62f76f62-ef82-49ea-a26f-36e5727e8d83

sysconp.sys :inline

Description

The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable drivers (237 file hashes) accepting firmware access. Six allow kernel memory access. All give full control of the devices to non-admin users. By exploiting the vulnerable drivers, an attacker without the system privilege may erase/alter firmware, and/or elevate privileges. As of the time of writing in October 2023, the filenames of the vulnerable drivers have not been made public until now.

  • UUID: 62f76f62-ef82-49ea-a26f-36e5727e8d83
  • Created: 2023-11-02
  • Author: Takahiro Haruyama
  • Acknowledgement: |

Download

This download link contains the vulnerable driver!

Commands

sc.exe create sysconpsys binPath= C:\windows\temp\sysconpsys.sys type=kernel && sc.exe start sysconpsys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html

  • Known Vulnerable Samples

    PropertyValue
    Filename
    Creation Timestamp2011-10-26 13:46:20
    MD5bc1eeb4993a601e6f7776233028ac095
    SHA10e1df95042081fa2408782f14ce483f0db19d5ab
    SHA256dba8db472e51edd59f0bbaf4e09df71613d4dd26fd05f14a9bc7e3fc217a78aa
    Authentihash MD5098c6c8b888882dc30a5ad289503d39e
    Authentihash SHA17d7bbe8f7c7445b98b02d0ac4da109b6275331bf
    Authentihash SHA25642446592b42e34bf569a631265bcaf2a2192d424531a343a7680f52199b88462
    RichPEHeaderHash MD5204ddc0fcad4a99a086860c54380a424
    RichPEHeaderHash SHA193220442cc08a28ed6b00909367449ba4408de01
    RichPEHeaderHash SHA256bcbb408d5c46058cf9cc641e04a5310321458238e9a08b1a0bef382dbf4d6d6d

