87752fb8-e9f6-4235-91e2-c4343677d817

mimidrv.sys

Description

Mimidrv is a signed Windows Driver Model WDM kernel mode software driver meant to be used with the standard Mimikatz executable.

UUID: 87752fb8-e9f6-4235-91e2-c4343677d817
Created: 2023-05-22
Author: Michael Haag
Acknowledgement: hfiref0x | hfiref0x

Download

This download link contains the malicious driver!

Commands

sc.exe create mimidrv.sys binPath=C:\windows\temp\mimidrv.sys type=kernel &amp;&amp; sc.exe start mimidrv.sys

Use Case	Privileges	Operating System
Elevate privileges	kernel	Windows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources

https://github.com/magicsword-io/LOLDrivers/issues/55#issuecomment-1537161951

https://github.com/hfiref0x/KDU

https://posts.specterops.io/mimidrv-in-depth-4d273d19e148

https://github.com/gentilkiwi/mimikatz

Known Vulnerable Samples

Property	Value
Filename	mimidrv.sys
Creation Timestamp	2019-08-13 17:31:42
MD5	29e03f4811b64969e48a99300978f58c
SHA1	a8ddb7565b61bc021cd2543a137e00627f999dcc
SHA256	200f98655d1f46d2599c2c8605ebb7e335fee3883a32135ca1a81e09819bc64a
Authentihash MD5	45fc2828291ee88335899461a2e7d8b7
Authentihash SHA1	0e732d18a7d880f0505433a0da0e100da0e1c3a3
Authentihash SHA256	77586c3968ec72ad19fa7098c9da27b0677e45220812eaab197075f4175e8cc6
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-03-19 20:32:16
MD5	1d51029dfbd616bf121b40a0d1efeb10
SHA1	d3f6c3ea2ef7124403c0fb6e7e3a0558729b5285
SHA256	b8c71e1844e987cd6f9c2baf28d9520d4ccdd8593ce7051bb1b3c9bf1d97076a
Authentihash MD5	9c7be6cc75cd27d1280f2a2b735546d1
Authentihash SHA1	9b733883aec5bd5c2bcc371c28f6c5176aca2eff
Authentihash SHA256	7e1d32e156037b09105c3640d06e5b34fbe0bb49c605697d13b5fc26776fae26
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2019-08-13 17:31:13
MD5	ba54a0dbe2685e66e21d41b4529b3528
SHA1	87e20486e804bfff393cc9ad9659858e130402a2
SHA256	9e56e96df36237e65b3d7dbc490afdc826215158f6278cd579c576c4b455b392
Authentihash MD5	48b50265ab9ca2af10d7bee2d69c4630
Authentihash SHA1	f773bcfc7eae8a1c1b90c775f1fb63c7a64031c3
Authentihash SHA256	9a84ad211fc549d0f118b3211cb11fd3ab2ced86de9cd20173d03e1a47834133
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2019-05-03 17:51:55
MD5	1325ec39e98225e487b40043faee8052
SHA1	bf5515fcf120c2548355d607cfd57e9b3e0af6e9
SHA256	26ef7b27d1afb685e0c136205a92d29b1091e3dcf6b7b39a4ec03fbbdb57cb55
Authentihash MD5	b092aa28bfe8b2d550e3e3a735e7fa24
Authentihash SHA1	13030898df096d9882211379e018da940c2c8ac0
Authentihash SHA256	b8d3914b796832a576ed0c977db439c8a5d6df5d0608088c39c786ff81bc2f11
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2016-09-21 18:30:06
MD5	c5ae6ca044bd03c3506c132b033be1dc
SHA1	928b5971a0f7525209d599e2ef15c31717047022
SHA256	af4f42197f5ce2d11993434725c81ecb6f54025110dedf56be8ffc0e775d9895
Authentihash MD5	50a2027559b8ba25b2b7d5700b608dab
Authentihash SHA1	f4c5c47723286a51e8c830100c157963c57934ba
Authentihash SHA256	7b49579b74108e2418a6b401cd729e3fafe1c8ba1fe8434f73c8d0f1758b08d3
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2013-11-24 13:23:00
MD5	24d3ea54f25e32832ac20335a1ce1062
SHA1	2a202830db58d5e942e4f6609228b14095ed2cab
SHA256	a906251667a103a484a6888dca3e9c8c81f513b8f037b98dfc11440802b0d640
Authentihash MD5	8f1bac183519a07d73a86a3a747a8a9b
Authentihash SHA1	8410c9e980425a89793fbe2612d3716184af2cb7
Authentihash SHA256	71c0c98aa54dc88af8b094ceef88352052d592e0f40892825dedbf1abba16635
RichPEHeaderHash MD5	63c6b4112622c2a9182cdd1d0d5235d7
RichPEHeaderHash SHA1	3e48025a171d18c5839ab1e58b64dbc6483417d0
RichPEHeaderHash SHA256	ed34aa4b85d59a228c388a98cfa6395194fde9f005fc0bb1aa2ec852377d82f6
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee152d7

Field	Value
ToBeSigned (TBS) MD5	e140543fe3256027cfa79fc3c19c1776
ToBeSigned (TBS) SHA1	c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
ToBeSigned (TBS) SHA256	3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2028-01-28 12:00:00
Signature	4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee152d7
Version	3

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 1121405c1f0ed258882be54d8686ba11ea45

Field	Value
ToBeSigned (TBS) MD5	b95cbc184d388718612d5933f7b36770
ToBeSigned (TBS) SHA1	ff124c5d160710720108616ffee99bbe090ed363
ToBeSigned (TBS) SHA256	13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
Subject	C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode , G1
ValidFrom	2013-08-23 00:00:00
ValidTo	2024-09-23 00:00:00
Signature	0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	1121405c1f0ed258882be54d8686ba11ea45
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
IofCompleteRequest
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwUnloadKey
RtlInitUnicodeString
MmGetSystemRoutineAddress
IoEnumerateRegisteredFiltersList
KeBugCheckEx
KeBugCheck
_vsnwprintf
IoDeleteDevice
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2019-04-08 16:54:18
MD5	c7b7f1edb9bbef174e6506885561d85d
SHA1	c3aafe8f67c6738489377031cb5a1197e99b202d
SHA256	4bd4715d2a7af627da11513e32fab925c872babebdb7ff5675a75815fbf95021
Authentihash MD5	83781f2cad5e578a633bd6869b7ea8b3
Authentihash SHA1	611e32fcb95d91770078b4cc630a00396cb013bb
Authentihash SHA256	e0fa3fa9488583353b39f12f857911b7115ecd82b70f6fb7be70633d72147649
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-12-09 15:56:22
MD5	4cf14a96485a1270fed97bb8000e4f86
SHA1	8aa0e832e5ca2eb79dafabadbe9948a191008383
SHA256	60ee78a2b070c830fabb54c6bde0d095dff8fad7f72aa719758b3c41c72c2aa9
Authentihash MD5	2d3446ae7ea69e3c1048b51089c71d8f
Authentihash SHA1	4a57ed5011ec329c5756a58946ce5280677f22be
Authentihash SHA256	ebc3a28af05f5b0b456f6ea59ad613109bbb1e2a888d7e3808e331335a77f087
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-02-08 04:26:40
MD5	eb57f03b7603f0b235af62e8cd5be8c2
SHA1	b5696e2183d9387776820ef3afa388200f08f5a6
SHA256	bc49cb96f3136c3e552bf29f808883abb9e651040415484c1736261b52756908
Authentihash MD5	81d5b7724b6a1c5be4978397c8f963b1
Authentihash SHA1	77179256fcde70ccb24b5a5017f9299543d4f364
Authentihash SHA256	fc26cebb27c76c6e3d22da679cff81477cab4fcabfb6f5a8a27f596ab51713ae
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-05-02 08:23:21
MD5	70a71fe86df717ac59dbf856d7ac5789
SHA1	fe54a1acc5438883e5c1bba87b78bb7322e2c739
SHA256	f03f0fb3a26bb83e8f8fa426744cf06f2e6e29f5220663b1d64265952b8de1a1
Authentihash MD5	e5bce10af730d5869942ecd31c7f157f
Authentihash SHA1	a1f710378ed3f8763641137b839f7570200c019d
Authentihash SHA256	7af0efdd72c68fdd105bb73be148ab7bf78a157cb1b241a85362a5bc5da91bd8
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2016-08-21 16:57:31
MD5	4198d3db44d7c4b3ba9072d258a4fc2d
SHA1	e42bd2f585c00a1d6557df405246081f89542d15
SHA256	bcb774b6f6ff504d2db58096601bc5cb419c169bfbeaa3af852417e87d9b2aa0
Authentihash MD5	014d3ae3aca830bd77782f26492d1083
Authentihash SHA1	23ce72f43542a945b95acd9ac4a27dbbf7f59196
Authentihash SHA256	6416ea9d2a15899dbf4a98b70bdedb4cc6eaf748c14c554b26ae2fe57ef8aa2a
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-08-16 16:45:45
MD5	bdb305aa0806f8b38b7ce43c927fe919
SHA1	844d7bcd1a928d340255ff42971cca6244a459bf
SHA256	a85d3fd59bb492a290552e5124bfe3f9e26a3086d69d42ccc44737b5a66673ec
Authentihash MD5	7d7c88f9aa5cddebfdf05583095e292a
Authentihash SHA1	63ec2554b377adb9a2c610f4f98afdbb9512e802
Authentihash SHA256	0820ae4ffc5258b49787423bd392cd29a6a77777b955dd210a41238b02f05c3e
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2014-01-11 07:24:30
MD5	e172a38ade3aa0a2bc1bf9604a54a3b5
SHA1	c5bd9f2b3a51ba0da08d7c84bab1f2d03a95e405
SHA256	94ba4bcbdb55d6faf9f33642d0072109510f5c57e8c963d1a3eb4f9111f30112
Authentihash MD5	8051f1d130479b666ce25171f0368aa9
Authentihash SHA1	acbcc2ee1f5150c4ff2918b7b8a38fff3df8328f
Authentihash SHA256	0cde416accd63c33ac9f4fd7bb6426c8bc3e6a18a335e9bbfea7cc767c30d3b6
RichPEHeaderHash MD5	9ef7d3e0d40381093233ad6158457c82
RichPEHeaderHash SHA1	de9692ae52b47eb6c3384d87c48ae5b8abec3472
RichPEHeaderHash SHA256	38e33f9063e4b5374496e628a2d0cc0858d3b9ce65fd320d40928b79a0fef5e9
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee152d7

Field	Value
ToBeSigned (TBS) MD5	e140543fe3256027cfa79fc3c19c1776
ToBeSigned (TBS) SHA1	c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
ToBeSigned (TBS) SHA256	3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2028-01-28 12:00:00
Signature	4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee152d7
Version	3

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 1121405c1f0ed258882be54d8686ba11ea45

Field	Value
ToBeSigned (TBS) MD5	b95cbc184d388718612d5933f7b36770
ToBeSigned (TBS) SHA1	ff124c5d160710720108616ffee99bbe090ed363
ToBeSigned (TBS) SHA256	13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
Subject	C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode , G1
ValidFrom	2013-08-23 00:00:00
ValidTo	2024-09-23 00:00:00
Signature	0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	1121405c1f0ed258882be54d8686ba11ea45
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
IofCompleteRequest
PsDereferencePrimaryToken
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
KeServiceDescriptorTable
MmGetSystemRoutineAddress
RtlInitUnicodeString
IoEnumerateRegisteredFiltersList
KeTickCount
NtBuildNumber
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsProcessType
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2016-05-24 16:19:13
MD5	4e4c068c06331130334f23957fca9e3c
SHA1	9e2ebc489c50b6bbae3b08473e007baa65ff208f
SHA256	2da2b883e48e929f5365480d487590957d9e6582cc6da2c0b42699ba85e54fe2
Authentihash MD5	c25bd15b32ec15b42f3873f7af977d4a
Authentihash SHA1	a49347cfcc27732b692e31052aaf07c0849748fa
Authentihash SHA256	e37671575137d4e726efe2cfb730455bfcc5c08d553330dc68840ce8f7c63280
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-03-17 17:21:06
MD5	0d2ba47286f1c68e87622b3a16bf9d92
SHA1	e5566684a9e0c1afadae80c3a8be6636f6cad7cf
SHA256	21617210249d2a35016e8ca6bd7a1edda25a12702a2294d56010ee8148637f5a
Authentihash MD5	96f61230b60e338e222fdd60d55d3657
Authentihash SHA1	107bdd495d694b253776c4e9907a21d55847eda3
Authentihash SHA256	89ec70089d61eccb9021edc6f1b50a9ef99196467a011e1dc7d0325aa51b7dff
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 6b326a0f0328d37a1d530bfd23bd48e2

Field	Value
ToBeSigned (TBS) MD5	e556c75dbca00e43684d23c11c032d4a
ToBeSigned (TBS) SHA1	50925e36ffd52e5b4d32689e9007b14a3a417168
ToBeSigned (TBS) SHA256	f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
Subject	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Code Signing CA SHA2
ValidFrom	2015-10-29 11:30:29
ValidTo	2027-06-09 11:30:29
Signature	aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	6b326a0f0328d37a1d530bfd23bd48e2
Version	3

