigned (TBS) MD5 dc6b27710246f93aebf764fb1e0ea084 ToBeSigned (TBS) SHA1 823b77e47e9781dc489bf2064a1f675a9add38eb ToBeSigned (TBS) SHA256 a2d6ad307418f28f971a5f0fccc7f19bffdd7bbae03058be5428b9b9c5a415ea Subject C=TW, O=ELITEGROUP COMPUTER SYSTEMS CO, CN=ELITEGROUP COMPUTER SYSTEMS CO ValidFrom 2009-07-14 08:54:12 ValidTo 2010-07-14 08:54:12 Signature 3f77c78bd998d9b9075abfd71ac7e89d5f156e534c3599ea78c098f7d146a98618c037da6f8d6665a83ea8c09b0a4bc12c6aed15ea26ca105670c975f912791142ebfa5c0a7786769cf5c38569f99f87044f85295674c9f3991a443feab793a2d850179a58e27f4534e15bcf2ebad0d372a1876b1dfd874d6cdb69255123ed809364b22f2d9e20189ceae0c723f4a09971732fe9ac1b1994e3785cc44666fbd5691964e8195680955b3686d559a715ac8a1c368a6c4997c0c13ab2b2066a2e8f181582f2d5139e943effe64aa1e421f671f8daf6d4b92f3221d71b673633bc6251c4dfdacda1507cf076503ee4cbef284634bb337925da179b28994572fa224e SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 0100000000012278a99c57 Version 3
Certificate 0400000000011e44a5ecbe Field Value ToBeSigned (TBS) MD5 16fb30314f4f5ff4dac603580f605778 ToBeSigned (TBS) SHA1 55c862df1f775f6a4c8e4f963115962a5cffc4ee ToBeSigned (TBS) SHA256 aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492 Subject C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign CA ValidFrom 2004-01-22 10:00:00 ValidTo 2017-01-27 11:00:00 Signature 762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 0400000000011e44a5ecbe Version 3
Certificate 610b7f6b000000000019 Field Value ToBeSigned (TBS) MD5 4798d55be7663a75649cda4dedc686ef ToBeSigned (TBS) SHA1 0f1ab2937b245d9466ea6f9bf056a5942e3989cf ToBeSigned (TBS) SHA256 ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1 Subject C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA ValidFrom 2006-05-23 17:00:51 ValidTo 2016-05-23 17:10:51 Signature 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 610b7f6b000000000019 Version 3
Imports Expand Imported Functions Expand MmUnmapIoSpace MmMapIoSpace IofCompleteRequest IoDeleteDevice IoCreateDevice KeBugCheckEx RtlInitUnicodeString IoCreateSymbolicLink IoDeleteSymbolicLink __C_specific_handler HalSetBusDataByOffset HalGetBusDataByOffset Exported Functions Expand Sections Expand .text .rdata .data .pdata INIT .rsrc Signature Expand {
"Certificates": [
{
"CertificateType": "Intermediate",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": false,
"SerialNumber": "3825d7faf861af9ef490e726b5d65ad5",
"Signature": "50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2",
"TBS": {
"MD5": "d6c7684e9aaa508cf268335f83afe040",
"SHA1": "18066d20ad92409c567cdfde745279ff71c75226",
"SHA256": "a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff",
"SHA384": "35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7"
},
"ValidFrom": "2007-06-15 00:00:00",
"ValidTo": "2012-06-14 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "47bf1995df8d524643f7db6d480d31a4",
"Signature": "4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA",
"TBS": {
"MD5": "518d2ea8a21e879c942d504824ac211c",
"SHA1": "21ce87d827077e61abddf2beba69fde5432ea031",
"SHA256": "1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7",
"SHA384": "53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f"
},
"ValidFrom": "2003-12-04 00:00:00",
"ValidTo": "2013-12-03 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "0400000000011e44a5e24e",
"Signature": "4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign Primary Object Publishing CA",
"TBS": {
"MD5": "1523b60530a241a9dc96e8890e42a0fa",
"SHA1": "879269f3f467a6d59641960a62fe9cb419355ff6",
"SHA256": "6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022",
"SHA384": "92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b"
},
"ValidFrom": "1999-01-28 13:00:00",
"ValidTo": "2017-01-27 12:00:00",
"Version": 3
},
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "0100000000012278a99c57",
"Signature": "3f77c78bd998d9b9075abfd71ac7e89d5f156e534c3599ea78c098f7d146a98618c037da6f8d6665a83ea8c09b0a4bc12c6aed15ea26ca105670c975f912791142ebfa5c0a7786769cf5c38569f99f87044f85295674c9f3991a443feab793a2d850179a58e27f4534e15bcf2ebad0d372a1876b1dfd874d6cdb69255123ed809364b22f2d9e20189ceae0c723f4a09971732fe9ac1b1994e3785cc44666fbd5691964e8195680955b3686d559a715ac8a1c368a6c4997c0c13ab2b2066a2e8f181582f2d5139e943effe64aa1e421f671f8daf6d4b92f3221d71b673633bc6251c4dfdacda1507cf076503ee4cbef284634bb337925da179b28994572fa224e",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=TW, O=ELITEGROUP COMPUTER SYSTEMS CO, CN=ELITEGROUP COMPUTER SYSTEMS CO",