    Download

    Certificates

    Expand
    Certificate 3825d7faf861af9ef490e726b5d65ad5
    FieldValue
    ToBeSigned (TBS) MD5d6c7684e9aaa508cf268335f83afe040
    ToBeSigned (TBS) SHA118066d20ad92409c567cdfde745279ff71c75226
    ToBeSigned (TBS) SHA256a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2
    ValidFrom2007-06-15 00:00:00
    ValidTo2012-06-14 23:59:59
    Signature50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber3825d7faf861af9ef490e726b5d65ad5
    Version3
    Certificate 47bf1995df8d524643f7db6d480d31a4
    FieldValue
    ToBeSigned (TBS) MD5518d2ea8a21e879c942d504824ac211c
    ToBeSigned (TBS) SHA121ce87d827077e61abddf2beba69fde5432ea031
    ToBeSigned (TBS) SHA2561ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
    ValidFrom2003-12-04 00:00:00
    ValidTo2013-12-03 23:59:59
    Signature4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47bf1995df8d524643f7db6d480d31a4
    Version3
    Certificate 250ce8e030612e9f2b89f7054d7cf8fd
    FieldValue
    ToBeSigned (TBS) MD5918d9eb6a6cd36c531eceb926170a7e1
    ToBeSigned (TBS) SHA10ae95700d65e6f59715aa47048993ca7858e676a
    ToBeSigned (TBS) SHA25647c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
    ValidFrom2006-11-08 00:00:00
    ValidTo2021-11-07 23:59:59
    Signature1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber250ce8e030612e9f2b89f7054d7cf8fd
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3
    Certificate 3a0593c75cd5460ae4a6b31bdaac5ea4
    FieldValue
    ToBeSigned (TBS) MD50cbd510eccadadb08dd14dab94b78e8e
    ToBeSigned (TBS) SHA1567c2082d494ccc1ab4f5a18515521cecf63e646
    ToBeSigned (TBS) SHA256650364646a43560b50c2131a0fa2617d290c00179155c6a4119d15a2717ec114
    SubjectC=US, ST=North Carolina, L=RESEARCH TRIANGLE PARK, O=IBM, OU=Digital ID Class 3 , Microsoft VBA Software Validation v2, CN=IBM
    ValidFrom2011-04-20 00:00:00
    ValidTo2012-07-19 23:59:59
    Signature56291a14baf3f935354316c3c171519cb7da463c8f4cb2977f347e8a592815cf8990b3e66585577d9fc02a29112aa06489a0344c703c62b90d674392abb27e11fa8f8dc5fb53f052a6a6a0972eb84e42f51d8fd94be0173ed9a673404ca44d183db4b23bc6b1eae66f3aebba8fb57b742fa33e2b2aecdab2bd3b66cca9211bfdcba858f87301dd35ba51e3fe3690aeed2d97b953458bfbacde74eefaad0d17c6a1a09a75bfc78c144437ec650f5fd18f4151d18894bfd9802a4cc4b52e43bec3b43319c9972d6b88a57b39527d5a39b1cdefef21804ad236ebdd44de5b1b02dcb40d312b4ff408b8a1013d2e1fa75757c92267fada76c201e6ea408957784322
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber3a0593c75cd5460ae4a6b31bdaac5ea4
    Version3
    Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
    FieldValue
    ToBeSigned (TBS) MD5b30c31a572b0409383ed3fbe17e56e81
    ToBeSigned (TBS) SHA14843a82ed3b1f2bfbee9671960e1940c942f688d
    ToBeSigned (TBS) SHA25603cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber5200e5aa2556fc1a86ed96c9d44b33c7
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • ExFreePoolWithTag
    • IoQueryDeviceDescription
    • KeSetSystemGroupAffinityThread
    • MmMapLockedPages
    • KeSetSystemAffinityThreadEx
    • RtlInitUnicodeString
    • IoDeleteDevice
    • RtlUnicodeStringToAnsiString
    • MmUnmapIoSpace
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • MmMapLockedPagesSpecifyCache
    • IoDeleteSymbolicLink
    • ExAllocatePool
    • MmMapIoSpace
    • ZwClose
    • IofCompleteRequest
    • KeRevertToUserAffinityThreadEx
    • IoCreateSymbolicLink
    • IoCreateDevice
    • KeRevertToUserGroupAffinityThread
    • DbgPrint
    • IoAllocateMdl
    • ZwOpenKey
    • KeBugCheckEx
    • KeQueryActiveProcessors
    • ZwQueryValueKey
    • MmUnmapLockedPages
    • HalSetBusDataByOffset
    • HalGetBusDataByOffset