Certificate 1519af351702ab2d86968d0be928f529

Field	Value
ToBeSigned (TBS) MD5	7227ed4392de49333e052f8f17c41f69
ToBeSigned (TBS) SHA1	e019d8060f65cc923dab50ea282fb8895c1c75f9
ToBeSigned (TBS) SHA256	eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
Subject	C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source Developer, Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
ValidFrom	2017-12-04 09:50:34
ValidTo	2018-12-04 09:50:34
Signature	a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	False
SerialNumber	1519af351702ab2d86968d0be928f529
Version	3

Certificate 613bc791000000000034

Field	Value
ToBeSigned (TBS) MD5	f5f0d604dd56b0446f98fb67e98a76f8
ToBeSigned (TBS) SHA1	c749c146cc00030ff36ecf9b698e6a377bc15605
ToBeSigned (TBS) SHA256	df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
Subject	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
ValidFrom	2011-04-15 20:15:34
ValidTo	2021-04-15 20:25:34
Signature	419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	613bc791000000000034
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-01-04 10:59:21
MD5	58c37866cbc3d1338e4fc58ada924ffe
SHA1	6c7663de88a0fba1f63a984f926c6ef449059e38
SHA256	7b846b0a717665e4d9fb313f25d1f6a5b782e495387aea45cf87ad3c049ac0db
Authentihash MD5	3be821abb1d26f9f18cbec3ba98bd1b1
Authentihash SHA1	496ae577a52cdbf6f19fb10bfb8a42448d9f2279
Authentihash SHA256	c24f503462a98f7a8bf0dbff0c8242e1f3d4e6cdf4327152f508717f0eafee4b
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-08-19 17:53:35
MD5	aa98b95f5cbae8260122de06a215ee10
SHA1	1fdb2474908bdd2ee1e9bd3f224626f9361caab7
SHA256	d7aa8abdda8a68b8418e86bef50c19ef2f34bc66e7b139e43c2a99ab48c933be
Authentihash MD5	11397e23887327ebc3488a5c8c248fd3
Authentihash SHA1	e3451a9f2de7be02b5d46cb7049d21bb0ca9363e
Authentihash SHA256	f2d3101ef507e6d9ae5475d8fd9b1ca6d2548fe0454c25389d6981f1b33f88f7
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-03-08 06:32:35
MD5	e1a9aa4c14669b1fb1f67a7266f87e82
SHA1	98130128685c8640a8a8391cb4718e98dd8fe542
SHA256	c42c1e5c3c04163bf61c3b86b04a5ec7d302af7e254990cef359ac80474299da
Authentihash MD5	5462bedeee0d01475f6b129a7e7a96d2
Authentihash SHA1	3557c20c63fe9f08995f6d76ab6ad80cb2e11da6
Authentihash SHA256	714ac82a4e2b971f19df9c5cdcc7d7df52ac44ce1bfad675e50122406bed04a2
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-06-06 18:25:53
MD5	5076fba3d90e346fd17f78db0a4aa12c
SHA1	9086e670e3a4518c0bcdf0da131748d4085ef42b
SHA256	6d68d8a71a11458ddf0cbb73c0f145bee46ef29ce03ad7ece6bd6aa9d31db9b7
Authentihash MD5	3eabdd91d711f5a696d02a9a64e1192d
Authentihash SHA1	bc893a4040dc41d18853d4d1c5d90d01564f79ef
Authentihash SHA256	054c2b8c5e89a2bff72eb6e1169537cf8654b614d9aac1e1e3d8ea02343872fc
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-09-16 04:01:34
MD5	840a5edf2534dd23a082cf7b28cbfc4d
SHA1	8ad0919629731b9a8062f7d3d4a727b28f22e81a
SHA256	b0b80a11802b4a8ca69c818a03e76e7ef57c2e293de456439401e8e6073f8719
Authentihash MD5	61a26b2fe61a0d6037fdcbb047f97496
Authentihash SHA1	2cbec330507fb9951a7b0442bf4fe7b9d4cefd88
Authentihash SHA256	36670821bb4a9d69bb6193e21b0da5c52975f001d3ed2dd7ee6307a2cff8317c
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-05-02 08:23:45
MD5	c1ab425977d467b64f437a6c5ad82b44
SHA1	ab4399647ebd16c02728c702534a30eb0b7ccbe7
SHA256	0f98492c92e35042b09032e3d9aedc357e4df94fc840217fa1091046f9248a06
Authentihash MD5	5d9f62bffce7ee809a2eaf9ca717dd02
Authentihash SHA1	ba4f2cf927b7ff43e97f50691a494e11a0a469a9
Authentihash SHA256	2ac415873e0a8638f5154ac4c1713b6f0527119b59706df65a5b3ed73ece02a6
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-12-18 17:16:07
MD5	c4a517a02ba9f6eac5cf06e3629cc076
SHA1	40df7a55c200371853cc3fd3cc03b5ac932f5cd6
SHA256	ec96b15ce218f97ec1d8f07f13b052d274c4c8438f31daf246ccfaaee5e1bebd
Authentihash MD5	2e081681b4d0312dc306f9cb9014d8a7
Authentihash SHA1	4c5406a663664443c16374ab8e29bcd984a4ba47
Authentihash SHA256	8e1d02a67ad311f9e48d42813e6d208bda3e7e4da0d212d7b484a8454b41678c
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2019-07-20 14:57:32
MD5	d416494232c4197cb36a914df2e17677
SHA1	c42178977bd7bbefe084da0129ed808cb7266204
SHA256	b0a27ac1a8173413de13860d2b2e34cb6bc4d1149f94b62d319042e11d8b004c
Authentihash MD5	8f336d1fbb353fd34fa196003f855db3
Authentihash SHA1	74ead5c8d4b3428f6348f09fcd29bf97701812be
Authentihash SHA256	77280614edf2e476a853c7881a4ff1402d67d4dd3e218af657f44fd4d4fbdbcb
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2019-04-08 16:53:54
MD5	abc168fdca7169bf9dc40cec9761018d
SHA1	89165bbb761d6742ac2a6f5efbffc80c17990bd8
SHA256	f6157e033a12520c73dcedf8e49cd42d103e5874c34d6527bb9de25a5d26e5ad
Authentihash MD5	428ace923d811b754b41a4108a862809
Authentihash SHA1	5610d6f3c2d45ca61b501d343fc8acf3ae4ce2a8
Authentihash SHA256	028011ae3cd1d972b7c46fc8261f583d1fe5dedcef02ee63ee532b3668bfdc25
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-01-20 17:21:49
MD5	77cfd3943cc34d9f5279c330cd8940bc
SHA1	1048f641adf3988d882a159bf1332eeb6d6a7f09
SHA256	4af8192870afe18c77381dfaf8478f8914fa32906812bb53073da284a49ae4c7
Authentihash MD5	5ec7174b07ff641f2f8e9d3d05528c81
Authentihash SHA1	c204693c32d015a5123b408390eb0cca0a4ea1ed
Authentihash SHA256	4d11419d2f1d6217481d12d3f3fcd13f693f7454f9fadcdeee72bdc0ce06c8e2
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-04-09 15:24:17
MD5	a37ed7663073319d02f2513575a22995
SHA1	005754dab657ddc6dae28eee313ca2cc6a0c375c
SHA256	a78c9871da09fab21aec9b88a4e880f81ecb1ed0fa941f31cc2f041067e8e972
Authentihash MD5	a100ac9683e98fca3ac42bf39b003cb0
Authentihash SHA1	6b202f5986e6a47b2f2ca5cba5c61f0c4be9cf8e
Authentihash SHA256	1e0133cfe93c0e1cdd995b8668134bafcd35976c8f02400112668d91da7eb34a
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-05-18 16:48:26
MD5	d6a1dd7b2c06f058b408b3613c13d413
SHA1	09375f13521fc0cacf2cf0a28b2a9248f71498d7
SHA256	2456a7921fa8ab7b9779e5665e6b42fccc019feb9e49a9a28a33ec0a4bb323c4
Authentihash MD5	931256ebd447cf1d01ad99dddc6f0c5e
Authentihash SHA1	322c7020b513df1b694be2d7be3b6b3ac2251639
Authentihash SHA256	0867af893422b7191e77907de58faf787d4763cc7e9a2a3a91c72f1995a9c3f3
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-09-16 19:07:11
MD5	e37a08f516b8a7ca64163f5d9e68fe5a
SHA1	e730eb971ecb493b69de2308b6412836303f733a
SHA256	94c71954ac0b1fd9fa2bd5c506a16302100ba75d9f84f39ee9b333546c714601
Authentihash MD5	0b1ae7891dd66b54b045f4015e98cb23
Authentihash SHA1	1e4650f09fe5e378bcd186cc42dff679723c1534
Authentihash SHA256	63e9918f94a1ae5d71e8972f49bfbce13d8b1774b7237b022f182f03cc9ce715
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2013-12-03 16:32:24
MD5	d5918d735a23f746f0e83f724c4f26e5
SHA1	607387cc90b93d58d6c9a432340261fde846b1d9
SHA256	30e083cd7616b1b969a92fd18cf03097735596cce7fcf3254b2ca344e526acc2
Authentihash MD5	c71dea7c26db633e2af7e3fc9ca4516c
Authentihash SHA1	1ffad2d690442310d981d7dd8b2f37e95597822e
Authentihash SHA256	bf2ab728d27075bf2245ddc3257ad8df5179c8c4a449493ea995af9a979d6a2e
RichPEHeaderHash MD5	9ef7d3e0d40381093233ad6158457c82
RichPEHeaderHash SHA1	de9692ae52b47eb6c3384d87c48ae5b8abec3472
RichPEHeaderHash SHA256	38e33f9063e4b5374496e628a2d0cc0858d3b9ce65fd320d40928b79a0fef5e9
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee152d7

Field	Value
ToBeSigned (TBS) MD5	e140543fe3256027cfa79fc3c19c1776
ToBeSigned (TBS) SHA1	c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
ToBeSigned (TBS) SHA256	3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2028-01-28 12:00:00
Signature	4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee152d7
Version	3

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 1121405c1f0ed258882be54d8686ba11ea45

