Description Phymemx64.sys is a vulnerable driver and more information will be added as found.
UUID : 268e87ba-ad44-4f3c-986f-26712cac68daCreated : 2023-01-09Author : Michael HaagDownload
This download link contains the vulnerable driver!
Block Phymemx64.sys across your endpoints Add this driver to your block policy in minutes with MagicSword, threat-driven application control. Free for up to 100 endpoints.
Start Blocking for Free Commands sc.exe create Phymemx64.sys binPath=C:\windows\temp\Phymemx64.sys type=kernel && sc.exe start Phymemx64.sys
Use Case Privileges Operating System Elevate privileges kernel Windows 10
Detections Sigma 🛡️ Expand Names
detects loading using name only
Hashes
detects loading using hashes only
Resources https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md Known Vulnerable Samples Download
Certificates Expand Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b Field Value ToBeSigned (TBS) MD5 d0785ad36e427c92b19f6826ab1e8020 ToBeSigned (TBS) SHA1 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 ToBeSigned (TBS) SHA256 c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff Subject C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 ValidFrom 2012-12-21 00:00:00 ValidTo 2020-12-30 23:59:59 Signature 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 7e93ebfb7cc64e59ea4b9a77d406fc3b Version 3
Certificate 0ecff438c8febf356e04d86a981b1a50 Field Value ToBeSigned (TBS) MD5 e9d38360b914c8863f6cba3ee58764d3 ToBeSigned (TBS) SHA1 4cba8eae47b6bf76f20b3504b98b8f062694a89b ToBeSigned (TBS) SHA256 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 Subject C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 ValidFrom 2012-10-18 00:00:00 ValidTo 2020-12-29 23:59:59 Signature 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 0ecff438c8febf356e04d86a981b1a50 Version 3
Certificate 4c1a3d7c5bdaef3e1166416afe8138e9 Field Value ToBeSigned (TBS) MD5 1a0a4179e76daa46743b2539b13fd821 ToBeSigned (TBS) SHA1 2b9c5371e6b6dab977a12c14592a33a9827ccc63 ToBeSigned (TBS) SHA256 2f093794212c50c6bf6bb6251bcbbcbee9b288538bc8f0561d3bd61321876bc0 Subject C=CN, ST=Guangdong, L=Shenzhen, O=Huawei Technologies Co.,Ltd., OU=Handset Engineer Testing Department (Dongguan), CN=Huawei Technologies Co.,Ltd. ValidFrom 2014-08-26 00:00:00 ValidTo 2017-10-24 23:59:59 Signature 26ae5c92dcdd43ce7bb0268607a9ae0b1a0285edaf34485ad22397a5c488a1bb50d7bdd0920096ad9607b6f14e99e5678022730b02e37d19fa3ae2570290b232b26b816cba6ed7e040a8cb194c0ae2c904c4fa2374b568435655d3491e0df8c5ab2291d0b95135b425f05d79a46f6848d57c7b500f5cd136c1c505ad2513b235f3cc70fbe8e2322515d88c7e0b00d2be887ddc85a709baccf6999097ca01aa284136d0459b6c4af18ec967796e58411af5408ef5ce0e6570cffb3b5937af9c20d58b21416ac11dc09bcb4af20ab90ae95c04fc0a47129641eb7501954aa957c03181342ceb5371257a83307b5de647054be114f91076e8effdbc8dff85ed7a4d SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 4c1a3d7c5bdaef3e1166416afe8138e9 Version 3
Certificate 611993e400000000001c Field Value ToBeSigned (TBS) MD5 78a717e082dcc1cda3458d917e677d14 ToBeSigned (TBS) SHA1 4a872e0e51f9b304469cd1dedb496ee9b8b983a4 ToBeSigned (TBS) SHA256 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8 Subject C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5 ValidFrom 2011-02-22 19:25:17 ValidTo 2021-02-22 19:35:17 Signature 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 611993e400000000001c Version 3
Certificate 5200e5aa2556fc1a86ed96c9d44b33c7 Field Value ToBeSigned (TBS) MD5 b30c31a572b0409383ed3fbe17e56e81 ToBeSigned (TBS) SHA1 4843a82ed3b1f2bfbee9671960e1940c942f688d ToBeSigned (TBS) SHA256 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9 Subject C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA ValidFrom 2010-02-08 00:00:00 ValidTo 2020-02-07 23:59:59 Signature 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 5200e5aa2556fc1a86ed96c9d44b33c7 Version 3
Imports Expand ntoskrnl.exe HAL.dll WDFLDR.SYS Imported Functions Expand ObfDereferenceObject ZwClose ZwOpenSection ObReferenceObjectByHandle ZwUnmapViewOfSection KeBugCheckEx IoDeleteSymbolicLink IoDeleteDevice RtlCopyUnicodeString IoCreateSymbolicLink IoCreateDevice IofCompleteRequest ZwMapViewOfSection RtlInitUnicodeString HalTranslateBusAddress WdfVersionUnbind WdfVersionBind WdfVersionBindClass WdfVersionUnbindClass Exported Functions Expand Sections Expand .text .rdata .data .pdata .gfids INIT .reloc Signature Expand {