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "3825d7faf861af9ef490e726b5d65ad5",
          "Signature": "50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2",
          "TBS": {
            "MD5": "d6c7684e9aaa508cf268335f83afe040",
            "SHA1": "18066d20ad92409c567cdfde745279ff71c75226",
            "SHA256": "a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff",
            "SHA384": "35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7"
          },
          "ValidFrom": "2007-06-15 00:00:00",
          "ValidTo": "2012-06-14 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "47bf1995df8d524643f7db6d480d31a4",
          "Signature": "4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA",
          "TBS": {
            "MD5": "518d2ea8a21e879c942d504824ac211c",
            "SHA1": "21ce87d827077e61abddf2beba69fde5432ea031",
            "SHA256": "1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7",
            "SHA384": "53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f"
          },
          "ValidFrom": "2003-12-04 00:00:00",
          "ValidTo": "2013-12-03 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "250ce8e030612e9f2b89f7054d7cf8fd",
          "Signature": "1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
          "TBS": {
            "MD5": "918d9eb6a6cd36c531eceb926170a7e1",
            "SHA1": "0ae95700d65e6f59715aa47048993ca7858e676a",
            "SHA256": "47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166",
            "SHA384": "e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85"
          },
          "ValidFrom": "2006-11-08 00:00:00",
          "ValidTo": "2021-11-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610c120600000000001b",
          "Signature": "01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority",
          "TBS": {
            "MD5": "53c41bc1164e09e0cd1617a5bf913efd",
            "SHA1": "93c03aac8951d494ecd5696b1c08658541b18727",
            "SHA256": "40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b",
            "SHA384": "f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8"
          },
          "ValidFrom": "2006-05-23 17:01:29",
          "ValidTo": "2016-05-23 17:11:29",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "3a0593c75cd5460ae4a6b31bdaac5ea4",
          "Signature": "56291a14baf3f935354316c3c171519cb7da463c8f4cb2977f347e8a592815cf8990b3e66585577d9fc02a29112aa06489a0344c703c62b90d674392abb27e11fa8f8dc5fb53f052a6a6a0972eb84e42f51d8fd94be0173ed9a673404ca44d183db4b23bc6b1eae66f3aebba8fb57b742fa33e2b2aecdab2bd3b66cca9211bfdcba858f87301dd35ba51e3fe3690aeed2d97b953458bfbacde74eefaad0d17c6a1a09a75bfc78c144437ec650f5fd18f4151d18894bfd9802a4cc4b52e43bec3b43319c9972d6b88a57b39527d5a39b1cdefef21804ad236ebdd44de5b1b02dcb40d312b4ff408b8a1013d2e1fa75757c92267fada76c201e6ea408957784322",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=RESEARCH TRIANGLE PARK, O=IBM, OU=Digital ID Class 3 , Microsoft VBA Software Validation v2, CN=IBM",
          "TBS": {
            "MD5": "0cbd510eccadadb08dd14dab94b78e8e",
            "SHA1": "567c2082d494ccc1ab4f5a18515521cecf63e646",
            "SHA256": "650364646a43560b50c2131a0fa2617d290c00179155c6a4119d15a2717ec114",
            "SHA384": "e899d39966818628a0ed8550fdf7a55433f175c1a4ea1998477bfc64dd01c82735aafeed37729ae53cb87c21bd4d207c"
          },
          "ValidFrom": "2011-04-20 00:00:00",
          "ValidTo": "2012-07-19 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
          "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "TBS": {
            "MD5": "b30c31a572b0409383ed3fbe17e56e81",
            "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
            "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
            "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "SerialNumber": "3a0593c75cd5460ae4a6b31bdaac5ea4",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2012-01-31 11:42:33
    MD5a2be99e4904264baa5649c4d4cd13a17
    SHA1ec1eafb87340b18c7ef3bc349fed1ddd5d3678f6
    SHA256df4c02beb039d15ff0c691bbc3595c9edfc1d24e783c8538a859bc5ea537188d
    Authentihash MD53992bbdd329cc77ce637f85b10bc93a7
    Authentihash SHA1f02835c1c4e0d69f9ed80e97345ee6f2258c601c
    Authentihash SHA2569303894ee50d95911ccd4583b2aa5484db63de0d8f799b14854577e15914df2d
    RichPEHeaderHash MD5204ddc0fcad4a99a086860c54380a424
    RichPEHeaderHash SHA193220442cc08a28ed6b00909367449ba4408de01
    RichPEHeaderHash SHA256bcbb408d5c46058cf9cc641e04a5310321458238e9a08b1a0bef382dbf4d6d6d