Field	Value
ToBeSigned (TBS) MD5	b95cbc184d388718612d5933f7b36770
ToBeSigned (TBS) SHA1	ff124c5d160710720108616ffee99bbe090ed363
ToBeSigned (TBS) SHA256	13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
Subject	C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode , G1
ValidFrom	2013-08-23 00:00:00
ValidTo	2024-09-23 00:00:00
Signature	0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	1121405c1f0ed258882be54d8686ba11ea45
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
IofCompleteRequest
PsDereferencePrimaryToken
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
KeServiceDescriptorTable
MmGetSystemRoutineAddress
RtlInitUnicodeString
IoEnumerateRegisteredFiltersList
KeTickCount
NtBuildNumber
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsProcessType
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2016-10-05 12:44:38
MD5	32b67a6cd6dd998b9f563ed13d54a8bc
SHA1	acb8e45ebd1252313ece94198df47edf9294e7d3
SHA256	897f2bbe81fc3b1ae488114b93f3eb0133a85678d061c7a6f718507971f33736
Authentihash MD5	add099b0c47042a564bcd05951d11bb0
Authentihash SHA1	37cdbacc289a5750701dd418f39d933f29e3c5d6
Authentihash SHA256	91e64a75caa5015cb1d874372e4fdfefa506de680a962fdd97b83206bdf1e27e
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-08-06 18:22:25
MD5	19b15eeccab0752c6793f782ca665a45
SHA1	ac18c7847c32957abe8155bcbe71c1f35753b527
SHA256	569fe70bedd0df8585689b0e88ad8bd0544fdf88b9dbfc2076f4bdbcf89c28aa
Authentihash MD5	2e4dfda0e2f4d7987914bbfb65851dbc
Authentihash SHA1	df5b27a1f2eacf4dc0f0c74cff377ffc4299fbcc
Authentihash SHA256	16b6a65d569ad3d0a1ff5aaf2374c28cebab4a289ffee42b79f7a48d5979b579
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2019-04-14 17:18:06
MD5	4e906fcb13e2793c98f47291fd69391b
SHA1	492e40b01a9a6cec593691db4838f20b3eaeacc5
SHA256	07beac65e28ee124f1da354293a3d6ad7250ed1ce29b8342acfd22252548a5af
Authentihash MD5	243674ce6fa37a4276281283eddf4ff8
Authentihash SHA1	f930d8984de2ce203b9bfd509cf8ae48a483245c
Authentihash SHA256	11dc70eb8864bc00b4b8e7c62a52c4602864e2ec717cc0606e1252b119c91085
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2019-07-20 14:57:09
MD5	bb5bda8889d8d27ef984dbd6ad82c946
SHA1	947c76c8c8ba969797f56afd1fa1d1c4a1e3ed25
SHA256	406b844f4b5c82caf26056c67f9815ad8ecf1e6e5b07d446b456e5ff4a1476f9
Authentihash MD5	846935ae07a68052a0bcc0f776d4c68f
Authentihash SHA1	d40b1915ba1a63afcaeb9bef9e318d624939f971
Authentihash SHA256	1f43d0680cecea2db04d2f2eff7ff37a13beec280e62b76b9dbdc38d0e225fca
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2015-08-25 03:30:50
MD5	3b71eab204a5f7ed77811e41fed73105
SHA1	6ae26bde7ec27bd0fa971de6c7500eee34ee9b51
SHA256	2faf95a3405578d0e613c8d88d534aa7233da0a6217ce8475890140ab8fb33c8
Authentihash MD5	fd56e10ef3039c2f905eeec90aa92e2f
Authentihash SHA1	7a59fe7acd7abc6dcf89dd3db31d37ea0da458dc
Authentihash SHA256	0895a8fa3ee38bb38cb9fcd0183cf9466c7577eab746b3540bd0b2f282246dc6
RichPEHeaderHash MD5	94bfa9368ea43c71afa29bad9fc60535
RichPEHeaderHash SHA1	d8e5ebd3ca141f00753a138144cd1319d755858b
RichPEHeaderHash SHA256	5c236619ead1fde5073ecb323d1c2701a7c522489118cee4ffb4ccf14efc355f
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
RtlCompareMemory
ObfDereferenceObject
IofCompleteRequest
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
RtlInitUnicodeString
MmGetSystemRoutineAddress
PsSetCreateProcessNotifyRoutine
IoEnumerateRegisteredFiltersList
KeBugCheckEx
KeBugCheck
_vsnwprintf
IoDeleteDevice
NtBuildNumber
ObOpenObjectByPointer
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-08-09 14:44:41
MD5	01c2e4d8234258451083d6ce4e8910b7
SHA1	30a80f560f18609c1123636a8a1a1ef567fa67a7
SHA256	10ad50fcb360dcab8539ea322aaf2270565dc835b7535790937348523d723d6b
Authentihash MD5	7fe1115f2a03e8be8e8b37c19fc4f655
Authentihash SHA1	62afdbf554f7c383c2e5bd502ad119e3d207bee9
Authentihash SHA256	d5f58cbce305cbd4397c1da5e1a51d78575c67616f6d9c7d764f87cda540fa62
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-05-26 18:37:46
MD5	72f53f55898548767e0276c472be41e8
SHA1	8416ee8fd88c3d069fbba90e959507c69a0ee3e9
SHA256	8b30b2dc36d5e8f1ffc7281352923773fb821cdf66eb6516f82c697a524b599b
Authentihash MD5	0917b8ea0d9d70b92cd391196b7f6ef7
Authentihash SHA1	10f7ced8bc6e3d8726fbef18229b42880cf65bad
Authentihash SHA256	c005f1bcb549d76ab86390217ad6b3a2226ec74fd6f4595c0fd28b73102b1b99
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-04-23 17:21:28
MD5	7d26985a5048bad57d9c223362f3d55c
SHA1	9f27987c32321f8da099efc1dc60a73f8f629d3a
SHA256	7662187c236003308a7951c2f49c0768636c492f8935292d02f69e59b01d236d
Authentihash MD5	48a22b033380a73fd1f58d9704fd93fc
Authentihash SHA1	0e9efb3a9f4a93e1a2bb03d5814a9bbeb2257898
Authentihash SHA256	9b6d450b6e2b66e8356b9d8a354e8c3a96426b7f15adf2f2025dda13c01881a3
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2014-01-02 17:13:08
MD5	4484f4007de2c3ee4581a2cff77ca3b4
SHA1	40372b4de2db020ce2659e1de806d4338fd7ebef
SHA256	bcca03ce1dd040e67eb71a7be0b75576316f0b6587b2058786fda8b6f0a5adfd
Authentihash MD5	00a7bf199ea8ddcd3598e68f4d186f78
Authentihash SHA1	85d77e69eb9e42b44266746233e28d027e77345c
Authentihash SHA256	81237053f6eeaf659970e9e5e7abba00261ec2b850b1f5b195d0888f8ce66d6f
RichPEHeaderHash MD5	63c6b4112622c2a9182cdd1d0d5235d7
RichPEHeaderHash SHA1	3e48025a171d18c5839ab1e58b64dbc6483417d0
RichPEHeaderHash SHA256	ed34aa4b85d59a228c388a98cfa6395194fde9f005fc0bb1aa2ec852377d82f6
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee152d7

Field	Value
ToBeSigned (TBS) MD5	e140543fe3256027cfa79fc3c19c1776
ToBeSigned (TBS) SHA1	c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
ToBeSigned (TBS) SHA256	3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2028-01-28 12:00:00
Signature	4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee152d7
Version	3

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 1121405c1f0ed258882be54d8686ba11ea45

Field	Value
ToBeSigned (TBS) MD5	b95cbc184d388718612d5933f7b36770
ToBeSigned (TBS) SHA1	ff124c5d160710720108616ffee99bbe090ed363
ToBeSigned (TBS) SHA256	13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
Subject	C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode , G1
ValidFrom	2013-08-23 00:00:00
ValidTo	2024-09-23 00:00:00
Signature	0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	1121405c1f0ed258882be54d8686ba11ea45
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
IofCompleteRequest
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwUnloadKey
RtlInitUnicodeString
MmGetSystemRoutineAddress
IoEnumerateRegisteredFiltersList
KeBugCheckEx
KeBugCheck
_vsnwprintf
IoDeleteDevice
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2014-06-09 17:33:12
MD5	5eb2c576597dd21a6b44557c237cf896
SHA1	3533d0a54c7ccd83afd6be24f6582b30e4ca0aab
SHA256	087270d57f1626f29ba9c25750ca19838a869b73a1f71af50bdf37d6ff776212
Authentihash MD5	ae57b5e19b5c4a3f750425dc18f78452
Authentihash SHA1	f59c9783573dccbfe1efbfb6c939aeecbcb2928b
Authentihash SHA256	f2b0d70e2d55a5f69ddaac13460cfcd63746ac1c09f826772cca5b857dde240a
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
RtlCompareMemory
ObfDereferenceObject
IofCompleteRequest
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
RtlInitUnicodeString
MmGetSystemRoutineAddress
IoEnumerateRegisteredFiltersList
KeBugCheckEx
KeBugCheck
_vsnwprintf
IoDeleteDevice
NtBuildNumber
ObOpenObjectByPointer
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-03-17 17:21:22
MD5	c5fc3605194e033bdf3781ff2adaeb61
SHA1	23f562f8d5650b2fb92382d228013f2e36e35d6c
SHA256	40556dd9b79b755cc0b48d3d024ceb15bd2c0e04960062ab2a85cd7d4d1b724a
Authentihash MD5	cbd8f153004048ba8bbf8782fb39be8b
Authentihash SHA1	ef8533f6066e6d4088631e9e265918ea076da73f
Authentihash SHA256	ae55720475ab1c67e39720954111b90e96a5ebf5d3b91277f4c225a228d8739a
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 6b326a0f0328d37a1d530bfd23bd48e2

Field	Value
ToBeSigned (TBS) MD5	e556c75dbca00e43684d23c11c032d4a
ToBeSigned (TBS) SHA1	50925e36ffd52e5b4d32689e9007b14a3a417168
ToBeSigned (TBS) SHA256	f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
Subject	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Code Signing CA SHA2
ValidFrom	2015-10-29 11:30:29
ValidTo	2027-06-09 11:30:29
Signature	aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	6b326a0f0328d37a1d530bfd23bd48e2
Version	3

Certificate 1519af351702ab2d86968d0be928f529

Field	Value
ToBeSigned (TBS) MD5	7227ed4392de49333e052f8f17c41f69
ToBeSigned (TBS) SHA1	e019d8060f65cc923dab50ea282fb8895c1c75f9
ToBeSigned (TBS) SHA256	eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
Subject	C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source Developer, Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
ValidFrom	2017-12-04 09:50:34
ValidTo	2018-12-04 09:50:34
Signature	a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	False
SerialNumber	1519af351702ab2d86968d0be928f529
Version	3

Certificate 613bc791000000000034

Field	Value
ToBeSigned (TBS) MD5	f5f0d604dd56b0446f98fb67e98a76f8
ToBeSigned (TBS) SHA1	c749c146cc00030ff36ecf9b698e6a377bc15605
ToBeSigned (TBS) SHA256	df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
Subject	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
ValidFrom	2011-04-15 20:15:34
ValidTo	2021-04-15 20:25:34
Signature	419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	613bc791000000000034
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-03-17 20:17:55
MD5	154b45f072fe844676e6970612fd39c7
SHA1	161bae224cf184ed6c09c77fae866d42412c6d25
SHA256	8684aec77b4c3cafc1a6594de7e95695fa698625d4206a6c4b201875f76a5b38
Authentihash MD5	fd585505c4b2b1af4c34a2ce77d512e6
Authentihash SHA1	f605c31d34752378a3fa7af3c9ea2a5d8f77abf8
Authentihash SHA256	6789e1a2e0d23528a91e49851bd95bceb6ffe9927f34b52a78ecc2b1d4bc13b8
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2014-01-08 19:55:13
MD5	17509f0a98dc5c5d52c3f9ac1428a21b
SHA1	bbc8bd714c917bb1033f37e4808b4b002cd04166
SHA256	baf7fbc4743a81eb5e4511023692b2dfdc32ba670ba3e4ed8c09db7a19bd82d3
Authentihash MD5	b6c12d1f29ddfb6ec890716547cf2d73
Authentihash SHA1	a09ba29949130996281198fb44aef7a47ce105d7
Authentihash SHA256	db7a15aa5b85845831dcdcebf837b22cf43fa572dd9cb0bb0d264af519b8d406
RichPEHeaderHash MD5	63c6b4112622c2a9182cdd1d0d5235d7
RichPEHeaderHash SHA1	3e48025a171d18c5839ab1e58b64dbc6483417d0
RichPEHeaderHash SHA256	ed34aa4b85d59a228c388a98cfa6395194fde9f005fc0bb1aa2ec852377d82f6
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee152d7

Field	Value
ToBeSigned (TBS) MD5	e140543fe3256027cfa79fc3c19c1776
ToBeSigned (TBS) SHA1	c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
ToBeSigned (TBS) SHA256	3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2028-01-28 12:00:00
Signature	4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee152d7
Version	3

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 1121405c1f0ed258882be54d8686ba11ea45

Field	Value
ToBeSigned (TBS) MD5	b95cbc184d388718612d5933f7b36770
ToBeSigned (TBS) SHA1	ff124c5d160710720108616ffee99bbe090ed363
ToBeSigned (TBS) SHA256	13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
Subject	C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode , G1
ValidFrom	2013-08-23 00:00:00
ValidTo	2024-09-23 00:00:00
Signature	0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	1121405c1f0ed258882be54d8686ba11ea45
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
IofCompleteRequest
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwUnloadKey
RtlInitUnicodeString
MmGetSystemRoutineAddress
IoEnumerateRegisteredFiltersList
KeBugCheckEx
KeBugCheck
_vsnwprintf
IoDeleteDevice
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-12-03 13:13:32
MD5	754e21482baf18b8b0ed0f4be462ba03
SHA1	f6728821eddd14a21a9536e0f138c6d71cbd9307
SHA256	36c65aeb255c06898ffe32e301030e0b74c8bca6fe7be593584b8fdaacd4e475
Authentihash MD5	6eb9ad2adbe534c4bd984792bafd7d40
Authentihash SHA1	8e4ce688f1f6247b817e1c90c31e6496659f2551
Authentihash SHA256	8bec85d128eb0444f10fc89b95b2c6b84a8d0405cb0a6dbc30cff8ea4c0ca043
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2021-05-18 09:07:29
MD5	1cd5e231064e03c596e819b6ff48daf9
SHA1	e514dfadbeb4d2305988c3281bf105d252dee3a7
SHA256	d37996abc8efb29f1ccbb4335ce9ba9158bec86cc4775f0177112e87e4e3be5c
Authentihash MD5	e6028245682168cc81b895bf28e87b4e
Authentihash SHA1	6f5f42d443ce64ed70c2c17fe3f07da91e1aab0b
Authentihash SHA256	6e521e54a1e5a03abaae405b58a84758058f3fac5e8cd8a370f232c7dc7bb164
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-05-18 16:48:54
MD5	28102acca39ad0199f262ba9958be3f4
SHA1	beed6fb6a96996e9b016fa7f2cf7702a49c8f130
SHA256	aaf04d89fd15bc61265e545f8e1da80e20f59f90058ed343c62ee24358e3af9e
Authentihash MD5	d89425acef6e1ac239ee8b3c937b87cb
Authentihash SHA1	010113b420a09a502afc93ddebb8f9dce796bb48
Authentihash SHA256	a4d7e16649ce3c7ad9355e8d7418a4c234b3763e262f8ccfbda4bc64a402ed27
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2019-05-12 17:34:58
MD5	27384ec4c634701012a2962c30badad2
SHA1	7d453dccb25bf36c411c92e2744c24f9b801225d
SHA256	c4f041de66ec8cc5ab4a03bbc46f99e073157a4e915a9ab4069162de834ffc5c
Authentihash MD5	0acd0b319d16a5f8ca04cb46f549bacf
Authentihash SHA1	dd15f4ca159b4dffe6094af6b00174732c8c0463
Authentihash SHA256	5ffba52ea8bba7aeaf9fb32e1ba97b5bbd5c31739d594e722d9e89907dbb5cdd
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2014-01-05 17:23:52
MD5	cee36b5c6362993fa921435979bfbe4a
SHA1	78fd06c82d3ba765c38bad8f48d1821a06280e39
SHA256	b169a5f643524d59330fafe6e3e328e2179fc5116ee6fae5d39581467d53ac03
Authentihash MD5	e044ca432fdc8ae1dafd1548ce4236f7
Authentihash SHA1	a2db837199644df18a514e7d9f069bce18eebc9b
Authentihash SHA256	770552bfc6598f165443da94ac0c6aca00f95a6a9a8e89713f9980730d9ee9c2
RichPEHeaderHash MD5	63c6b4112622c2a9182cdd1d0d5235d7
RichPEHeaderHash SHA1	3e48025a171d18c5839ab1e58b64dbc6483417d0
RichPEHeaderHash SHA256	ed34aa4b85d59a228c388a98cfa6395194fde9f005fc0bb1aa2ec852377d82f6
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee152d7