"Certificates": [
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"CertificateType": "Intermediate",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "4c1a3d7c5bdaef3e1166416afe8138e9",
"Signature": "26ae5c92dcdd43ce7bb0268607a9ae0b1a0285edaf34485ad22397a5c488a1bb50d7bdd0920096ad9607b6f14e99e5678022730b02e37d19fa3ae2570290b232b26b816cba6ed7e040a8cb194c0ae2c904c4fa2374b568435655d3491e0df8c5ab2291d0b95135b425f05d79a46f6848d57c7b500f5cd136c1c505ad2513b235f3cc70fbe8e2322515d88c7e0b00d2be887ddc85a709baccf6999097ca01aa284136d0459b6c4af18ec967796e58411af5408ef5ce0e6570cffb3b5937af9c20d58b21416ac11dc09bcb4af20ab90ae95c04fc0a47129641eb7501954aa957c03181342ceb5371257a83307b5de647054be114f91076e8effdbc8dff85ed7a4d",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=CN, ST=Guangdong, L=Shenzhen, O=Huawei Technologies Co.,Ltd., OU=Handset Engineer Testing Department (Dongguan), CN=Huawei Technologies Co.,Ltd.",
"TBS": {
"MD5": "1a0a4179e76daa46743b2539b13fd821",
"SHA1": "2b9c5371e6b6dab977a12c14592a33a9827ccc63",
"SHA256": "2f093794212c50c6bf6bb6251bcbbcbee9b288538bc8f0561d3bd61321876bc0",
"SHA384": "7657965883c498864c4e30f49c9cc0ca47bb7cfca05febb54303e3d84964ebb59e979a6e55f59f4216ff11c84fdbafed"
},
"ValidFrom": "2014-08-26 00:00:00",
"ValidTo": "2017-10-24 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "611993e400000000001c",
"Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
"TBS": {
"MD5": "78a717e082dcc1cda3458d917e677d14",
"SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
"SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
"SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
},
"ValidFrom": "2011-02-22 19:25:17",
"ValidTo": "2021-02-22 19:35:17",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
"Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
"TBS": {
"MD5": "b30c31a572b0409383ed3fbe17e56e81",
"SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
"SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
"SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
},
"ValidFrom": "2010-02-08 00:00:00",
"ValidTo": "2020-02-07 23:59:59",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
"SerialNumber": "4c1a3d7c5bdaef3e1166416afe8138e9",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates Expand Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b Field Value ToBeSigned (TBS) MD5 d0785ad36e427c92b19f6826ab1e8020 ToBeSigned (TBS) SHA1 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 ToBeSigned (TBS) SHA256 c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff Subject C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 ValidFrom 2012-12-21 00:00:00 ValidTo 2020-12-30 23:59:59 Signature 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 7e93ebfb7cc64e59ea4b9a77d406fc3b Version 3
Certificate 0ecff438c8febf356e04d86a981b1a50 Field Value ToBeSigned (TBS) MD5 e9d38360b914c8863f6cba3ee58764d3 ToBeSigned (TBS) SHA1 4cba8eae47b6bf76f20b3504b98b8f062694a89b ToBeSigned (TBS) SHA256 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 Subject C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 ValidFrom 2012-10-18 00:00:00 ValidTo 2020-12-29 23:59:59 Signature 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 0ecff438c8febf356e04d86a981b1a50 Version 3
Certificate 6e715e33f17ad55bcbf98c1f14d21f2f Field Value ToBeSigned (TBS) MD5 aa829cf7369d285dbb428dc14444e6ae ToBeSigned (TBS) SHA1 d5a4543912490c76c0a6d42d9a8dde8024d100c9 ToBeSigned (TBS) SHA256 23c19e1c5a1aba427880a0c6c552ad0fb4ce5185a5e783594d77400883a534af Subject C=CN, ST=Guangdong, L=Shenzhen, O=Huawei Technologies Co., Ltd., OU=Consumer Business Group, CN=Huawei Technologies Co., Ltd. ValidFrom 2017-10-30 00:00:00 ValidTo 2021-01-23 23:59:59 Signature 53d3330f00f18d9f5704ab37420ac867216e0cabf74f67b5da22f19db9bd3221a7f3dd478511cbe501c046d577fb2ff74393869d165bbb4d4c1c0554b73526375e69ce1cb3635070afa1998a4409090def6c19b855b690e95792d5fd469087ebd0243bebfeb0d7e61c88b6c0105f93f48f126bd20c624e547604ab1d88d2896086790ee5d63e184c27333d44d5e53b2d83de1711d3e85b550badc259f5b52f1c5c0092d2139479ec9aae77e444458fc6671111e79e401cde8e1f7cec7370e34364fa6d9dc64c4802ccf01f04af42c465fa3f05e4968c9d2ad6662f44aaa779a6ab37acd8610f1cf54609c4996a114c80c2c3d7e04946ee58e33f5bd8bdfddc04 SignatureAlgorithmOID 1.2.840.113549.1.1.11 IsCertificateAuthority False SerialNumber 6e715e33f17ad55bcbf98c1f14d21f2f Version 3