    Download

    Certificates

    Expand
    Certificate 3825d7faf861af9ef490e726b5d65ad5
    FieldValue
    ToBeSigned (TBS) MD5d6c7684e9aaa508cf268335f83afe040
    ToBeSigned (TBS) SHA118066d20ad92409c567cdfde745279ff71c75226
    ToBeSigned (TBS) SHA256a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2
    ValidFrom2007-06-15 00:00:00
    ValidTo2012-06-14 23:59:59
    Signature50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber3825d7faf861af9ef490e726b5d65ad5
    Version3
    Certificate 47bf1995df8d524643f7db6d480d31a4
    FieldValue
    ToBeSigned (TBS) MD5518d2ea8a21e879c942d504824ac211c
    ToBeSigned (TBS) SHA121ce87d827077e61abddf2beba69fde5432ea031
    ToBeSigned (TBS) SHA2561ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
    ValidFrom2003-12-04 00:00:00
    ValidTo2013-12-03 23:59:59
    Signature4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47bf1995df8d524643f7db6d480d31a4
    Version3
    Certificate 250ce8e030612e9f2b89f7054d7cf8fd
    FieldValue
    ToBeSigned (TBS) MD5918d9eb6a6cd36c531eceb926170a7e1
    ToBeSigned (TBS) SHA10ae95700d65e6f59715aa47048993ca7858e676a
    ToBeSigned (TBS) SHA25647c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
    ValidFrom2006-11-08 00:00:00
    ValidTo2021-11-07 23:59:59
    Signature1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber250ce8e030612e9f2b89f7054d7cf8fd
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3
    Certificate 3a0593c75cd5460ae4a6b31bdaac5ea4
    FieldValue
    ToBeSigned (TBS) MD50cbd510eccadadb08dd14dab94b78e8e
    ToBeSigned (TBS) SHA1567c2082d494ccc1ab4f5a18515521cecf63e646
    ToBeSigned (TBS) SHA256650364646a43560b50c2131a0fa2617d290c00179155c6a4119d15a2717ec114
    SubjectC=US, ST=North Carolina, L=RESEARCH TRIANGLE PARK, O=IBM, OU=Digital ID Class 3 , Microsoft VBA Software Validation v2, CN=IBM
    ValidFrom2011-04-20 00:00:00
    ValidTo2012-07-19 23:59:59
    Signature56291a14baf3f935354316c3c171519cb7da463c8f4cb2977f347e8a592815cf8990b3e66585577d9fc02a29112aa06489a0344c703c62b90d674392abb27e11fa8f8dc5fb53f052a6a6a0972eb84e42f51d8fd94be0173ed9a673404ca44d183db4b23bc6b1eae66f3aebba8fb57b742fa33e2b2aecdab2bd3b66cca9211bfdcba858f87301dd35ba51e3fe3690aeed2d97b953458bfbacde74eefaad0d17c6a1a09a75bfc78c144437ec650f5fd18f4151d18894bfd9802a4cc4b52e43bec3b43319c9972d6b88a57b39527d5a39b1cdefef21804ad236ebdd44de5b1b02dcb40d312b4ff408b8a1013d2e1fa75757c92267fada76c201e6ea408957784322
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber3a0593c75cd5460ae4a6b31bdaac5ea4
    Version3
    Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
    FieldValue
    ToBeSigned (TBS) MD5b30c31a572b0409383ed3fbe17e56e81
    ToBeSigned (TBS) SHA14843a82ed3b1f2bfbee9671960e1940c942f688d
    ToBeSigned (TBS) SHA25603cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber5200e5aa2556fc1a86ed96c9d44b33c7
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • ExFreePoolWithTag
    • IoQueryDeviceDescription
    • KeSetSystemGroupAffinityThread
    • MmMapLockedPages
    • KeSetSystemAffinityThreadEx
    • RtlInitUnicodeString
    • IoDeleteDevice
    • RtlUnicodeStringToAnsiString
    • MmUnmapIoSpace
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • MmMapLockedPagesSpecifyCache
    • IoDeleteSymbolicLink
    • ExAllocatePool
    • MmMapIoSpace
    • ZwClose
    • IofCompleteRequest
    • KeRevertToUserAffinityThreadEx
    • IoCreateSymbolicLink
    • IoCreateDevice
    • KeRevertToUserGroupAffinityThread
    • DbgPrint
    • IoAllocateMdl
    • ZwOpenKey
    • KeBugCheckEx
    • KeQueryActiveProcessors
    • ZwQueryValueKey
    • MmUnmapLockedPages
    • HalSetBusDataByOffset
    • HalGetBusDataByOffset