Field	Value
ToBeSigned (TBS) MD5	e140543fe3256027cfa79fc3c19c1776
ToBeSigned (TBS) SHA1	c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
ToBeSigned (TBS) SHA256	3ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2028-01-28 12:00:00
Signature	4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee152d7
Version	3

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 1121405c1f0ed258882be54d8686ba11ea45

Field	Value
ToBeSigned (TBS) MD5	b95cbc184d388718612d5933f7b36770
ToBeSigned (TBS) SHA1	ff124c5d160710720108616ffee99bbe090ed363
ToBeSigned (TBS) SHA256	13027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
Subject	C=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode , G1
ValidFrom	2013-08-23 00:00:00
ValidTo	2024-09-23 00:00:00
Signature	0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	1121405c1f0ed258882be54d8686ba11ea45
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
IofCompleteRequest
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwUnloadKey
RtlInitUnicodeString
MmGetSystemRoutineAddress
IoEnumerateRegisteredFiltersList
KeBugCheckEx
KeBugCheck
_vsnwprintf
IoDeleteDevice
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-08-19 17:53:57
MD5	26aedc10d4215ba997495d3a68355f4a
SHA1	dac68b8ee002d5bb61be3d59908a61a26efb7c09
SHA256	443c0ba980d4db9213b654a45248fd855855c1cc81d18812cae9d16729ff9a85
Authentihash MD5	41fe68e2598cbb23aa596f1bd4e7fed5
Authentihash SHA1	cf9146f5b5bb803f5235a5748bdea5f979f1d348
Authentihash SHA256	931e4d6f7f04b122bc5bc6a61fb4e0186796623f4fc72d0c42ccfa886f1c5fb2
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-02-26 18:35:22
MD5	80219fb6b5954c33e16bac5ecdac651b
SHA1	020580278d74d0fe741b0f786d8dca7554359997
SHA256	a42f4ae69b8755a957256b57eb3d319678eab81705f0ffea0d649ace7321108f
Authentihash MD5	ffd20b63526f607fef3166adc66b74c1
Authentihash SHA1	33bd7996a2f2a9b08ea6f584af08356ea03dbaee
Authentihash SHA256	2c44c0464e5b01540ba573be7555b3fcbdb65c9f1193f9c1d02b04c70090d4ac
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-01-20 17:22:03
MD5	05dd59bd4f175304480affd8f1305c37
SHA1	fcae2ea5990189f6f230b51e398e3000b71897f2
SHA256	469713c76c7a887826611b8c7180209a8bb6250f91d0f1eb84ac4d450ef15870
Authentihash MD5	4a8ee19d43bae91e26013c808044a28d
Authentihash SHA1	1aa1c735479fca1c1845c19497ef648c9200e450
Authentihash SHA256	67d4654d7e78e4d0761d8e200096935791d59acb2bf98106dafff449647c840f
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-02-26 18:35:38
MD5	cbd8d370462503508e44dba023bdf9bc
SHA1	ff3e19cd461ddf67529a765cbec9cb81d84dc7da
SHA256	c4c9c84b211899ceb0d18a839afa497537a7c7c01ab481965a09788a9e16590c
Authentihash MD5	a15fbc087bc936c1456483743d1442a0
Authentihash SHA1	c84b7bb35214a2eb2a7cdc722bcdc16b70a3bb72
Authentihash SHA256	c9cba07502b8a10034ddf75b35f4d6f2a24862cde5bff300720f5df04d4cfe6b
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-08-05 02:32:20
MD5	fb593b1f1f80d20fc7f4b818065c64b6
SHA1	e0b263f2d9c08f27c6edf5a25aa67a65c88692b0
SHA256	ee7b8eb150df2788bb9d5fe468327899d9f60d6731c379fd75143730a83b1c55
Authentihash MD5	60526c634c51161cb26c25788cc1f754
Authentihash SHA1	c3af9f1b621ec0ec684383fd51441009114a7c3d
Authentihash SHA256	68ea8d1bfabf37920686a0814c0bf47cbc4527543716fd94c0d3f23382e15081
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2016-10-24 18:25:06
MD5	ae338d91d1b05a72559b7f6ed717362d
SHA1	d6de8211dba7074d92b5830618176a3eb8eb6670
SHA256	ddf427ce55b36db522f638ba38e34cd7b96a04cb3c47849b91e7554bfd09a69a
Authentihash MD5	1158fc2285d1ac1be5703fe36ea874fe
Authentihash SHA1	be6cc01ed5411c7f2e95ea007e2c09d28fb183c8
Authentihash SHA256	5e1c7bdb1fa71145a0704a5f00d894043a7754cb82d1d8213cb6a899bd767cab
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-03-08 06:32:09
MD5	f56db4eba3829c0918413b5c0b42f00f
SHA1	9c36600c2640007d3410dea8017573a113374873
SHA256	e8ec06b1fa780f577ff0e8c713e0fd9688a48e0329c8188320f9eb62dfc0667f
Authentihash MD5	06bd72b5eecfb76faa05351128fbefee
Authentihash SHA1	14b5b696377d733c602cde2f8d0fa1809e17fc63
Authentihash SHA256	ba467c6edee7266721c220fbc84cb80c995d429052846865d869609602d6e48c
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-05-01 16:26:26
MD5	e27b2486aa5c256b662812b465b6036c
SHA1	6451522b1fb428e549976d0742df5034f8124b17
SHA256	e8743094f002239a8a9d6d7852c7852e0bb63cd411b007bd8c194bcba159ef15
Authentihash MD5	1c12d5a009e2fd6ee42e9673806349e7
Authentihash SHA1	45f1ec5d7153b72321d6a040026172a62618e9e7
Authentihash SHA256	edf05640ad7caa10756cc4163e926de74157da1d81b4d245b602a36f4c8cb4d0
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-01-20 17:22:03
MD5	35e512f9bedc89dca5ce81f35820714c
SHA1	e841c8494b715b27b33be6f800ca290628507aba
SHA256	29348ebe12d872c5f40e316a0043f7e5babe583374487345a79bad0ba93fbdfe
Authentihash MD5	0e71a90d0095278a48893d4068a3f1f8
Authentihash SHA1	f3019b52f343521d3e133106f692d467a5c86093
Authentihash SHA256	d9c3857d2959a3eff45eefe43d8ed1c23bd6908ae8a9a7e2e4e402bbf3e6d3ec
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-04-09 15:24:03
MD5	d13c1b76b4a1ca3ff5ab63678b51df6d
SHA1	465abe9634c199a5f80f8a4f77ec3118c0d69652
SHA256	618b15970671700188f4102e5d0638184e2723e8f57f7e917fa49792daebdadb
Authentihash MD5	76e3258ee4cff03a0237ea6447ae1025
Authentihash SHA1	045af64ec7d1ac2b0114e165b678c4c812f56dd1
Authentihash SHA256	047e4158225af627382c412fa1f870479a238841341bc13e60312269feb14083
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-06-07 16:45:17
MD5	65f800e1112864bf41eb815649f428d5
SHA1	2480549ec8564cd37519a419ab2380cf3e8bab9e
SHA256	52f3905bbd97dcd2dbd22890e5e8413b9487088f1ee2fa828030a6a45b3975fd
Authentihash MD5	21cc1cc1dba53e09f8dcef2d178b0993
Authentihash SHA1	ce242aadea5cd44d19308693e1f44b30dad41a0f
Authentihash SHA256	13999eb266b759e879816fdab640d59ef9e35e2ea61575810979d9eb22fdfd4d
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2019-05-12 17:00:04
MD5	a5bcaa2fc87b42e2e5d62a2e5dfcbc80
SHA1	0a62c574603158d2d0c3be2a43c6bb0074ed297c
SHA256	8b32fc8b15363915605c127ccbf5cbe71778f8dfbf821a25455496e969a01434
Authentihash MD5	6eedef4a3eab4a6990e8f65b144d8289
Authentihash SHA1	29e4237767f1a886f45d0eef5910f126ebb9d28e
Authentihash SHA256	058c84860fb9fefd4c5cec57b6ef9f43146a6509b6894f2a27fb5a2dd16d578b
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-09-16 19:07:40
MD5	528ce5ce19eb34f401ef024de7ddf222
SHA1	221717a48ee8e2d19470579c987674f661869e17
SHA256	4d42678df3917c37f44a1506307f1677b9a689efcf350b1acce7e6f64b514905
Authentihash MD5	808907b8d815b6fb6f1f1c717451ad35
Authentihash SHA1	7cd0b806ae09e408565814f7efe885abb4d977f1
Authentihash SHA256	94f4bcc9b062406ee7468659c1710d3e0cb057c7b7194e15cd72845082138019
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-03-12 05:47:38
MD5	4a27a2bdc6fbe39eeec6455fb1e0ef20
SHA1	fde0fff1c3e4c053148748504d4b9e0cc97f37ec
SHA256	c4fb31e3f24e40742a1b9855a2d67048fe64b26d8d2dbcec77d2d5deeded2bcc
Authentihash MD5	ac18951cc5192f08f3ba50187eef941e
Authentihash SHA1	092f12bf5a2d77c03411d7c377199ab47fe3f59b
Authentihash SHA256	30f9aca036adbcc15cace326e042ed3590f00045f66982afbf569d8fd9b6747b
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2019-05-12 17:00:34
MD5	98d53f6b3bec0a3417a04fbb9e17fa06
SHA1	a0cefb5b55f7a7a145b549613e26b6805515a1ad
SHA256	31b66a57fae0cc28a6a236d72a35c8b6244f997e700f9464f9cbf800dbf8bee6
Authentihash MD5	7c814e64b0a2b3541d7c9bb9d99edfbc
Authentihash SHA1	83222199cc9661710e7d99fad9d690eb6b3fdbaf
Authentihash SHA256	4f5166322f578fb111b6f2af375052008a5263311890f85c3e4ebc9c0f85affa
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-03-25 13:01:09
MD5	8b75047199825c8e62fdcc1c915db8bd
SHA1	85076aa3bffb40339021286b73d72dd5a8e4396a
SHA256	d41e39215c2c1286e4cd3b1dc0948adefb161f22bc3a78756a027d41614ee4ff
Authentihash MD5	bab6f5a48952fb91e53fa1a59d8d8107
Authentihash SHA1	cba35561689cf4923bfb3fc5c8f1cbd445ee90fb
Authentihash SHA256	869f22f072f71abc741cf9d3b9cbc9020a2611286670c6e6d67cd240629518f6
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-08-05 02:32:43
MD5	93496a436c5546156a69deb255a9fed0
SHA1	0de86ec7d7f16a3680df89256548301eed970393
SHA256	4136f1eb11cc463a858393ea733d5f1c220a3187537626f7f5d63eccf7c5a03f
Authentihash MD5	0991b6f38efda0c20966f68c2de98b53
Authentihash SHA1	4682423da48820f26f188ae5b4aa12c3fbd2c290
Authentihash SHA256	8c87d5f1261a367493fd2f240ace027bef5b178cff3dea22d45e8fa2b0f0541e
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-11-27 19:15:03
MD5	5e9231e85cecfc6141e3644fda12a734
SHA1	599de57a5c05e27bb72c7b8a677e531d8e4bf8b5
SHA256	64d4370843a07e25d4ceb68816015efcaeca9429bb5bb692a88e615b48c7da96
Authentihash MD5	70915af229fae80af7cb1cd93122fd7c
Authentihash SHA1	28740c785f9634c582292650cb6ec8660424c0ba
Authentihash SHA256	002616bfe5bf3b13868d649d74ffe748317e3b0b33de8b9008683c906a0cae83
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2014-06-14 14:54:15
MD5	fe508caa54ffeb2285d9f00df547fe4a
SHA1	af42afda54d150810a60baa7987f9f09d49d1317
SHA256	4dc24fd07f8fb854e685bc540359c59f177de5b91231cc44d6231e33c9e932b1
Authentihash MD5	a776ebade70bf7e3d7c5e1db0ccddec9
Authentihash SHA1	6b01aeeb1d0318fbb286e244d2c84c34af67b530
Authentihash SHA256	4b5206b5928e03929cca1eda3f12e6df14b31f80e8c16c1bb29109c072053b90
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
RtlCompareMemory
ObfDereferenceObject
IofCompleteRequest
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
RtlInitUnicodeString
MmGetSystemRoutineAddress
IoEnumerateRegisteredFiltersList
KeBugCheckEx
KeBugCheck
_vsnwprintf
IoDeleteDevice
NtBuildNumber
ObOpenObjectByPointer
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-02-25 18:17:02
MD5	e0cc9b415d884f85c45be145872892b8
SHA1	7638c048af5beae44352764390deea597cc3e7b1
SHA256	26bea3b3ab2001d91202f289b7e41499d810474607db7a0893ceab74f5532f47
Authentihash MD5	c3766cd40f4ef52f59f3e9c8848a6dbe
Authentihash SHA1	16cf0d8d085d3db18e202d657dfccd5022b389fb
Authentihash SHA256	612aa28d12aefd2af8565d4df6df9caa61b5fe8370fffb08933c03d558789e37
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-11-05 19:33:50
MD5	87dc81ebe85f20c1a7970e495a778e60
SHA1	07f78a47f447e4d8a72ad4bc6a26427b9577ec82
SHA256	822982c568b6f44b610f8dc4ab5d94795c33ae08a6a608050941264975c1ecdb
Authentihash MD5	be49be6ceb35f15a49b39f72a43bfc54
Authentihash SHA1	895e108e141e238fdeeef2ef11addb4962c48986
Authentihash SHA256	35d552d7603a26ea7ed111bd865cddaf7aa342481c89af7b2697beb25b99e829
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-08-09 14:45:11
MD5	7108b0d4021af4c41de2c223319cd4c1
SHA1	e6966e360038be3b9d8c9b2582eba4e263796084
SHA256	3ca5d47d076e99c312578ef6499e1fa7b9db88551cfc0f138da11105aca7c5e1
Authentihash MD5	e370210d04ac9f5c57b8ca7f7eec6101
Authentihash SHA1	0c37f01c0ef527deafc03b2dcd6516494690ee99
Authentihash SHA256	dc732dc22d0521fce33ed9c37359f702c985d2f35bc00209c3a4a076d6ff564d
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-01-02 11:21:29
MD5	7ebe606acd81abf1f8cb0767c974164b
SHA1	0320534df24a37a245a0b09679a5adb27018fb5f
SHA256	4c89c907b7525b39409af1ad11cc7d2400263601edafc41c935715ef5bd145de
Authentihash MD5	e6fba20c6bbb9db76f7670964c004540
Authentihash SHA1	f6dba973bc3f6ae8abfd377bfa1ab7018895ebc0
Authentihash SHA256	0feb05a7cc11793d995c920779cffeae68afabc54ffa8d8c361e5ba44fa57c8e
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-08-13 09:27:35
MD5	0ca010a32a9b0aeae1e46d666b83b659
SHA1	062457182ab08594c631a3f897aeb03c6097eb77
SHA256	0aab2deae90717a8876d46d257401d265cf90a5db4c57706e4003c19eee33550
Authentihash MD5	066397731a2c61690aeb8041fcc6e792
Authentihash SHA1	0d53071f8707c8ef4455cd4b6d784467fd158b3a
Authentihash SHA256	ccadd6f8b6705e756544646d99f97030f291fc68377ce06f71e8c55512941c47
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-11-05 19:34:06
MD5	d3af70287de8757cebc6f8d45bb21a20
SHA1	4c8349c6345c8d6101fb896ea0a74d0484c56df0
SHA256	c7bccc6f38403def4690e00a0b31eda05973d82be8953a3379e331658c51b231
Authentihash MD5	0bc2e64f2748f9883c25104feb277794
Authentihash SHA1	ea32f314d1bcf514daf0409aac33f8bd7699e9e8
Authentihash SHA256	34d57107b592c4d2c7d1c95eea1ab7400c09d23864c3870ca3656b5ae81859aa
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-06-16 10:48:41
MD5	a33089d4e50f7d2ea8b52ca95d26ebf3
SHA1	03506a2f87d1523e844fba22e7617ab2a218b4b7
SHA256	fefc070a5f6a9c0415e1c6f44512a33e8d163024174b30a61423d00d1e8f9bf2
Authentihash MD5	55da2b486d123b91fbf405c051f24300
Authentihash SHA1	eb0e27930fe33462702caee1db803738b1cf633e
Authentihash SHA256	9f35c5c9f95979f227b6d35f767dd94424285f8960c904188f0624d786ff793c
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 6b326a0f0328d37a1d530bfd23bd48e2