"TBS": {
"MD5": "dc6b27710246f93aebf764fb1e0ea084",
"SHA1": "823b77e47e9781dc489bf2064a1f675a9add38eb",
"SHA256": "a2d6ad307418f28f971a5f0fccc7f19bffdd7bbae03058be5428b9b9c5a415ea",
"SHA384": "16c75e5a347d8e6d34f302fe0982fe46cb058e7ab2655aea58ea7c4857954568c180da1cb379b8bf4b6165f6462327b9"
},
"ValidFrom": "2009-07-14 08:54:12",
"ValidTo": "2010-07-14 08:54:12",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "0400000000011e44a5ecbe",
"Signature": "762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign CA",
"TBS": {
"MD5": "16fb30314f4f5ff4dac603580f605778",
"SHA1": "55c862df1f775f6a4c8e4f963115962a5cffc4ee",
"SHA256": "aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492",
"SHA384": "a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb"
},
"ValidFrom": "2004-01-22 10:00:00",
"ValidTo": "2017-01-27 11:00:00",
"Version": 3
},
{
"CertificateType": "Intermediate",
"IsCA": false,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "610b7f6b000000000019",
"Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
"TBS": {
"MD5": "4798d55be7663a75649cda4dedc686ef",
"SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
"SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
"SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
},
"ValidFrom": "2006-05-23 17:00:51",
"ValidTo": "2016-05-23 17:10:51",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign CA",
"SerialNumber": "0100000000012278a99c57",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates Expand Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b Field Value ToBeSigned (TBS) MD5 d0785ad36e427c92b19f6826ab1e8020 ToBeSigned (TBS) SHA1 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 ToBeSigned (TBS) SHA256 c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff Subject C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 ValidFrom 2012-12-21 00:00:00 ValidTo 2020-12-30 23:59:59 Signature 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 7e93ebfb7cc64e59ea4b9a77d406fc3b Version 3
Certificate 0400000000012f4ee1355c Field Value ToBeSigned (TBS) MD5 f6a9e8eb8784f3f694b4e353c08a0ff5 ToBeSigned (TBS) SHA1 589a7d4df869395601ba7538a65afae8c4616385 ToBeSigned (TBS) SHA256 cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4 Subject C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2 ValidFrom 2011-04-13 10:00:00 ValidTo 2019-04-13 10:00:00 Signature 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 0400000000012f4ee1355c Version 3
Certificate 0ecff438c8febf356e04d86a981b1a50 Field Value ToBeSigned (TBS) MD5 e9d38360b914c8863f6cba3ee58764d3 ToBeSigned (TBS) SHA1 4cba8eae47b6bf76f20b3504b98b8f062694a89b ToBeSigned (TBS) SHA256 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 Subject C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 ValidFrom 2012-10-18 00:00:00 ValidTo 2020-12-29 23:59:59 Signature 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 0ecff438c8febf356e04d86a981b1a50 Version 3
Certificate 112132bbb2b7159fbe5d9e21ae2f0574ba48 Field Value ToBeSigned (TBS) MD5 10618d7cf87424813997516d822aaf4c ToBeSigned (TBS) SHA1 9cfa7cc819d9026fa4ee99d84ac64e1272e700f9 ToBeSigned (TBS) SHA256 c885117682477b3171786b826d2c84913e1467e0c955e9d6f53a13c7548a275e Subject C=TW, ST=Taiwan, L=Taipei, O=Elitegroup Computer Systems Co., Ltd., OU=Elitegroup Computer Systems Co., Ltd., CN=Elitegroup Computer Systems Co., Ltd. ValidFrom 2013-08-13 02:55:45 ValidTo 2016-08-13 02:55:45 Signature 092cf78892309981cd856a776368384adc8ccf07f1929358b49f383767a27bb5e5fca89409ff04cc6e754bc3d6c244f8ee66c0c36131f2dab9ca91832d5f0a526a61ce15cf5ef93583cc62b91023d804606861b6c18a96c3563b997686e547c908734b5a9b4a97e78c366a9418972d93c5a4bb71929cd8a516339c6298cb6ff93dea0134e9abccfd8a52f6d1a2e25cb070988f6efe7b8c91240e5bbfaec6af0d39f89ae9eff1a5bc3305b97c2d173c605db140a76ab79d0e0ff84c51dd5fa085dd837c53dbd3167b50d73743e19fc58df098a059318cbf9eb5285beeb20da9f53a1dc00ca0024dfd582d8ebf336c37f39a975f362c1073c63d23926e56df3270 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 112132bbb2b7159fbe5d9e21ae2f0574ba48 Version 3
