0f749d4e-145e-4b8e-bea6-47003d228043

ecsiodriverx64.sys :inline

Description

The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable drivers (237 file hashes) accepting firmware access. Six allow kernel memory access. All give full control of the devices to non-admin users. By exploiting the vulnerable drivers, an attacker without the system privilege may erase/alter firmware, and/or elevate privileges. As of the time of writing in October 2023, the filenames of the vulnerable drivers have not been made public until now.

  • UUID: 0f749d4e-145e-4b8e-bea6-47003d228043
  • Created: 2023-11-02
  • Author: Takahiro Haruyama
  • Acknowledgement: |

Download

This download link contains the vulnerable driver!

Commands

sc.exe create ecsiodriverx64sys binPath= C:\windows\temp\ecsiodriverx64sys.sys type=kernel && sc.exe start ecsiodriverx64sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html

  • Known Vulnerable Samples

    PropertyValue
    Filename
    Creation Timestamp2009-09-27 23:58:05
    MD53a1ba5cd653a9ddce30c58e7c8ae28ae
    SHA104967bfd248d30183992c6c9fd2d9e07ae8d68ad
    SHA256270547552060c6f4f5b2ebd57a636d5e71d5f8a9d4305c2b0fe5db0aa2f389cc
    Authentihash MD5ce904544497eb65515a416258b2bfd91
    Authentihash SHA16cfa176d71505d8651f82b367f96cb5c497648a5
    Authentihash SHA2569452b5577681c74d568825c4e95c5c9a5e0f682782c8dd932a7d4d732e958802
    RichPEHeaderHash MD541ddd08b440611823bc5d8cb732c563d
    RichPEHeaderHash SHA18acdfc9ac988c6250e2a031640f6e169b5fddb73
    RichPEHeaderHash SHA256189683b4db2e68d2f0b3f91f1141907b3887f23991867a68a22389d40ad3634e
    CompanyElitegroup Computer Systems
    DescriptionECSIoDriver
    ProductECSIoDriver
    OriginalFilenameECSIoDriver.sys