Field	Value
ToBeSigned (TBS) MD5	e556c75dbca00e43684d23c11c032d4a
ToBeSigned (TBS) SHA1	50925e36ffd52e5b4d32689e9007b14a3a417168
ToBeSigned (TBS) SHA256	f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
Subject	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Code Signing CA SHA2
ValidFrom	2015-10-29 11:30:29
ValidTo	2027-06-09 11:30:29
Signature	aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	6b326a0f0328d37a1d530bfd23bd48e2
Version	3

Certificate 1519af351702ab2d86968d0be928f529

Field	Value
ToBeSigned (TBS) MD5	7227ed4392de49333e052f8f17c41f69
ToBeSigned (TBS) SHA1	e019d8060f65cc923dab50ea282fb8895c1c75f9
ToBeSigned (TBS) SHA256	eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
Subject	C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source Developer, Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
ValidFrom	2017-12-04 09:50:34
ValidTo	2018-12-04 09:50:34
Signature	a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	False
SerialNumber	1519af351702ab2d86968d0be928f529
Version	3

Certificate 613bc791000000000034

Field	Value
ToBeSigned (TBS) MD5	f5f0d604dd56b0446f98fb67e98a76f8
ToBeSigned (TBS) SHA1	c749c146cc00030ff36ecf9b698e6a377bc15605
ToBeSigned (TBS) SHA256	df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
Subject	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
ValidFrom	2011-04-15 20:15:34
ValidTo	2021-04-15 20:25:34
Signature	419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	613bc791000000000034
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2014-04-13 15:03:03
MD5	48394dce30bb8da5ae089cb8f41b86dc
SHA1	867652e062eb6bd1b9fc29e74dea3edd611ef40c
SHA256	0d676baac43d9e2d05b577d5e0c516fba250391ab0cb11232a4b17fd97a51e35
Authentihash MD5	6590508f737bb147a0dfc35eb18dbd7a
Authentihash SHA1	565ec3863617cc2bcbe6b32d1c8af8bcaee898de
Authentihash SHA256	6b4ac66225600b3d5b89f6b0440ccdd0f59279fd0bbf4af82f1aab63df54b883
RichPEHeaderHash MD5	9ef7d3e0d40381093233ad6158457c82
RichPEHeaderHash SHA1	de9692ae52b47eb6c3384d87c48ae5b8abec3472
RichPEHeaderHash SHA256	38e33f9063e4b5374496e628a2d0cc0858d3b9ce65fd320d40928b79a0fef5e9
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
IofCompleteRequest
PsDereferencePrimaryToken
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
KeServiceDescriptorTable
MmGetSystemRoutineAddress
RtlInitUnicodeString
IoEnumerateRegisteredFiltersList
KeTickCount
NtBuildNumber
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsProcessType
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-06-06 18:26:08
MD5	ccde8c94439f9fc9c42761e4b9a23d97
SHA1	a56598e841ae694ac78c37bf4f8c09f9eaf3271f
SHA256	62036cdf3663097534adf3252b921eed06b73c2562655eae36b126c7d3d83266
Authentihash MD5	a35f399d3f1046e3f41d3baab6bffaa7
Authentihash SHA1	b3e35a45ad181cb48c3fdb6e56c6e720e6c2451b
Authentihash SHA256	6fe18adf87e3330799361d49e811c7a35a497423833ad83573588b7878df286c
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-07-15 08:10:46
MD5	7d86cdda7f49f91fdb69901a002b34e7
SHA1	34b677fba9dcab9a9016332b3332ce57f5796860
SHA256	93aa3066ae831cdf81505e1bc5035227dc0e8f06ebbbb777832a17920c6a02fe
Authentihash MD5	a5bc8be8fe3125725687ca6436b4570c
Authentihash SHA1	4f412f4b9b25e7c8f57f30850249847cec77b8a6
Authentihash SHA256	00231ea698565270bf9f542e70490b7a5c6740c2da6699ab548dca0a97ca3171
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-08-13 09:27:50
MD5	6b480fac7caca2f85be9a0cfe79aedfc
SHA1	a249278a668d4df30af9f5d67ebb7d2cd160beaa
SHA256	a32dc2218fb1f538fba33701dfd9ca34267fda3181e82eb58b971ae8b78f0852
Authentihash MD5	92a71f6d2051c92d5851fb9bd3e4e614
Authentihash SHA1	2f481b03cd80eb7fccb9efd0f67e97e101e23761
Authentihash SHA256	6e3e09583b7bba35ef21419bdc711984e8541eb20a29406940727f73cbb5064a
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-09-16 19:34:03
MD5	27053e964667318e1b370150cbca9138
SHA1	02534b5b510d978bac823461a39f76b4f0ac5aa3
SHA256	083f821d90e607ed93221e71d4742673e74f573d0755a96ad17d1403f65a2254
Authentihash MD5	1fddd0b405a4a733dd3b4b002c9c391a
Authentihash SHA1	4536bf012b14ef5bc17d70157877dd1b2834c997
Authentihash SHA256	4c068b3c86f5776e9a26680952de22e156ec9700d9c1810e5fd344c994d50419
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-02-04 18:08:19
MD5	78a122d926ccc371d60c861600c310f3
SHA1	10fb4ba6b2585ea02e7afb53ff34bf184eeb1a5d
SHA256	beef40f1b4ce0ff2ee5c264955e6b2a0de6fe4089307510378adc83fad77228b
Authentihash MD5	e832e00fd6b6d562b40ab0c875a78680
Authentihash SHA1	4197f8d9fd8e733db82a03923ff72d839adec19a
Authentihash SHA256	2dd2620e1c844738429ba31e2545a8b2de1387117e4f24d6fe7fd4246b09ac39
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 6b326a0f0328d37a1d530bfd23bd48e2

Field	Value
ToBeSigned (TBS) MD5	e556c75dbca00e43684d23c11c032d4a
ToBeSigned (TBS) SHA1	50925e36ffd52e5b4d32689e9007b14a3a417168
ToBeSigned (TBS) SHA256	f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
Subject	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Code Signing CA SHA2
ValidFrom	2015-10-29 11:30:29
ValidTo	2027-06-09 11:30:29
Signature	aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	6b326a0f0328d37a1d530bfd23bd48e2
Version	3

Certificate 1519af351702ab2d86968d0be928f529

Field	Value
ToBeSigned (TBS) MD5	7227ed4392de49333e052f8f17c41f69
ToBeSigned (TBS) SHA1	e019d8060f65cc923dab50ea282fb8895c1c75f9
ToBeSigned (TBS) SHA256	eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
Subject	C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source Developer, Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
ValidFrom	2017-12-04 09:50:34
ValidTo	2018-12-04 09:50:34
Signature	a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	False
SerialNumber	1519af351702ab2d86968d0be928f529
Version	3

Certificate 613bc791000000000034

Field	Value
ToBeSigned (TBS) MD5	f5f0d604dd56b0446f98fb67e98a76f8
ToBeSigned (TBS) SHA1	c749c146cc00030ff36ecf9b698e6a377bc15605
ToBeSigned (TBS) SHA256	df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
Subject	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
ValidFrom	2011-04-15 20:15:34
ValidTo	2021-04-15 20:25:34
Signature	419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	613bc791000000000034
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-08-14 14:14:01
MD5	30ca3cc19f001a8f12c619daa8c6b6e3
SHA1	2779c54ccd1c008cd80e88c2b454d76f4fa18c07
SHA256	6964a5d85639baee288555797992861232e75817f93028b50b8c6d34aa38b05b
Authentihash MD5	051cd4423d407ea1d470e612cf83922b
Authentihash SHA1	45d28e95c72db9c42a8da1f59013c80abc22894b
Authentihash SHA256	e6745f1ac0dc8014e359672c7d5d1c01588ab4a68ea96eea2dea811dcdcf5131
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-07-31 20:46:20
MD5	091a6bd4880048514c5dd3bede15eba5
SHA1	c7f0423ac5569f13d2b195e02741ad7eed839c6d
SHA256	673bbc7fa4154f7d99af333014e888599c27ead02710f7bc7199184b30b38653
Authentihash MD5	cc7cfef4c49cdf23f42822de130703cd
Authentihash SHA1	3de0619f4784a19de28ee473917fc9939ef23bc8
Authentihash SHA256	40c740c6820ddc8f01013e7354278166c090cfe5e4027be1b187cf8cbd8a6b3f
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-12-03 13:13:16
MD5	06c7fcf3523235cf52b3eee083ec07b2
SHA1	d1fb740210c1fa2a52f6748b0588ae77de590b9d
SHA256	14b89298134696f2fd1b1df0961d36fa6354721ea92498a349dc421e79447925
Authentihash MD5	28e750aac7e280f5a4f5e3c677e5a5a8
Authentihash SHA1	0527d6e65a5e589a604b9e12665ee15ce549a39b
Authentihash SHA256	3bafb4e11a3823b3455728e938c69103dd4ff414529d9579b38b5ee12f77bce0
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-01-26 17:39:54
MD5	67daa04716803a15fc11c9e353d77c2f
SHA1	a111dc6ae5575977feba71ee69b790e056846a02
SHA256	b2486f9359c94d7473ad8331b87a9c17ca9ba6e4109fd26ce92dff01969eaa09
Authentihash MD5	6bf3939ede334f41e8e1ad4b1215f137
Authentihash SHA1	35740f851360b154d9fbc06de9fe2ec3ec3ab552
Authentihash SHA256	d6d56ffa4dcec362148ce6b3806773403cf7ca61f991e17f7286ee975a706f78
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 6b326a0f0328d37a1d530bfd23bd48e2