Certificate 3d78d7f9764960b2617df4f01eca862a Field Value ToBeSigned (TBS) MD5 1f056ff7d5f874984dc605402b7cb042 ToBeSigned (TBS) SHA1 bdb348353a2203deb4b767914fa1bd7248dd728b ToBeSigned (TBS) SHA256 a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1 Subject C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 SHA256 Code Signing CA ValidFrom 2013-12-10 00:00:00 ValidTo 2023-12-09 23:59:59 Signature 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421 SignatureAlgorithmOID 1.2.840.113549.1.1.11 IsCertificateAuthority True SerialNumber 3d78d7f9764960b2617df4f01eca862a Version 3
Certificate 611993e400000000001c Field Value ToBeSigned (TBS) MD5 78a717e082dcc1cda3458d917e677d14 ToBeSigned (TBS) SHA1 4a872e0e51f9b304469cd1dedb496ee9b8b983a4 ToBeSigned (TBS) SHA256 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8 Subject C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5 ValidFrom 2011-02-22 19:25:17 ValidTo 2021-02-22 19:35:17 Signature 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 611993e400000000001c Version 3
Imports Expand ntoskrnl.exe HAL.dll WDFLDR.SYS Imported Functions Expand ObfDereferenceObject ZwClose ZwOpenSection ObReferenceObjectByHandle ZwUnmapViewOfSection KeBugCheckEx IoDeleteSymbolicLink IoDeleteDevice RtlCopyUnicodeString IoCreateSymbolicLink IoCreateDevice IofCompleteRequest ZwMapViewOfSection RtlInitUnicodeString HalTranslateBusAddress WdfVersionUnbind WdfVersionBind WdfVersionBindClass WdfVersionUnbindClass Exported Functions Expand Sections Expand .text .rdata .data .pdata .gfids INIT .reloc Signature Expand {
"Certificates": [
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"CertificateType": "Intermediate",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "4c1a3d7c5bdaef3e1166416afe8138e9",
"Signature": "26ae5c92dcdd43ce7bb0268607a9ae0b1a0285edaf34485ad22397a5c488a1bb50d7bdd0920096ad9607b6f14e99e5678022730b02e37d19fa3ae2570290b232b26b816cba6ed7e040a8cb194c0ae2c904c4fa2374b568435655d3491e0df8c5ab2291d0b95135b425f05d79a46f6848d57c7b500f5cd136c1c505ad2513b235f3cc70fbe8e2322515d88c7e0b00d2be887ddc85a709baccf6999097ca01aa284136d0459b6c4af18ec967796e58411af5408ef5ce0e6570cffb3b5937af9c20d58b21416ac11dc09bcb4af20ab90ae95c04fc0a47129641eb7501954aa957c03181342ceb5371257a83307b5de647054be114f91076e8effdbc8dff85ed7a4d",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=CN, ST=Guangdong, L=Shenzhen, O=Huawei Technologies Co.,Ltd., OU=Handset Engineer Testing Department (Dongguan), CN=Huawei Technologies Co.,Ltd.",
"TBS": {
"MD5": "1a0a4179e76daa46743b2539b13fd821",
"SHA1": "2b9c5371e6b6dab977a12c14592a33a9827ccc63",
"SHA256": "2f093794212c50c6bf6bb6251bcbbcbee9b288538bc8f0561d3bd61321876bc0",
"SHA384": "7657965883c498864c4e30f49c9cc0ca47bb7cfca05febb54303e3d84964ebb59e979a6e55f59f4216ff11c84fdbafed"
},
"ValidFrom": "2014-08-26 00:00:00",
"ValidTo": "2017-10-24 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "611993e400000000001c",
"Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
"TBS": {
"MD5": "78a717e082dcc1cda3458d917e677d14",
"SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
"SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
"SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
},
"ValidFrom": "2011-02-22 19:25:17",
"ValidTo": "2021-02-22 19:35:17",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
"Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
"TBS": {
"MD5": "b30c31a572b0409383ed3fbe17e56e81",
"SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
"SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
"SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
},
"ValidFrom": "2010-02-08 00:00:00",
"ValidTo": "2020-02-07 23:59:59",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
"SerialNumber": "4c1a3d7c5bdaef3e1166416afe8138e9",
"Version": 1
}
],
"SignerInfo": ""
}
source
last_updated: 2026-05-20