    Download

    Certificates

    Expand
    Certificate 3825d7faf861af9ef490e726b5d65ad5
    FieldValue
    ToBeSigned (TBS) MD5d6c7684e9aaa508cf268335f83afe040
    ToBeSigned (TBS) SHA118066d20ad92409c567cdfde745279ff71c75226
    ToBeSigned (TBS) SHA256a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2
    ValidFrom2007-06-15 00:00:00
    ValidTo2012-06-14 23:59:59
    Signature50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber3825d7faf861af9ef490e726b5d65ad5
    Version3
    Certificate 47bf1995df8d524643f7db6d480d31a4
    FieldValue
    ToBeSigned (TBS) MD5518d2ea8a21e879c942d504824ac211c
    ToBeSigned (TBS) SHA121ce87d827077e61abddf2beba69fde5432ea031
    ToBeSigned (TBS) SHA2561ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
    ValidFrom2003-12-04 00:00:00
    ValidTo2013-12-03 23:59:59
    Signature4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47bf1995df8d524643f7db6d480d31a4
    Version3
    Certificate 0400000000011e44a5e24e
    FieldValue
    ToBeSigned (TBS) MD51523b60530a241a9dc96e8890e42a0fa
    ToBeSigned (TBS) SHA1879269f3f467a6d59641960a62fe9cb419355ff6
    ToBeSigned (TBS) SHA2566811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022
    SubjectC=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign Primary Object Publishing CA
    ValidFrom1999-01-28 13:00:00
    ValidTo2017-01-27 12:00:00
    Signature4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000011e44a5e24e
    Version3
    Certificate 0100000000012278a99c57
    FieldValue
    ToBeSigned (TBS) MD5dc6b27710246f93aebf764fb1e0ea084
    ToBeSigned (TBS) SHA1823b77e47e9781dc489bf2064a1f675a9add38eb
    ToBeSigned (TBS) SHA256a2d6ad307418f28f971a5f0fccc7f19bffdd7bbae03058be5428b9b9c5a415ea
    SubjectC=TW, O=ELITEGROUP COMPUTER SYSTEMS CO, CN=ELITEGROUP COMPUTER SYSTEMS CO
    ValidFrom2009-07-14 08:54:12
    ValidTo2010-07-14 08:54:12
    Signature3f77c78bd998d9b9075abfd71ac7e89d5f156e534c3599ea78c098f7d146a98618c037da6f8d6665a83ea8c09b0a4bc12c6aed15ea26ca105670c975f912791142ebfa5c0a7786769cf5c38569f99f87044f85295674c9f3991a443feab793a2d850179a58e27f4534e15bcf2ebad0d372a1876b1dfd874d6cdb69255123ed809364b22f2d9e20189ceae0c723f4a09971732fe9ac1b1994e3785cc44666fbd5691964e8195680955b3686d559a715ac8a1c368a6c4997c0c13ab2b2066a2e8f181582f2d5139e943effe64aa1e421f671f8daf6d4b92f3221d71b673633bc6251c4dfdacda1507cf076503ee4cbef284634bb337925da179b28994572fa224e
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0100000000012278a99c57
    Version3
    Certificate 0400000000011e44a5ecbe
    FieldValue
    ToBeSigned (TBS) MD516fb30314f4f5ff4dac603580f605778
    ToBeSigned (TBS) SHA155c862df1f775f6a4c8e4f963115962a5cffc4ee
    ToBeSigned (TBS) SHA256aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492
    SubjectC=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign CA
    ValidFrom2004-01-22 10:00:00
    ValidTo2017-01-27 11:00:00
    Signature762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000011e44a5ecbe
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • MmUnmapIoSpace
    • MmMapIoSpace
    • IofCompleteRequest
    • IoDeleteDevice
    • IoCreateDevice
    • KeBugCheckEx
    • RtlInitUnicodeString
    • IoCreateSymbolicLink
    • IoDeleteSymbolicLink
    • __C_specific_handler
    • HalSetBusDataByOffset
    • HalGetBusDataByOffset