Field	Value
ToBeSigned (TBS) MD5	e556c75dbca00e43684d23c11c032d4a
ToBeSigned (TBS) SHA1	50925e36ffd52e5b4d32689e9007b14a3a417168
ToBeSigned (TBS) SHA256	f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
Subject	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Code Signing CA SHA2
ValidFrom	2015-10-29 11:30:29
ValidTo	2027-06-09 11:30:29
Signature	aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	6b326a0f0328d37a1d530bfd23bd48e2
Version	3

Certificate 1519af351702ab2d86968d0be928f529

Field	Value
ToBeSigned (TBS) MD5	7227ed4392de49333e052f8f17c41f69
ToBeSigned (TBS) SHA1	e019d8060f65cc923dab50ea282fb8895c1c75f9
ToBeSigned (TBS) SHA256	eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
Subject	C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source Developer, Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
ValidFrom	2017-12-04 09:50:34
ValidTo	2018-12-04 09:50:34
Signature	a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	False
SerialNumber	1519af351702ab2d86968d0be928f529
Version	3

Certificate 613bc791000000000034

Field	Value
ToBeSigned (TBS) MD5	f5f0d604dd56b0446f98fb67e98a76f8
ToBeSigned (TBS) SHA1	c749c146cc00030ff36ecf9b698e6a377bc15605
ToBeSigned (TBS) SHA256	df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
Subject	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
ValidFrom	2011-04-15 20:15:34
ValidTo	2021-04-15 20:25:34
Signature	419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	613bc791000000000034
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2015-09-06 11:01:44
MD5	40170485cca576adb5266cf5b0d3b0bd
SHA1	7277d965b9de91b4d8ea5eb8ae7fa3899eef63a2
SHA256	2fd43a749b5040ebfafd7cdbd088e27ef44341d121f313515ebde460bf3aaa21
Authentihash MD5	0acacf205b4c3e64dcb2134a14f504ca
Authentihash SHA1	3de88b7ca9dadb39f12e75ac050cd353f7e611d3
Authentihash SHA256	29b3f3f315179d30fbe75de7b59f09bc7452e6b538ff02b5252c3ee7b26eccab
RichPEHeaderHash MD5	8665c9d64e9ce611e8da04f59bef5a6b
RichPEHeaderHash SHA1	68ce0ee056b5baefb1f65c7e665bb2867f59007d
RichPEHeaderHash SHA256	2c3b58420079e8105ce61febc1234fb9f14a5596a25bc2da1bc2e94d89069cab
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
PsDereferencePrimaryToken
PsReferencePrimaryToken
IofCompleteRequest
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
MmGetSystemRoutineAddress
RtlInitUnicodeString
PsSetCreateProcessNotifyRoutine
IoEnumerateRegisteredFiltersList
KeTickCount
NtBuildNumber
IoDeleteSymbolicLink
IoDeleteDevice
memset
IoGetCurrentProcess
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-08-16 02:26:33
MD5	24f0f2b4b3cdae11de1b81c537df41c7
SHA1	fee00dde8080c278a4c4a6d85a5601edc85a1b3d
SHA256	85b9d7344bf847349b5d58ebe4d44fd63679a36164505271593ef1076aa163b2
Authentihash MD5	f8cad836d57e1f1cdf013bead93fde78
Authentihash SHA1	32ce5b32b7c9865d9031e2aaf1330f59d263a0b8
Authentihash SHA256	fde2df81ad28f2306a2daf636041eb747a035d8f08709cdac2d53987d9edef4a
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-02-26 23:42:24
MD5	364605ad21b9275681cffef607fac273
SHA1	8cd9df52b20b8f792ac53f57763dc147d7782b1e
SHA256	492113a223d6a3fc110059fe46a180d82bb8e002ef2cd76cbf0c1d1eb8243263
Authentihash MD5	2170a8c0c0e234f2d3a3a05fe72b0ed5
Authentihash SHA1	7a4a242686ffee4294fba8a6a3aeeb80d28e0ba0
Authentihash SHA256	284bf9b08be5d4fd4b10fda6736cf490c66f9adace013c19be2e31cf74bfc5e9
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2019-12-22 13:45:17
MD5	32eb3d2bf2c5b3da2d2a1f20fffbac44
SHA1	36dca91fb4595de38418dffc3506dc78d7388c2c
SHA256	a7a665a695ec3c0f862a0d762ad55aff6ce6014359647e7c7f7e3c4dc3be81b7
Authentihash MD5	6b4676f977a9d4af3cd0ef1263390490
Authentihash SHA1	da759e5426126c44e008b183a21fe0676c136363
Authentihash SHA256	c24d0fa3ec5fae870fb0a4e38943d396929d78165354bae56ae5730eb4d062e1
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-08-04 05:59:36
MD5	629ee55e4b5a225d048fbcd5f0a1d18b
SHA1	e2d98e0e178880f10434059096f936b2c06ed8f4
SHA256	cf9451c9ccc5509b9912965f79c2b95eb89d805b2a186d7521d3a262cf5a7a37
Authentihash MD5	608f5e7c3a5fd1a742cc77fcf5366847
Authentihash SHA1	893a26e64c80c1ec234470eb5e2c34f495b528fb
Authentihash SHA256	2bff494de18fb32985901a06a931dab92eda052172cf7c942cdd6da944b7a4ba
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-03-25 18:33:31
MD5	3164bd6c12dd0fe1bdf3b833d56323b9
SHA1	80e4808a7fe752cac444676dbbee174367fa2083
SHA256	69866557566c59772f203c11f5fba30271448e231b65806a66e48f41e3804d7f
Authentihash MD5	ef956bee27a95cc5fa60a13641d02dcc
Authentihash SHA1	09c7e43a8ff9931b2705f74cf65cbfc593e3e235
Authentihash SHA256	374bb09b4d6a9f21a5e2320343068bd44848f396d9b25a6f4d80931e6d9505ce
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-09-18 11:17:54
MD5	f838f4eb36f1e7036238776c7a70f0b0
SHA1	115edd175c346fd3fbc9f113ee5ccd03b5511ee1
SHA256	d032001eab6cad4fbef19aab418650ded00152143bd14507e17d62748297c23f
Authentihash MD5	97cbf45af32bfa08a7874548d987b92c
Authentihash SHA1	6f1edc71be093b53860e777e0fca7a6dd7525bb5
Authentihash SHA256	ab5b4c34bc49b3ae9c6a7607d97b2bd63d9a1b3c669ef18c8865c8a50a3254a9
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-03-19 20:32:00
MD5	10c2ea775c9e76e7774ab89e38f38287
SHA1	1ce17c54c6884b0319d5aabbe7f96221f4838514
SHA256	51805bb537befaac8ce28f2221624cb4d9cefdc0260bc1afd5e0bc97bf1f9f93
Authentihash MD5	22c7aa94f5b698194b691dfae69e4a0d
Authentihash SHA1	34abd5d2a059bd18e74b8b25fdb518560628be49
Authentihash SHA256	14d8ec21cc6bad738a8eef146506d04c64282bce01d9659e7f4dcdbff95e4c34
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2016-11-25 18:28:14
MD5	ae548418b491cd3f31618eb9e5730973
SHA1	538bb45f30035f39d41bd13818fe0c0061182cfe
SHA256	62764ddc2dce74f2620cd2efd97a2950f50c8ac5a1f2c1af00dc5912d52f6920
Authentihash MD5	3ec892a5335b36ad3866d23ee0627262
Authentihash SHA1	440b83072e1a1dc94c422e8552ed4e62c2e333ea
Authentihash SHA256	2c5c067497a0490e9fe79d0e4f9f759af93138b1a0bea08a89af09e119390c7a
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2019-11-24 18:50:23
MD5	57c18a8f5d1ba6d015e4d5bc698e3624
SHA1	a5f1b56615bdaabf803219613f43671233f2001c
SHA256	1d23ab46ad547e7eef409b40756aae9246fbdf545d13946f770643f19c715e80
Authentihash MD5	bcc845332169206f5b6d0113011f82df
Authentihash SHA1	299e80bcff6c1a362844dd77945c10693daa922c
Authentihash SHA256	f424562623d0edf9b506a5f65b23427e7ec9a476570646d2a08ae9fa9fc57305
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2016-09-28 14:51:55
MD5	93130909e562925597110a617f05e2a9
SHA1	77b4f0c0b06e3dc2474d5e250b772dacaac14dd0
SHA256	e4b2c0aa28aac5e197312a061b05363e2e0387338b28b23272b5b6659d29b1d8
Authentihash MD5	358fa8b2f36fc6088128e4ea93927a5c
Authentihash SHA1	a61d19d754681769a94c650f969bcdacfac29b51
Authentihash SHA256	6f18cb98188952eb08367adc1c6810e4b1c3902240fdcb15efa0ffb1b69a5f98
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-02-03 15:33:13
MD5	5129d8fd53d6a4aba81657ab2aa5d243
SHA1	f2fe02e28cf418d935ec63168caf4dff6a9fbdfe
SHA256	2ce4f8089b02017cbe86a5f25d6bc69dd8b6f5060c918a64a4123a5f3be1e878
Authentihash MD5	ea0dc42a5b95318f40a1c36cf220dcca
Authentihash SHA1	98a99c5b17a9b1984b7487dd3de81e1d05bf8c5c
Authentihash SHA256	77d7a8efe05ab7041fa33280f271edca9fa46c074885de5d03f4cbf343e65f2d
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 6b326a0f0328d37a1d530bfd23bd48e2

Field	Value
ToBeSigned (TBS) MD5	e556c75dbca00e43684d23c11c032d4a
ToBeSigned (TBS) SHA1	50925e36ffd52e5b4d32689e9007b14a3a417168
ToBeSigned (TBS) SHA256	f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
Subject	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Code Signing CA SHA2
ValidFrom	2015-10-29 11:30:29
ValidTo	2027-06-09 11:30:29
Signature	aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	6b326a0f0328d37a1d530bfd23bd48e2
Version	3

Certificate 1519af351702ab2d86968d0be928f529

Field	Value
ToBeSigned (TBS) MD5	7227ed4392de49333e052f8f17c41f69
ToBeSigned (TBS) SHA1	e019d8060f65cc923dab50ea282fb8895c1c75f9
ToBeSigned (TBS) SHA256	eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
Subject	C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source Developer, Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
ValidFrom	2017-12-04 09:50:34
ValidTo	2018-12-04 09:50:34
Signature	a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	False
SerialNumber	1519af351702ab2d86968d0be928f529
Version	3

