Description The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable drivers (237 file hashes) accepting firmware access. Six allow kernel memory access. All give full control of the devices to non-admin users. By exploiting the vulnerable drivers, an attacker without the system privilege may erase/alter firmware, and/or elevate privileges. As of the time of writing in October 2023, the filenames of the vulnerable drivers have not been made public until now.
UUID : 62f76f62-ef82-49ea-a26f-36e5727e8d83Created : 2023-11-02Author : Takahiro HaruyamaDownload
This download link contains the vulnerable driver!
Block sysconp.sys across your endpoints Add this driver to your block policy in minutes with MagicSword, threat-driven application control. Free for up to 100 endpoints.
Start Blocking for Free Commands sc.exe create sysconpsys binPath= C:\windows\temp\sysconpsys.sys type=kernel && sc.exe start sysconpsys
Use Case Privileges Operating System Elevate privileges kernel Windows 10
Detections Sigma 🛡️ Expand Names
detects loading using name only
Hashes
detects loading using hashes only
Resources https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html Known Vulnerable Samples Download
Certificates Expand Certificate 3825d7faf861af9ef490e726b5d65ad5 Field Value ToBeSigned (TBS) MD5 d6c7684e9aaa508cf268335f83afe040 ToBeSigned (TBS) SHA1 18066d20ad92409c567cdfde745279ff71c75226 ToBeSigned (TBS) SHA256 a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff Subject C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2 ValidFrom 2007-06-15 00:00:00 ValidTo 2012-06-14 23:59:59 Signature 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 3825d7faf861af9ef490e726b5d65ad5 Version 3
Certificate 47bf1995df8d524643f7db6d480d31a4 Field Value ToBeSigned (TBS) MD5 518d2ea8a21e879c942d504824ac211c ToBeSigned (TBS) SHA1 21ce87d827077e61abddf2beba69fde5432ea031 ToBeSigned (TBS) SHA256 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7 Subject C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA ValidFrom 2003-12-04 00:00:00 ValidTo 2013-12-03 23:59:59 Signature 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 47bf1995df8d524643f7db6d480d31a4 Version 3
Certificate 250ce8e030612e9f2b89f7054d7cf8fd Field Value ToBeSigned (TBS) MD5 918d9eb6a6cd36c531eceb926170a7e1 ToBeSigned (TBS) SHA1 0ae95700d65e6f59715aa47048993ca7858e676a ToBeSigned (TBS) SHA256 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166 Subject C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5 ValidFrom 2006-11-08 00:00:00 ValidTo 2021-11-07 23:59:59 Signature 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 250ce8e030612e9f2b89f7054d7cf8fd Version 3
Certificate 610c120600000000001b Field Value ToBeSigned (TBS) MD5 53c41bc1164e09e0cd1617a5bf913efd ToBeSigned (TBS) SHA1 93c03aac8951d494ecd5696b1c08658541b18727 ToBeSigned (TBS) SHA256 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b Subject C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority ValidFrom 2006-05-23 17:01:29 ValidTo 2016-05-23 17:11:29 Signature 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 610c120600000000001b Version 3