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "3825d7faf861af9ef490e726b5d65ad5",
          "Signature": "50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2",
          "TBS": {
            "MD5": "d6c7684e9aaa508cf268335f83afe040",
            "SHA1": "18066d20ad92409c567cdfde745279ff71c75226",
            "SHA256": "a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff",
            "SHA384": "35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7"
          },
          "ValidFrom": "2007-06-15 00:00:00",
          "ValidTo": "2012-06-14 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "47bf1995df8d524643f7db6d480d31a4",
          "Signature": "4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA",
          "TBS": {
            "MD5": "518d2ea8a21e879c942d504824ac211c",
            "SHA1": "21ce87d827077e61abddf2beba69fde5432ea031",
            "SHA256": "1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7",
            "SHA384": "53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f"
          },
          "ValidFrom": "2003-12-04 00:00:00",
          "ValidTo": "2013-12-03 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000011e44a5e24e",
          "Signature": "4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign Primary Object Publishing CA",
          "TBS": {
            "MD5": "1523b60530a241a9dc96e8890e42a0fa",
            "SHA1": "879269f3f467a6d59641960a62fe9cb419355ff6",
            "SHA256": "6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022",
            "SHA384": "92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b"
          },
          "ValidFrom": "1999-01-28 13:00:00",
          "ValidTo": "2017-01-27 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0100000000012278a99c57",
          "Signature": "3f77c78bd998d9b9075abfd71ac7e89d5f156e534c3599ea78c098f7d146a98618c037da6f8d6665a83ea8c09b0a4bc12c6aed15ea26ca105670c975f912791142ebfa5c0a7786769cf5c38569f99f87044f85295674c9f3991a443feab793a2d850179a58e27f4534e15bcf2ebad0d372a1876b1dfd874d6cdb69255123ed809364b22f2d9e20189ceae0c723f4a09971732fe9ac1b1994e3785cc44666fbd5691964e8195680955b3686d559a715ac8a1c368a6c4997c0c13ab2b2066a2e8f181582f2d5139e943effe64aa1e421f671f8daf6d4b92f3221d71b673633bc6251c4dfdacda1507cf076503ee4cbef284634bb337925da179b28994572fa224e",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=TW, O=ELITEGROUP COMPUTER SYSTEMS CO, CN=ELITEGROUP COMPUTER SYSTEMS CO",
          "TBS": {
            "MD5": "dc6b27710246f93aebf764fb1e0ea084",
            "SHA1": "823b77e47e9781dc489bf2064a1f675a9add38eb",
            "SHA256": "a2d6ad307418f28f971a5f0fccc7f19bffdd7bbae03058be5428b9b9c5a415ea",
            "SHA384": "16c75e5a347d8e6d34f302fe0982fe46cb058e7ab2655aea58ea7c4857954568c180da1cb379b8bf4b6165f6462327b9"
          },
          "ValidFrom": "2009-07-14 08:54:12",
          "ValidTo": "2010-07-14 08:54:12",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000011e44a5ecbe",
          "Signature": "762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign CA",
          "TBS": {
            "MD5": "16fb30314f4f5ff4dac603580f605778",
            "SHA1": "55c862df1f775f6a4c8e4f963115962a5cffc4ee",
            "SHA256": "aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492",
            "SHA384": "a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb"
          },
          "ValidFrom": "2004-01-22 10:00:00",
          "ValidTo": "2017-01-27 11:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign CA",
          "SerialNumber": "0100000000012278a99c57",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2014-05-28 00:59:16
    MD5f34489c0f0d0a16b4db8a17281b57eba
    SHA13a1f19b7a269723e244756dac1fc27c793276fe7
    SHA2567de1ce434f957df7bbdf6578dd0bf06ed1269f3cc182802d5c499f5570a85b3a
    Authentihash MD5d9272a5a4b5add2159866e4af9e893d5
    Authentihash SHA187f47eb2066556a20a15f6c777c35daa2bc30f55
    Authentihash SHA2565cbe195ef5e86f705c8290602ae688e1835e7385ed68ae264c4795e425c1645f
    RichPEHeaderHash MD5c8dd3d2c77a34ae9af148b64e37b3de5
    RichPEHeaderHash SHA1408fac64b925306c4d950f23cce782a8cbc07e90
    RichPEHeaderHash SHA256547856cb3d972c9056b76f4f4829a79dc44e7cf2cd73e9fad28ec842e8682027