Certificate 613bc791000000000034

Field	Value
ToBeSigned (TBS) MD5	f5f0d604dd56b0446f98fb67e98a76f8
ToBeSigned (TBS) SHA1	c749c146cc00030ff36ecf9b698e6a377bc15605
ToBeSigned (TBS) SHA256	df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
Subject	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
ValidFrom	2011-04-15 20:15:34
ValidTo	2021-04-15 20:25:34
Signature	419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	613bc791000000000034
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-06-18 10:46:24
MD5	bf445ac375977ecf551bc2a912c58e8a
SHA1	eb76de59ebc5b2258cff0567577ff8c9d0042048
SHA256	b34e2d9f3d4ef59cf7af18e17133a6a06509373e69e33c8eecb2e30501d0d9e4
Authentihash MD5	dd1e3e6088b3f03044d143909c284e2c
Authentihash SHA1	c706be0cbbe21010f0de3d90e7757f7a0fc9a92d
Authentihash SHA256	3b8401cefd1dbfb754fe00b513784110836c8e938a40cc606903f46503af2943
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-12-09 15:56:45
MD5	2b80be31fbb11d4c1ef6d6a80b2e0c16
SHA1	9b2ef5f7429d62342163e001c7c13fb866dbe1ef
SHA256	008fa89822b7a1f91e5843169083202ea580f7b06eb6d5cae091ba844d035f25
Authentihash MD5	43fde79c00376d6d6c120c05dc63cef4
Authentihash SHA1	f916acb39e6e3233ff148d1a613b8b5e78b1ccfd
Authentihash SHA256	81e0111c823599201e7e7054557017c0ba148dcd6d9fe74052efdee051c42e13
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-07-15 08:10:20
MD5	7e92f98b809430622b04e88441b2eb04
SHA1	5fa527e679d25a15ecc913ce6a8d0218e2ff174b
SHA256	e99580e25f419b5ad90669e0c274cf63d30efa08065d064a863e655bdf77fb59
Authentihash MD5	7ca4b02d08ac14414869c00e9065881c
Authentihash SHA1	b6e43367b1208d623965c9d57d9347d08b1a6d1c
Authentihash SHA256	29d6155c68ff372a475d6fe5bde64caa68794bb4164f7e1aae7da5b744f6e6d2
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-03-25 18:33:14
MD5	f589d4bf547c140b6ec8a511ea47c658
SHA1	9481cd590c69544c197b4ee055056302978a7191
SHA256	15cf366f7b3ee526db7ce2b5253ffebcbfaa4f33a82b459237c049f854a97c0c
Authentihash MD5	f6d285ab906467d91afefacb27e68348
Authentihash SHA1	808d44597b95b6471bf6f7b8b6e716c73405f5a0
Authentihash SHA256	3d73996901d2bfac9999a55723cb57ef5bde1e9a73070979df69f1f1fa8782c1
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2014-12-13 11:40:20
MD5	32282e07db321e8d7849f2287bb6a14f
SHA1	d4304bc75c2cb9917bb10a1dc630b75af194f7b2
SHA256	a74e8f94d2c140646a8bb12e3e322c49a97bd1b8a2e4327863d3623f43d65c66
Authentihash MD5	d9d7f6afd6bec170cc913b4f6b317379
Authentihash SHA1	1f5c7b6d0bd335dab1ee04d893aca4309f1b71ad
Authentihash SHA256	cbf98b321670fd17462e7ceb8a0d002b9a1474f8015d94ea267a942a2e20c80b
RichPEHeaderHash MD5	94bfa9368ea43c71afa29bad9fc60535
RichPEHeaderHash SHA1	d8e5ebd3ca141f00753a138144cd1319d755858b
RichPEHeaderHash SHA256	5c236619ead1fde5073ecb323d1c2701a7c522489118cee4ffb4ccf14efc355f
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
RtlCompareMemory
ObfDereferenceObject
IofCompleteRequest
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
RtlInitUnicodeString
MmGetSystemRoutineAddress
PsSetCreateProcessNotifyRoutine
IoEnumerateRegisteredFiltersList
KeBugCheckEx
KeBugCheck
_vsnwprintf
IoDeleteDevice
NtBuildNumber
ObOpenObjectByPointer
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-12-02 17:53:53
MD5	df52f8a85eb64bc69039243d9680d8e4
SHA1	02a9314109e47c5ce52fa553ea57070bf0f8186a
SHA256	e858de280bd72d7538386a73e579580a6d5edba87b66b3671dc180229368be19
Authentihash MD5	209dfaed4036f7b848b78f023d1b193c
Authentihash SHA1	630bd29c4f47ade7994af8a00ad31de4a7fb6210
Authentihash SHA256	58ed3bafe401102ddf52c9c2e006408ef181ceaf85741a73328d8fe92195edca
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-05-26 18:37:27
MD5	70fd7209ce5c013a1f9e699b5cc86cdc
SHA1	76568d987f8603339b8d1958f76de2b957811f66
SHA256	82ac05fefaa8c7ee622d11d1a378f1d255b647ab2f3200fd323cc374818a83f2
Authentihash MD5	c0f04dc6d625e6743512755961683bd3
Authentihash SHA1	27e441dece8bb431f827e92c03debae91f2850fd
Authentihash SHA256	261969a99718fc68b576eb7b58dbdf7c7a781c8f4572b7a77a0be0eec4b32dc2
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2015-01-16 17:24:02
MD5	bfbdea0589fb77c7a7095cf5cd6e8b7a
SHA1	5fef884a901e81ac173d63ade3f5c51694decf74
SHA256	07759750fbb93c77b5c3957c642a9498fcff3946a5c69317db8d6be24098a4a0
Authentihash MD5	b4fa93c4ea580d923c39e987b55f5137
Authentihash SHA1	43c02bccfbaada5408ac3facfc5768dacbdbd887
Authentihash SHA256	6094d55d6c7b4fd45cd06658600cef49007bcb73d6a0ab62f6eeabaa19bfd333
RichPEHeaderHash MD5	8665c9d64e9ce611e8da04f59bef5a6b
RichPEHeaderHash SHA1	68ce0ee056b5baefb1f65c7e665bb2867f59007d
RichPEHeaderHash SHA256	2c3b58420079e8105ce61febc1234fb9f14a5596a25bc2da1bc2e94d89069cab
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
PsDereferencePrimaryToken
PsReferencePrimaryToken
IofCompleteRequest
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
MmGetSystemRoutineAddress
RtlInitUnicodeString
PsSetCreateProcessNotifyRoutine
IoEnumerateRegisteredFiltersList
KeTickCount
NtBuildNumber
IoDeleteSymbolicLink
IoDeleteDevice
memset
IoGetCurrentProcess
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-03-27 19:18:21
MD5	faae7f5f69fde12303dd1c0c816b72b7
SHA1	fe237869b2b496deb52c0bc718ada47b36fc052e
SHA256	1ef7afea0cf2ef246ade6606ef8b7195de9cd7a3cd7570bff90ba1e2422276f6
Authentihash MD5	3f0d45ddee622a7342861abfb2542280
Authentihash SHA1	0c238740114b4232ac438087456573a7bfb4bc76
Authentihash SHA256	16274f4d9293fff056268a2d53c1a2e27db26d6b643f24651b5f2a0c055b7f40
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-09-16 04:02:12
MD5	fe9004353b25640f6a879e57f07122d7
SHA1	dcc852461895311b56e3ae774c8e90782a79c0b4
SHA256	793b78e70b3ae3bb400c5a8bc4d2d89183f1d7fc70954aed43df7287248b6875
Authentihash MD5	8fff226cedcdde20b8bee539c1f8dc34
Authentihash SHA1	78276eb832e4ec854b8276a0933512971e60a84c
Authentihash SHA256	9fba340eece424f30bdf80126f2d72eba5165bc174ccfb5e240b281639f675e3
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2015-07-14 17:15:53
MD5	89d294ef7fefcdf1a6ca0ab96a856f57
SHA1	a63e9ecdebaf4ef9c9ec3362ff110b8859cc396d
SHA256	eab9b5b7e5fab1c2d7d44cd28f13ae8bb083d9362d2b930d43354a3dfd38e05a
Authentihash MD5	dada1d0f3489d58e3f1ed63bbb4c9e1e
Authentihash SHA1	02c27708bf2718ff01113cae968ca8f63cf192ba
Authentihash SHA256	3de9802a0a1f2da67908a69b4face53b2e62d8106d7c8e2f1d4acfd0a0694f26
RichPEHeaderHash MD5	94bfa9368ea43c71afa29bad9fc60535
RichPEHeaderHash SHA1	d8e5ebd3ca141f00753a138144cd1319d755858b
RichPEHeaderHash SHA256	5c236619ead1fde5073ecb323d1c2701a7c522489118cee4ffb4ccf14efc355f
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
RtlCompareMemory
ObfDereferenceObject
IofCompleteRequest
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
RtlInitUnicodeString
MmGetSystemRoutineAddress
PsSetCreateProcessNotifyRoutine
IoEnumerateRegisteredFiltersList
KeBugCheckEx
KeBugCheck
_vsnwprintf
IoDeleteDevice
NtBuildNumber
ObOpenObjectByPointer
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-02-29 03:13:08
MD5	49518f7375a5f995ebe9423d8f19cfe4
SHA1	46c9a474a1a62c25a05bc7661b75a80b471616e6
SHA256	a0931e16cf7b18d15579e36e0a69edad1717b07527b5407f2c105a2f554224b2
Authentihash MD5	8cf465a09311abaf3c1beec007c34af1
Authentihash SHA1	b6a2ef75f88bd7552be4358ecb72eb7856503cb1
Authentihash SHA256	3afd07a7775c13bf147b3ea25fd8fde7cce51bab90753b5af44dc2945d64d699
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2019-11-24 18:50:02
MD5	990b949894b7dc82a8cf1131b063cb1a
SHA1	505546d82aab56889a923004654b9afdec54efe6
SHA256	9a42fa1870472c38a56c0a70f62e57a3cdc0f5bc142f3a400d897b85d65800ac
Authentihash MD5	fde047ef1927adb3392991521497424e
Authentihash SHA1	025a501e9c62f6e0382031f301e5e224bfc275d7
Authentihash SHA256	d67899bbb43fec01b10b33105eb970d44aac5b81dd22cab8bf2d86302f6d08a8
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-08-16 02:26:06
MD5	07056573d464b0f5284f7e3acedd4a3f
SHA1	ed86bb62893e6ffcdfd2ecae2dea77fdf6bf9bde
SHA256	a1e6b431534258954db07039117b3159e889c6b9e757329bbd4126383c60c778
Authentihash MD5	d0bac37efd60f078151553582c724c0e
Authentihash SHA1	ce7cf79d71b6202d36eb44cd7941e00dfb72a86d
Authentihash SHA256	4ab6430b72807637cc173f174301d8411bc17ec2cb542e739d28f77eb9d47327
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2019-07-10 15:09:38
MD5	29047f0b7790e524b09a06852d31a117
SHA1	948368fe309652e8d88088d23e1df39e9c2b6649
SHA256	704c6ffe786bc83a73fbdcd2edd50f47c3b5053da7da6aa4c10324d389a31db4
Authentihash MD5	0c82643a7da80ce21702986433d1b038
Authentihash SHA1	e5344ab55f09e819aa923c6cf9236f344106a103
Authentihash SHA256	938e65ff5760e44faf22a35242547c41a0d8d2b21a2f8a12f6b84d4055aad384
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2014-06-14 14:54:02
MD5	6b3c1511e12f4d27a4ea3b18020d7b84
SHA1	3489ed43bdd11ccbfc892baaeae8102ff7d22f25
SHA256	627e13da6a45006fff4711b14754f9ccfac9a5854d275da798a22f3a68dd1eaa
Authentihash MD5	706136bd0d1f5813c9f2c0044cc9e0ed
Authentihash SHA1	68604430dd407047559417e6941b8429d9fe8bbd
Authentihash SHA256	f902d78dada1658d688b1a8aac6ef48bdf968c859149f60f6c26e5b8af4656da
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
PsDereferencePrimaryToken
PsReferencePrimaryToken
IofCompleteRequest
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
MmGetSystemRoutineAddress
RtlInitUnicodeString
IoEnumerateRegisteredFiltersList
KeTickCount
NtBuildNumber
IoDeleteSymbolicLink
IoDeleteDevice
memset
IoGetCurrentProcess
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-12-17 19:31:00
MD5	c277c4386a78fae1b7e17eaecf4f472b
SHA1	1d373361d3129d11bc43f9b6dfa81d06e5ca8358
SHA256	c7cd14c71bcac5420872c3d825ff6d4be6a86f3d6a8a584f1a756541efff858e
Authentihash MD5	26999d09dc9619834397d4936398ff89
Authentihash SHA1	4b0a8cc2bc05bc1e87802a3306cf13b30f2e9be8
Authentihash SHA256	cbc1543100df83a08f3ee9476cde83db616f610917cd4bf5ecaafad46b6f7e23
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-06-07 16:45:03
MD5	508faa4647f305a97ed7167abc4d1330
SHA1	1b526cbcba09b8d663e82004cf24ef44343030d3
SHA256	f3ec3f22639d45b3c865bb1ed7622db32e04e1dbc456298be02bf1f3875c3aac
Authentihash MD5	7ef5136814f34a3bc01b28b5a53c8900
Authentihash SHA1	582c52652f68b51b58c79a196746bc2a2f9010a8
Authentihash SHA256	ea318c5300b57b35e07b4c16453a660cd5ce059cdb6578d3057e848e14d68eac
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2016-10-29 13:27:21
MD5	7fad9f2ef803496f482ce4728578a57a
SHA1	3bd1a88cc7dae701bc7085639e1c26ded3f8ccb3
SHA256	0740359baef32cbb0b14a9d1bd3499ea2e770ff9b1c85898cfac8fd9aca4fa39
Authentihash MD5	545dfb2a0acc4d2f8bfa4bd3fffed89f
Authentihash SHA1	835d3533f744312aadc2c1c5bc818726077efeed
Authentihash SHA256	951edade4ad00b185929c14622e5efcac1069cadaf6bcc945e744c30f069c9b9
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2015-01-22 14:15:53
MD5	311de109df18e485d4a626b5dbe19bc6
SHA1	cf9baf57e16b73d7a4a99dd0c092870deba1a997
SHA256	dfc80e0d468a2c115a902aa332a97e3d279b1fc3d32083e8cf9a4aadf3f54ad1
Authentihash MD5	690e68213dcd459261fc9ec5ef405d71
Authentihash SHA1	737d5b068d136ff87b6ad9e81e104f9939202d1b
Authentihash SHA256	7fe1958f35b91da7819002c38642bb9408db3167bd311c637aaae6f9d45af3e4
RichPEHeaderHash MD5	8665c9d64e9ce611e8da04f59bef5a6b
RichPEHeaderHash SHA1	68ce0ee056b5baefb1f65c7e665bb2867f59007d
RichPEHeaderHash SHA256	2c3b58420079e8105ce61febc1234fb9f14a5596a25bc2da1bc2e94d89069cab
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
PsDereferencePrimaryToken
PsReferencePrimaryToken
IofCompleteRequest
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
MmGetSystemRoutineAddress
RtlInitUnicodeString
PsSetCreateProcessNotifyRoutine
IoEnumerateRegisteredFiltersList
KeTickCount
NtBuildNumber
IoDeleteSymbolicLink
IoDeleteDevice
memset
IoGetCurrentProcess
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2016-08-21 16:57:45
MD5	97264fd62d4907bdac917917a07b3b7a
SHA1	613a9df389ad612a5187632d679da11d60f6046a
SHA256	0f7bfa10075bf5c193345866333d415509433dbfe5a7d45664b88d72216ff7c3
Authentihash MD5	7c44f7e093214123e7aee5d72b86f73d
Authentihash SHA1	efa8dbf9a71113aac99ec9915236f4a4eb81711c
Authentihash SHA256	7adc0785210452664cb684b2c7687589090d31f2a3d0892e8e520145c0799110
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 330000002418fc0b689e7399d0000000000024