Certificate 3a0593c75cd5460ae4a6b31bdaac5ea4 Field Value ToBeSigned (TBS) MD5 0cbd510eccadadb08dd14dab94b78e8e ToBeSigned (TBS) SHA1 567c2082d494ccc1ab4f5a18515521cecf63e646 ToBeSigned (TBS) SHA256 650364646a43560b50c2131a0fa2617d290c00179155c6a4119d15a2717ec114 Subject C=US, ST=North Carolina, L=RESEARCH TRIANGLE PARK, O=IBM, OU=Digital ID Class 3 , Microsoft VBA Software Validation v2, CN=IBM ValidFrom 2011-04-20 00:00:00 ValidTo 2012-07-19 23:59:59 Signature 56291a14baf3f935354316c3c171519cb7da463c8f4cb2977f347e8a592815cf8990b3e66585577d9fc02a29112aa06489a0344c703c62b90d674392abb27e11fa8f8dc5fb53f052a6a6a0972eb84e42f51d8fd94be0173ed9a673404ca44d183db4b23bc6b1eae66f3aebba8fb57b742fa33e2b2aecdab2bd3b66cca9211bfdcba858f87301dd35ba51e3fe3690aeed2d97b953458bfbacde74eefaad0d17c6a1a09a75bfc78c144437ec650f5fd18f4151d18894bfd9802a4cc4b52e43bec3b43319c9972d6b88a57b39527d5a39b1cdefef21804ad236ebdd44de5b1b02dcb40d312b4ff408b8a1013d2e1fa75757c92267fada76c201e6ea408957784322 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 3a0593c75cd5460ae4a6b31bdaac5ea4 Version 3
Certificate 5200e5aa2556fc1a86ed96c9d44b33c7 Field Value ToBeSigned (TBS) MD5 b30c31a572b0409383ed3fbe17e56e81 ToBeSigned (TBS) SHA1 4843a82ed3b1f2bfbee9671960e1940c942f688d ToBeSigned (TBS) SHA256 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9 Subject C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA ValidFrom 2010-02-08 00:00:00 ValidTo 2020-02-07 23:59:59 Signature 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 5200e5aa2556fc1a86ed96c9d44b33c7 Version 3
Imports Expand Imported Functions Expand ExFreePoolWithTag IoQueryDeviceDescription KeSetSystemGroupAffinityThread MmMapLockedPages KeSetSystemAffinityThreadEx RtlInitUnicodeString IoDeleteDevice RtlUnicodeStringToAnsiString MmUnmapIoSpace MmBuildMdlForNonPagedPool IoFreeMdl MmMapLockedPagesSpecifyCache IoDeleteSymbolicLink ExAllocatePool MmMapIoSpace ZwClose IofCompleteRequest KeRevertToUserAffinityThreadEx IoCreateSymbolicLink IoCreateDevice KeRevertToUserGroupAffinityThread DbgPrint IoAllocateMdl ZwOpenKey KeBugCheckEx KeQueryActiveProcessors ZwQueryValueKey MmUnmapLockedPages HalSetBusDataByOffset HalGetBusDataByOffset Exported Functions Expand Sections Expand .text .rdata .data .pdata INIT Signature Expand {
"Certificates": [
{
"CertificateType": "Intermediate",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": false,
"SerialNumber": "3825d7faf861af9ef490e726b5d65ad5",
"Signature": "50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2",
"TBS": {
"MD5": "d6c7684e9aaa508cf268335f83afe040",
"SHA1": "18066d20ad92409c567cdfde745279ff71c75226",
"SHA256": "a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff",
"SHA384": "35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7"
},
"ValidFrom": "2007-06-15 00:00:00",
"ValidTo": "2012-06-14 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "47bf1995df8d524643f7db6d480d31a4",
"Signature": "4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA",
"TBS": {
"MD5": "518d2ea8a21e879c942d504824ac211c",
"SHA1": "21ce87d827077e61abddf2beba69fde5432ea031",
"SHA256": "1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7",
"SHA384": "53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f"
},
"ValidFrom": "2003-12-04 00:00:00",
"ValidTo": "2013-12-03 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "250ce8e030612e9f2b89f7054d7cf8fd",
"Signature": "1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
"TBS": {
"MD5": "918d9eb6a6cd36c531eceb926170a7e1",
"SHA1": "0ae95700d65e6f59715aa47048993ca7858e676a",
"SHA256": "47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166",
"SHA384": "e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85"
},