    Download

    Certificates

    Expand
    Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
    FieldValue
    ToBeSigned (TBS) MD5d0785ad36e427c92b19f6826ab1e8020
    ToBeSigned (TBS) SHA1365b7a9c21bd9373e49052c3e7b3e4646ddd4d43
    ToBeSigned (TBS) SHA256c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2
    ValidFrom2012-12-21 00:00:00
    ValidTo2020-12-30 23:59:59
    Signature03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber7e93ebfb7cc64e59ea4b9a77d406fc3b
    Version3
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 0ecff438c8febf356e04d86a981b1a50
    FieldValue
    ToBeSigned (TBS) MD5e9d38360b914c8863f6cba3ee58764d3
    ToBeSigned (TBS) SHA14cba8eae47b6bf76f20b3504b98b8f062694a89b
    ToBeSigned (TBS) SHA25688901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976
    SubjectC=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4
    ValidFrom2012-10-18 00:00:00
    ValidTo2020-12-29 23:59:59
    Signature783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0ecff438c8febf356e04d86a981b1a50
    Version3
    Certificate 112132bbb2b7159fbe5d9e21ae2f0574ba48
    FieldValue
    ToBeSigned (TBS) MD510618d7cf87424813997516d822aaf4c
    ToBeSigned (TBS) SHA19cfa7cc819d9026fa4ee99d84ac64e1272e700f9
    ToBeSigned (TBS) SHA256c885117682477b3171786b826d2c84913e1467e0c955e9d6f53a13c7548a275e
    SubjectC=TW, ST=Taiwan, L=Taipei, O=Elitegroup Computer Systems Co., Ltd., OU=Elitegroup Computer Systems Co., Ltd., CN=Elitegroup Computer Systems Co., Ltd.
    ValidFrom2013-08-13 02:55:45
    ValidTo2016-08-13 02:55:45
    Signature092cf78892309981cd856a776368384adc8ccf07f1929358b49f383767a27bb5e5fca89409ff04cc6e754bc3d6c244f8ee66c0c36131f2dab9ca91832d5f0a526a61ce15cf5ef93583cc62b91023d804606861b6c18a96c3563b997686e547c908734b5a9b4a97e78c366a9418972d93c5a4bb71929cd8a516339c6298cb6ff93dea0134e9abccfd8a52f6d1a2e25cb070988f6efe7b8c91240e5bbfaec6af0d39f89ae9eff1a5bc3305b97c2d173c605db140a76ab79d0e0ff84c51dd5fa085dd837c53dbd3167b50d73743e19fc58df098a059318cbf9eb5285beeb20da9f53a1dc00ca0024dfd582d8ebf336c37f39a975f362c1073c63d23926e56df3270
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112132bbb2b7159fbe5d9e21ae2f0574ba48
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • IofCompleteRequest
    • IoCreateDevice
    • IoCreateSymbolicLink
    • MmUnmapIoSpace
    • IoDeleteSymbolicLink
    • __C_specific_handler
    • MmMapIoSpace
    • IoDeleteDevice
    • RtlInitUnicodeString
    • HalSetBusDataByOffset
    • HalGetBusDataByOffset