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "3825d7faf861af9ef490e726b5d65ad5",
          "Signature": "50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2",
          "TBS": {
            "MD5": "d6c7684e9aaa508cf268335f83afe040",
            "SHA1": "18066d20ad92409c567cdfde745279ff71c75226",
            "SHA256": "a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff",
            "SHA384": "35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7"
          },
          "ValidFrom": "2007-06-15 00:00:00",
          "ValidTo": "2012-06-14 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "47bf1995df8d524643f7db6d480d31a4",
          "Signature": "4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA",
          "TBS": {
            "MD5": "518d2ea8a21e879c942d504824ac211c",
            "SHA1": "21ce87d827077e61abddf2beba69fde5432ea031",
            "SHA256": "1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7",
            "SHA384": "53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f"
          },
          "ValidFrom": "2003-12-04 00:00:00",
          "ValidTo": "2013-12-03 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "250ce8e030612e9f2b89f7054d7cf8fd",
          "Signature": "1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
          "TBS": {
            "MD5": "918d9eb6a6cd36c531eceb926170a7e1",
            "SHA1": "0ae95700d65e6f59715aa47048993ca7858e676a",
            "SHA256": "47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166",
            "SHA384": "e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85"
          },
          "ValidFrom": "2006-11-08 00:00:00",
          "ValidTo": "2021-11-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610c120600000000001b",
          "Signature": "01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority",
          "TBS": {
            "MD5": "53c41bc1164e09e0cd1617a5bf913efd",
            "SHA1": "93c03aac8951d494ecd5696b1c08658541b18727",
            "SHA256": "40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b",
            "SHA384": "f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8"
          },
          "ValidFrom": "2006-05-23 17:01:29",
          "ValidTo": "2016-05-23 17:11:29",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "3a0593c75cd5460ae4a6b31bdaac5ea4",
          "Signature": "56291a14baf3f935354316c3c171519cb7da463c8f4cb2977f347e8a592815cf8990b3e66585577d9fc02a29112aa06489a0344c703c62b90d674392abb27e11fa8f8dc5fb53f052a6a6a0972eb84e42f51d8fd94be0173ed9a673404ca44d183db4b23bc6b1eae66f3aebba8fb57b742fa33e2b2aecdab2bd3b66cca9211bfdcba858f87301dd35ba51e3fe3690aeed2d97b953458bfbacde74eefaad0d17c6a1a09a75bfc78c144437ec650f5fd18f4151d18894bfd9802a4cc4b52e43bec3b43319c9972d6b88a57b39527d5a39b1cdefef21804ad236ebdd44de5b1b02dcb40d312b4ff408b8a1013d2e1fa75757c92267fada76c201e6ea408957784322",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, ST=North Carolina, L=RESEARCH TRIANGLE PARK, O=IBM, OU=Digital ID Class 3 , Microsoft VBA Software Validation v2, CN=IBM",
          "TBS": {
            "MD5": "0cbd510eccadadb08dd14dab94b78e8e",
            "SHA1": "567c2082d494ccc1ab4f5a18515521cecf63e646",
            "SHA256": "650364646a43560b50c2131a0fa2617d290c00179155c6a4119d15a2717ec114",
            "SHA384": "e899d39966818628a0ed8550fdf7a55433f175c1a4ea1998477bfc64dd01c82735aafeed37729ae53cb87c21bd4d207c"
          },
          "ValidFrom": "2011-04-20 00:00:00",
          "ValidTo": "2012-07-19 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
          "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "TBS": {
            "MD5": "b30c31a572b0409383ed3fbe17e56e81",
            "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
            "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
            "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
          "SerialNumber": "3a0593c75cd5460ae4a6b31bdaac5ea4",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    source

    last_updated: 2023-12-22