"ValidFrom": "2006-11-08 00:00:00",
"ValidTo": "2021-11-07 23:59:59",
"Version": 3
},
{
"CertificateType": "Intermediate",
"IsCA": false,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "610c120600000000001b",
"Signature": "01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority",
"TBS": {
"MD5": "53c41bc1164e09e0cd1617a5bf913efd",
"SHA1": "93c03aac8951d494ecd5696b1c08658541b18727",
"SHA256": "40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b",
"SHA384": "f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8"
},
"ValidFrom": "2006-05-23 17:01:29",
"ValidTo": "2016-05-23 17:11:29",
"Version": 3
},
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "3a0593c75cd5460ae4a6b31bdaac5ea4",
"Signature": "56291a14baf3f935354316c3c171519cb7da463c8f4cb2977f347e8a592815cf8990b3e66585577d9fc02a29112aa06489a0344c703c62b90d674392abb27e11fa8f8dc5fb53f052a6a6a0972eb84e42f51d8fd94be0173ed9a673404ca44d183db4b23bc6b1eae66f3aebba8fb57b742fa33e2b2aecdab2bd3b66cca9211bfdcba858f87301dd35ba51e3fe3690aeed2d97b953458bfbacde74eefaad0d17c6a1a09a75bfc78c144437ec650f5fd18f4151d18894bfd9802a4cc4b52e43bec3b43319c9972d6b88a57b39527d5a39b1cdefef21804ad236ebdd44de5b1b02dcb40d312b4ff408b8a1013d2e1fa75757c92267fada76c201e6ea408957784322",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, ST=North Carolina, L=RESEARCH TRIANGLE PARK, O=IBM, OU=Digital ID Class 3 , Microsoft VBA Software Validation v2, CN=IBM",
"TBS": {
"MD5": "0cbd510eccadadb08dd14dab94b78e8e",
"SHA1": "567c2082d494ccc1ab4f5a18515521cecf63e646",
"SHA256": "650364646a43560b50c2131a0fa2617d290c00179155c6a4119d15a2717ec114",
"SHA384": "e899d39966818628a0ed8550fdf7a55433f175c1a4ea1998477bfc64dd01c82735aafeed37729ae53cb87c21bd4d207c"
},
"ValidFrom": "2011-04-20 00:00:00",
"ValidTo": "2012-07-19 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
"Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
"TBS": {
"MD5": "b30c31a572b0409383ed3fbe17e56e81",
"SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
"SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
"SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
},
"ValidFrom": "2010-02-08 00:00:00",
"ValidTo": "2020-02-07 23:59:59",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
"SerialNumber": "3a0593c75cd5460ae4a6b31bdaac5ea4",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates Expand Certificate 3825d7faf861af9ef490e726b5d65ad5 Field Value ToBeSigned (TBS) MD5 d6c7684e9aaa508cf268335f83afe040 ToBeSigned (TBS) SHA1 18066d20ad92409c567cdfde745279ff71c75226 ToBeSigned (TBS) SHA256 a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff Subject C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2 ValidFrom 2007-06-15 00:00:00 ValidTo 2012-06-14 23:59:59 Signature 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 3825d7faf861af9ef490e726b5d65ad5 Version 3
Certificate 47bf1995df8d524643f7db6d480d31a4 Field Value ToBeSigned (TBS) MD5 518d2ea8a21e879c942d504824ac211c ToBeSigned (TBS) SHA1 21ce87d827077e61abddf2beba69fde5432ea031 ToBeSigned (TBS) SHA256 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7 Subject C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA ValidFrom 2003-12-04 00:00:00 ValidTo 2013-12-03 23:59:59 Signature 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 47bf1995df8d524643f7db6d480d31a4 Version 3