Certificate 610b7f6b000000000019 Field Value ToBeSigned (TBS) MD5 4798d55be7663a75649cda4dedc686ef ToBeSigned (TBS) SHA1 0f1ab2937b245d9466ea6f9bf056a5942e3989cf ToBeSigned (TBS) SHA256 ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1 Subject C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA ValidFrom 2006-05-23 17:00:51 ValidTo 2016-05-23 17:10:51 Signature 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 610b7f6b000000000019 Version 3
Imports Expand Imported Functions Expand IofCompleteRequest IoCreateDevice IoCreateSymbolicLink MmUnmapIoSpace IoDeleteSymbolicLink __C_specific_handler MmMapIoSpace IoDeleteDevice RtlInitUnicodeString HalSetBusDataByOffset HalGetBusDataByOffset Exported Functions Expand Sections Expand .text .rdata .data .pdata INIT .reloc Signature Expand {
"Certificates": [
{
"CertificateType": "Intermediate",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": false,
"SerialNumber": "3825d7faf861af9ef490e726b5d65ad5",
"Signature": "50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2",
"TBS": {
"MD5": "d6c7684e9aaa508cf268335f83afe040",
"SHA1": "18066d20ad92409c567cdfde745279ff71c75226",
"SHA256": "a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff",
"SHA384": "35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7"
},
"ValidFrom": "2007-06-15 00:00:00",
"ValidTo": "2012-06-14 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "47bf1995df8d524643f7db6d480d31a4",
"Signature": "4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA",
"TBS": {
"MD5": "518d2ea8a21e879c942d504824ac211c",
"SHA1": "21ce87d827077e61abddf2beba69fde5432ea031",
"SHA256": "1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7",
"SHA384": "53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f"
},
"ValidFrom": "2003-12-04 00:00:00",
"ValidTo": "2013-12-03 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "0400000000011e44a5e24e",
"Signature": "4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign Primary Object Publishing CA",
"TBS": {
"MD5": "1523b60530a241a9dc96e8890e42a0fa",
"SHA1": "879269f3f467a6d59641960a62fe9cb419355ff6",
"SHA256": "6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022",
"SHA384": "92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b"
},
"ValidFrom": "1999-01-28 13:00:00",
"ValidTo": "2017-01-27 12:00:00",
"Version": 3
},
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "0100000000012278a99c57",
"Signature": "3f77c78bd998d9b9075abfd71ac7e89d5f156e534c3599ea78c098f7d146a98618c037da6f8d6665a83ea8c09b0a4bc12c6aed15ea26ca105670c975f912791142ebfa5c0a7786769cf5c38569f99f87044f85295674c9f3991a443feab793a2d850179a58e27f4534e15bcf2ebad0d372a1876b1dfd874d6cdb69255123ed809364b22f2d9e20189ceae0c723f4a09971732fe9ac1b1994e3785cc44666fbd5691964e8195680955b3686d559a715ac8a1c368a6c4997c0c13ab2b2066a2e8f181582f2d5139e943effe64aa1e421f671f8daf6d4b92f3221d71b673633bc6251c4dfdacda1507cf076503ee4cbef284634bb337925da179b28994572fa224e",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=TW, O=ELITEGROUP COMPUTER SYSTEMS CO, CN=ELITEGROUP COMPUTER SYSTEMS CO",
"TBS": {
"MD5": "dc6b27710246f93aebf764fb1e0ea084",
"SHA1": "823b77e47e9781dc489bf2064a1f675a9add38eb",
"SHA256": "a2d6ad307418f28f971a5f0fccc7f19bffdd7bbae03058be5428b9b9c5a415ea",
"SHA384": "16c75e5a347d8e6d34f302fe0982fe46cb058e7ab2655aea58ea7c4857954568c180da1cb379b8bf4b6165f6462327b9"
},
"ValidFrom": "2009-07-14 08:54:12",
"ValidTo": "2010-07-14 08:54:12",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "0400000000011e44a5ecbe",
"Signature": "762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign CA",
"TBS": {
"MD5": "16fb30314f4f5ff4dac603580f605778",
"SHA1": "55c862df1f775f6a4c8e4f963115962a5cffc4ee",
"SHA256": "aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492",
"SHA384": "a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb"
},
"ValidFrom": "2004-01-22 10:00:00",
"ValidTo": "2017-01-27 11:00:00",
"Version": 3
},
{
"CertificateType": "Intermediate",
"IsCA": false,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "610b7f6b000000000019",
"Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
"TBS": {
"MD5": "4798d55be7663a75649cda4dedc686ef",
"SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
"SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
"SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
},
"ValidFrom": "2006-05-23 17:00:51",
"ValidTo": "2016-05-23 17:10:51",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign CA",
"SerialNumber": "0100000000012278a99c57",
"Version": 1
}
],
"SignerInfo": ""
}
source
last_updated: 2026-04-20