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "3825d7faf861af9ef490e726b5d65ad5",
          "Signature": "50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2",
          "TBS": {
            "MD5": "d6c7684e9aaa508cf268335f83afe040",
            "SHA1": "18066d20ad92409c567cdfde745279ff71c75226",
            "SHA256": "a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff",
            "SHA384": "35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7"
          },
          "ValidFrom": "2007-06-15 00:00:00",
          "ValidTo": "2012-06-14 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "47bf1995df8d524643f7db6d480d31a4",
          "Signature": "4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA",
          "TBS": {
            "MD5": "518d2ea8a21e879c942d504824ac211c",
            "SHA1": "21ce87d827077e61abddf2beba69fde5432ea031",
            "SHA256": "1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7",
            "SHA384": "53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f"
          },
          "ValidFrom": "2003-12-04 00:00:00",
          "ValidTo": "2013-12-03 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000011e44a5e24e",
          "Signature": "4016df43e479ce76f248f698483061e2f1b452708ed8c612214d4f28831a648e03f731840f1f01d4a418fc008b2c6f1bb837fa4b97c05727b83109267832eef4e45912bd45a159e23511c0d6fc1e987ad982f990f36e07eeb0939acb31ed2c17bc921afa92cd821e2f0f31d328c03ce81c2926ab5a8d9fa1f0303289b68e516f8b5b90ad21f3f4209c909bb0ac2b37161e1db859bb49a63b75ae99d9b64b870194df91e1720e75079fcb05b59e7226fc2e21f5f62377eb6614d3ca3deae6f20b40ae553d02718821eb6a04b0945e9d9274ef292ebd4a4d85a4233ce31066901d3b63d23c481030e9e35cb67729ff3406f27da103406617df628d2b34a7426725",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Primary Object Publishing CA, CN=GlobalSign Primary Object Publishing CA",
          "TBS": {
            "MD5": "1523b60530a241a9dc96e8890e42a0fa",
            "SHA1": "879269f3f467a6d59641960a62fe9cb419355ff6",
            "SHA256": "6811f3e33268aef810dc3277f8f9356adcbc3c36446a0420593b82f3cd526022",
            "SHA384": "92f5e55d6eb6d965c1b698e56cbb8087d80eda1a24eb6ed178abeddafe2fcf524e9f8311ca232be7f5b4555b89b97c6b"
          },
          "ValidFrom": "1999-01-28 13:00:00",
          "ValidTo": "2017-01-27 12:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "0100000000012278a99c57",
          "Signature": "3f77c78bd998d9b9075abfd71ac7e89d5f156e534c3599ea78c098f7d146a98618c037da6f8d6665a83ea8c09b0a4bc12c6aed15ea26ca105670c975f912791142ebfa5c0a7786769cf5c38569f99f87044f85295674c9f3991a443feab793a2d850179a58e27f4534e15bcf2ebad0d372a1876b1dfd874d6cdb69255123ed809364b22f2d9e20189ceae0c723f4a09971732fe9ac1b1994e3785cc44666fbd5691964e8195680955b3686d559a715ac8a1c368a6c4997c0c13ab2b2066a2e8f181582f2d5139e943effe64aa1e421f671f8daf6d4b92f3221d71b673633bc6251c4dfdacda1507cf076503ee4cbef284634bb337925da179b28994572fa224e",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=TW, O=ELITEGROUP COMPUTER SYSTEMS CO, CN=ELITEGROUP COMPUTER SYSTEMS CO",
          "TBS": {
            "MD5": "dc6b27710246f93aebf764fb1e0ea084",
            "SHA1": "823b77e47e9781dc489bf2064a1f675a9add38eb",
            "SHA256": "a2d6ad307418f28f971a5f0fccc7f19bffdd7bbae03058be5428b9b9c5a415ea",
            "SHA384": "16c75e5a347d8e6d34f302fe0982fe46cb058e7ab2655aea58ea7c4857954568c180da1cb379b8bf4b6165f6462327b9"
          },
          "ValidFrom": "2009-07-14 08:54:12",
          "ValidTo": "2010-07-14 08:54:12",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000011e44a5ecbe",
          "Signature": "762e2fe996fef4c3678bf1b07e321701ddb41c0f9e42d179569684be68afa554dbc7a9b55981d41cded9606baec05214fbab2b8e75f853ad91308efc04e4c58803d13f1861eab3d2b1d899f0754509ce7874d4d79e70bd120be405b64d3cf6af38c2881858a7958e7d1671e9b40df726a98f55de60ebc48d046b7b068feefea9c9c80a64240169df2f182058aa3e854c64e3e3832f860d4cf076a982c464981ec3cf5c7c863ec2ee5e9268b1483c857959e93bb4de5123d26648d1f7db967b82fac971e4caa7baca47c34b9183d3cab18f39bb38cccdc14caa9a6353051e1dd75377054d8f8ff7679b5ecebfdc4905ff7ef55180a01638d8b680a0514facf698",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign CA",
          "TBS": {
            "MD5": "16fb30314f4f5ff4dac603580f605778",
            "SHA1": "55c862df1f775f6a4c8e4f963115962a5cffc4ee",
            "SHA256": "aec84e1206957180ccf4e598fa10864ef4ee18ff9fc126b9a54af79c618f0492",
            "SHA384": "a2b0c7b9ffe6e8244a4662099132406aea0a47889ecde7b336c4f09296da2ffbb3718597a0fb570bd1e97e88a24f8fbb"
          },
          "ValidFrom": "2004-01-22 10:00:00",
          "ValidTo": "2017-01-27 11:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, OU=ObjectSign CA, CN=GlobalSign ObjectSign CA",
          "SerialNumber": "0100000000012278a99c57",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    source

    last_updated: 2023-12-22