Certificate 250ce8e030612e9f2b89f7054d7cf8fd Field Value ToBeSigned (TBS) MD5 918d9eb6a6cd36c531eceb926170a7e1 ToBeSigned (TBS) SHA1 0ae95700d65e6f59715aa47048993ca7858e676a ToBeSigned (TBS) SHA256 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166 Subject C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5 ValidFrom 2006-11-08 00:00:00 ValidTo 2021-11-07 23:59:59 Signature 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 250ce8e030612e9f2b89f7054d7cf8fd Version 3
Certificate 610c120600000000001b Field Value ToBeSigned (TBS) MD5 53c41bc1164e09e0cd1617a5bf913efd ToBeSigned (TBS) SHA1 93c03aac8951d494ecd5696b1c08658541b18727 ToBeSigned (TBS) SHA256 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b Subject C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority ValidFrom 2006-05-23 17:01:29 ValidTo 2016-05-23 17:11:29 Signature 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 610c120600000000001b Version 3
Certificate 3a0593c75cd5460ae4a6b31bdaac5ea4 Field Value ToBeSigned (TBS) MD5 0cbd510eccadadb08dd14dab94b78e8e ToBeSigned (TBS) SHA1 567c2082d494ccc1ab4f5a18515521cecf63e646 ToBeSigned (TBS) SHA256 650364646a43560b50c2131a0fa2617d290c00179155c6a4119d15a2717ec114 Subject C=US, ST=North Carolina, L=RESEARCH TRIANGLE PARK, O=IBM, OU=Digital ID Class 3 , Microsoft VBA Software Validation v2, CN=IBM ValidFrom 2011-04-20 00:00:00 ValidTo 2012-07-19 23:59:59 Signature 56291a14baf3f935354316c3c171519cb7da463c8f4cb2977f347e8a592815cf8990b3e66585577d9fc02a29112aa06489a0344c703c62b90d674392abb27e11fa8f8dc5fb53f052a6a6a0972eb84e42f51d8fd94be0173ed9a673404ca44d183db4b23bc6b1eae66f3aebba8fb57b742fa33e2b2aecdab2bd3b66cca9211bfdcba858f87301dd35ba51e3fe3690aeed2d97b953458bfbacde74eefaad0d17c6a1a09a75bfc78c144437ec650f5fd18f4151d18894bfd9802a4cc4b52e43bec3b43319c9972d6b88a57b39527d5a39b1cdefef21804ad236ebdd44de5b1b02dcb40d312b4ff408b8a1013d2e1fa75757c92267fada76c201e6ea408957784322 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 3a0593c75cd5460ae4a6b31bdaac5ea4 Version 3
Certificate 5200e5aa2556fc1a86ed96c9d44b33c7 Field Value ToBeSigned (TBS) MD5 b30c31a572b0409383ed3fbe17e56e81 ToBeSigned (TBS) SHA1 4843a82ed3b1f2bfbee9671960e1940c942f688d ToBeSigned (TBS) SHA256 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9 Subject C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA ValidFrom 2010-02-08 00:00:00 ValidTo 2020-02-07 23:59:59 Signature 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 5200e5aa2556fc1a86ed96c9d44b33c7 Version 3
Imports Expand Imported Functions Expand ExFreePoolWithTag IoQueryDeviceDescription KeSetSystemGroupAffinityThread MmMapLockedPages KeSetSystemAffinityThreadEx RtlInitUnicodeString IoDeleteDevice RtlUnicodeStringToAnsiString MmUnmapIoSpace MmBuildMdlForNonPagedPool IoFreeMdl MmMapLockedPagesSpecifyCache IoDeleteSymbolicLink ExAllocatePool MmMapIoSpace ZwClose IofCompleteRequest KeRevertToUserAffinityThreadEx IoCreateSymbolicLink IoCreateDevice KeRevertToUserGroupAffinityThread DbgPrint IoAllocateMdl ZwOpenKey KeBugCheckEx KeQueryActiveProcessors ZwQueryValueKey MmUnmapLockedPages HalSetBusDataByOffset HalGetBusDataByOffset Exported Functions Expand Sections Expand .text .rdata .data .pdata INIT Signature Expand {
"Certificates": [
{
"CertificateType": "Intermediate",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": false,
"SerialNumber": "3825d7faf861af9ef490e726b5d65ad5",
"Signature": "50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2",
"TBS": {
"MD5": "d6c7684e9aaa508cf268335f83afe040",
"SHA1": "18066d20ad92409c567cdfde745279ff71c75226",
"SHA256": "a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff",
"SHA384": "35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7"
},
"ValidFrom": "2007-06-15 00:00:00",
"ValidTo": "2012-06-14 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "47bf1995df8d524643f7db6d480d31a4",
"Signature": "4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA",
"TBS": {
"MD5": "518d2ea8a21e879c942d504824ac211c",
"SHA1": "21ce87d827077e61abddf2beba69fde5432ea031",
"SHA256": "1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7",
"SHA384": "53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f"
},
"ValidFrom": "2003-12-04 00:00:00",
"ValidTo": "2013-12-03 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "250ce8e030612e9f2b89f7054d7cf8fd",
"Signature": "1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
"TBS": {
"MD5": "918d9eb6a6cd36c531eceb926170a7e1",
"SHA1": "0ae95700d65e6f59715aa47048993ca7858e676a",
"SHA256": "47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166",
"SHA384": "e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85"
},
"ValidFrom": "2006-11-08 00:00:00",
"ValidTo": "2021-11-07 23:59:59",
"Version": 3
},
{
"CertificateType": "Intermediate",
"IsCA": false,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "610c120600000000001b",
"Signature": "01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority",
"TBS": {
"MD5": "53c41bc1164e09e0cd1617a5bf913efd",
"SHA1": "93c03aac8951d494ecd5696b1c08658541b18727",
"SHA256": "40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b",
"SHA384": "f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8"
},
"ValidFrom": "2006-05-23 17:01:29",
"ValidTo": "2016-05-23 17:11:29",
"Version": 3
},
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "3a0593c75cd5460ae4a6b31bdaac5ea4",
"Signature": "56291a14baf3f935354316c3c171519cb7da463c8f4cb2977f347e8a592815cf8990b3e66585577d9fc02a29112aa06489a0344c703c62b90d674392abb27e11fa8f8dc5fb53f052a6a6a0972eb84e42f51d8fd94be0173ed9a673404ca44d183db4b23bc6b1eae66f3aebba8fb57b742fa33e2b2aecdab2bd3b66cca9211bfdcba858f87301dd35ba51e3fe3690aeed2d97b953458bfbacde74eefaad0d17c6a1a09a75bfc78c144437ec650f5fd18f4151d18894bfd9802a4cc4b52e43bec3b43319c9972d6b88a57b39527d5a39b1cdefef21804ad236ebdd44de5b1b02dcb40d312b4ff408b8a1013d2e1fa75757c92267fada76c201e6ea408957784322",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, ST=North Carolina, L=RESEARCH TRIANGLE PARK, O=IBM, OU=Digital ID Class 3 , Microsoft VBA Software Validation v2, CN=IBM",
"TBS": {
"MD5": "0cbd510eccadadb08dd14dab94b78e8e",
"SHA1": "567c2082d494ccc1ab4f5a18515521cecf63e646",
"SHA256": "650364646a43560b50c2131a0fa2617d290c00179155c6a4119d15a2717ec114",
"SHA384": "e899d39966818628a0ed8550fdf7a55433f175c1a4ea1998477bfc64dd01c82735aafeed37729ae53cb87c21bd4d207c"
},
"ValidFrom": "2011-04-20 00:00:00",
"ValidTo": "2012-07-19 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
"Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
"TBS": {
"MD5": "b30c31a572b0409383ed3fbe17e56e81",
"SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
"SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
"SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
},
"ValidFrom": "2010-02-08 00:00:00",
"ValidTo": "2020-02-07 23:59:59",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
"SerialNumber": "3a0593c75cd5460ae4a6b31bdaac5ea4",
"Version": 1
}
],
"SignerInfo": ""
}
source
last_updated: 2026-05-04