Field	Value
ToBeSigned (TBS) MD5	28b23b39f3bbd936a26a5b86451be0ac
ToBeSigned (TBS) SHA1	3b16f29295d5a7c323beb479c71d3d20c6b8acc2
ToBeSigned (TBS) SHA256	4383c9a796dc607ddaae1849d8e5d2e7ea211aad2c599fe1e251285ec87dd150
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows
ValidFrom	2013-06-17 21:43:38
ValidTo	2014-09-17 21:43:38
Signature	78269c4b43268afbc7329a21653fdf5427c51d156bd9b2be4fc3ce06c9fe486ad28fa1a55698acc8617733a5d9b68b3f69ab82d8d60857a0cf330434703b2af43b3058eec891f89515a9acf8c29aebdcabc8671630a1d22fa51720ab95393c388e3fbed2d42eca2bce4f3ac03be5be68ecfe7f44a6d3871782abd7cc3f8c22300536bd24a13934474bc0cfc2f1479991b991f328cb5a80d06c1046a9249b8dd8747b3c87e54946f28c0bdf14c042566264fbf9475859b221d0434603ab5f655551437be8eb21192f143d173b042f139ce553888cf0534f9d2f090c1edbf10def827a274afeeba10c2b4725b0628a2722d5f209be4f9e3d2d8104a896df82072d
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	False
SerialNumber	330000002418fc0b689e7399d0000000000024
Version	3

Certificate 61077656000000000008

Field	Value
ToBeSigned (TBS) MD5	30a3f0b64324ed7f465e7fc618cb69e7
ToBeSigned (TBS) SHA1	002de3561519b662c5e3f5faba1b92c403fb7c41
ToBeSigned (TBS) SHA256	4e80be107c860de896384b3eff50504dc2d76ac7151df3102a4450637a032146
Subject	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011
ValidFrom	2011-10-19 18:41:42
ValidTo	2026-10-19 18:51:42
Signature	14fc7c7151a579c26eb2ef393ebc3c520f6e2b3f101373fea868d048a6344d8a960526ee3146906179d6ff382e456bf4c0e528b8da1d8f8adb09d71ac74c0a36666a8cec1bd70490a81817a49bb9e240323676c4c15ac6bfe404c0ea16d3acc368ef62acdd546c503058a6eb7cfe94a74e8ef4ec7c867357c2522173345af3a38a56c804da0709edf88be3cef47e8eaef0f60b8a08fb3fc91d727f53b8ebbe63e0e33d3165b081e5f2accd16a49f3da8b19bc242d090845f541dff89eaba1d47906fb0734e419f409f5fe5a12ab21191738a2128f0cede73395f3eab5c60ecdf0310a8d309e9f4f69685b67f51886647198da2b0123d812a680577bb914c627bb6c107c7ba7a8734030e4b627a99e9cafcce4a37c92da4577c1cfe3ddcb80f5afad6c4b30285023aeab3d96ee4692137de81d1f675190567d393575e291b39c8ee2de1cde445735bd0d2ce7aab1619824658d05e9d81b367af6c35f2bce53f24e235a20a7506f6185699d4782cd1051bebd088019daa10f105dfba7e2c63b7069b2321c4f9786ce2581706362b911203cca4d9f22dbaf9949d40ed1845f1ce8a5c6b3eab03d370182a0a6ae05f47d1d5630a32f2afd7361f2a705ae5425908714b57ba7e8381f0213cf41cc1c5b990930e88459386e9b12099be98cbc595a45d62d6a0630820bd7510777d3df345b99f979fcb57806f33a904cf77a4621c597e
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	61077656000000000008
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-09-16 19:34:32
MD5	ba50bd645d7c81416bb26a9d39998296
SHA1	1768f9c780fe7cf66928cfceaef8ed7d985e18f5
SHA256	12b0000698b79ea3c8178b9e87801cc34bad096a151a8779559519deafd4e3f0
Authentihash MD5	10bed6cc6131bc023d0bd01dd7cc52ca
Authentihash SHA1	afbef1bcc71fdb49b5d68d2b5d764feeb2a241cb
Authentihash SHA256	e171be5cf5cc1f74ec346a1ab0dfaa38c16da6b4265eed710a3faabfc13b9d56
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2014-06-27 15:08:09
MD5	c62209b8a5daf3f32ad876ad6cefda1b
SHA1	e3a1e7ce9e9452966885371e4c7fb48a2efdef22
SHA256	0f58e09651d48d2b1bcec7b9f7bb85a2d1a7b65f7a51db281fe0c4f058a48597
Authentihash MD5	79fbc7ad35a38f5f4ed01ebde1ce2790
Authentihash SHA1	a503de77ec0f43661e570cc58214112abe7dbe31
Authentihash SHA256	09d6169da055725274a8c53c3139baff8ceef52346e5a910e735bb17f634f8bb
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
PsDereferencePrimaryToken
PsReferencePrimaryToken
IofCompleteRequest
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
MmGetSystemRoutineAddress
RtlInitUnicodeString
IoEnumerateRegisteredFiltersList
KeTickCount
NtBuildNumber
IoDeleteSymbolicLink
IoDeleteDevice
memset
IoGetCurrentProcess
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-02-25 18:17:16
MD5	bbdbffebfc753b11897de2da7c9912a5
SHA1	f11188c540eada726766e0b0b2f9dd3ae2679c61
SHA256	5295080de37d4838e15dec4e3682545033d479d3d9ac28d74747c086559fb968
Authentihash MD5	6135004699b7dabc0f715f178f7d72ff
Authentihash SHA1	3f0dcaca0faea3fc58d94e247453e409ff3a116d
Authentihash SHA256	7442192141d056cef53a570d072759a648393be52019f32e93ccb7aec5715feb
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-02-29 03:13:31
MD5	c8541a9cef64589593e999968a0385b9
SHA1	fe18c58fbd0a83d67920e037d522c176704d2ca3
SHA256	f9b01406864ab081aa77eef4ad15cb2dd2f830d1ef54f52622a59ff1aeb05ba5
Authentihash MD5	ef7cfe93066557d08cb2999af137bed7
Authentihash SHA1	9ab8ec77be802ff1cea9c129338b291a48c50cbb
Authentihash SHA256	68191d76aaafb52bbec5240c3b371e7dd77ff442b4a3394b41cc402402b43717
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-02-04 18:08:35
MD5	36f44643178c505ea0384e0fb241e904
SHA1	0fe2d22bd2e6b7874f4f2b6279e2ca05edd1222a
SHA256	8206ce9c42582ac980ff5d64f8e3e310bc2baa42d1a206dd831c6ab397fbd8fe
Authentihash MD5	840e82da743d5e920ec6c58e886871b7
Authentihash SHA1	35821d20b94cc169da1bd4e325f349f46d13a6df
Authentihash SHA256	6c9f431814cd58365468ac63ba8b6693c3dd2a2b3ef37b23e5d80d75083b784d
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 6b326a0f0328d37a1d530bfd23bd48e2

Field	Value
ToBeSigned (TBS) MD5	e556c75dbca00e43684d23c11c032d4a
ToBeSigned (TBS) SHA1	50925e36ffd52e5b4d32689e9007b14a3a417168
ToBeSigned (TBS) SHA256	f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
Subject	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Code Signing CA SHA2
ValidFrom	2015-10-29 11:30:29
ValidTo	2027-06-09 11:30:29
Signature	aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	6b326a0f0328d37a1d530bfd23bd48e2
Version	3

Certificate 1519af351702ab2d86968d0be928f529

Field	Value
ToBeSigned (TBS) MD5	7227ed4392de49333e052f8f17c41f69
ToBeSigned (TBS) SHA1	e019d8060f65cc923dab50ea282fb8895c1c75f9
ToBeSigned (TBS) SHA256	eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
Subject	C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source Developer, Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
ValidFrom	2017-12-04 09:50:34
ValidTo	2018-12-04 09:50:34
Signature	a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	False
SerialNumber	1519af351702ab2d86968d0be928f529
Version	3

Certificate 613bc791000000000034

Field	Value
ToBeSigned (TBS) MD5	f5f0d604dd56b0446f98fb67e98a76f8
ToBeSigned (TBS) SHA1	c749c146cc00030ff36ecf9b698e6a377bc15605
ToBeSigned (TBS) SHA256	df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
Subject	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
ValidFrom	2011-04-15 20:15:34
ValidTo	2021-04-15 20:25:34
Signature	419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	613bc791000000000034
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2016-10-05 12:44:52
MD5	aeb0801f22d71c7494e884d914446751
SHA1	3d2309f7c937bfcae86097d716a8ef66c1337a3c
SHA256	818787057fc60ac8b957aa37d750aa4bace8e6a07d3d28b070022ee6dcd603ab
Authentihash MD5	99d62e5e26044dacaaac903ab3a29ecc
Authentihash SHA1	ff2357a79966d2dd53574098670b2e03e4969786
Authentihash SHA256	1425075f7a3f009f703ca8d5bbbfe2cfbc1a7de7f5e17d50708ba99dc0f668ff
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2015-10-08 16:32:53
MD5	968ddb06af90ef83c5f20fbdd4eee62e
SHA1	da970a01cecff33a99c217a42297cec4d1fe66d6
SHA256	28f5aa194a384680a08c0467e94a8fc40f8b0f3f2ac5deb42e0f51a80d27b553
Authentihash MD5	da5e0364a0da94a77183c42078b9cad3
Authentihash SHA1	dcd9b05df79e212836be6563fa6870d9814a6d06
Authentihash SHA256	26908983e18b807894909d11d6d0fa2d8fbe7544b61184267851c2a839f3b306
RichPEHeaderHash MD5	8665c9d64e9ce611e8da04f59bef5a6b
RichPEHeaderHash SHA1	68ce0ee056b5baefb1f65c7e665bb2867f59007d
RichPEHeaderHash SHA256	2c3b58420079e8105ce61febc1234fb9f14a5596a25bc2da1bc2e94d89069cab
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
PsDereferencePrimaryToken
PsReferencePrimaryToken
IofCompleteRequest
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
MmGetSystemRoutineAddress
RtlInitUnicodeString
PsSetCreateProcessNotifyRoutine
IoEnumerateRegisteredFiltersList
KeTickCount
NtBuildNumber
IoDeleteSymbolicLink
IoDeleteDevice
memset
IoGetCurrentProcess
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2015-10-08 16:33:10
MD5	f209cb0e468ca0b76d879859d5c8c54e
SHA1	ba430f3c77e58a4dc1a9a9619457d1c45a19617f
SHA256	7824931e55249a501074a258b4f65cd66157ee35672ba17d1c0209f5b0384a28
Authentihash MD5	e387a7fa0974fb08a31a89b56971fc73
Authentihash SHA1	6402aa89aae254757c4875a2f26b21b84d8dbf19
Authentihash SHA256	9718a5e78f5015a7a9f66c33ae31a6df37535f33039380c6edc103e3a9dbc5ab
RichPEHeaderHash MD5	94bfa9368ea43c71afa29bad9fc60535
RichPEHeaderHash SHA1	d8e5ebd3ca141f00753a138144cd1319d755858b
RichPEHeaderHash SHA256	5c236619ead1fde5073ecb323d1c2701a7c522489118cee4ffb4ccf14efc355f
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
RtlCompareMemory
ObfDereferenceObject
IofCompleteRequest
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
RtlInitUnicodeString
MmGetSystemRoutineAddress
PsSetCreateProcessNotifyRoutine
IoEnumerateRegisteredFiltersList
KeBugCheckEx
KeBugCheck
_vsnwprintf
IoDeleteDevice
NtBuildNumber
ObOpenObjectByPointer
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-09-18 11:18:22
MD5	157a22689629ec876337f5f9409918d5
SHA1	e38e1efd98cd8a3cdb327d386db8df79ea08dccc
SHA256	d43520128871c83b904f3136542ea46644ac81a62d51ae9d3c3a3f32405aad96
Authentihash MD5	c8a52f07d72bf397b5b4141120c35370
Authentihash SHA1	5514398b1ab545178f0e89f20a846d1845f00ccb
Authentihash SHA256	0713a541b70f58bbcd1807c69ae855e9ce041b807e34978df6c1e9357c53acef
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-03-19 08:07:51
MD5	6e625ec04c20a9dbd48c7060efbf5e92
SHA1	07f282db28771838d0e75d6618f70d76acfe6082
SHA256	c8ae217860f793fce3ad0239d7b357dba562824dd7177c9d723ca4d4a7f99a12
Authentihash MD5	61a1629865ee95256784f3d2dc588eee
Authentihash SHA1	af9b01fd7d495f9003320b271bd2cd615b6aa990
Authentihash SHA256	bdd173909efc3bb3c5d216ea0fd9ec5e935c2572ef48973eeb0917b733ff754c
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-08-04 06:00:00
MD5	d34b218c386bfe8b1f9c941e374418d7
SHA1	025c4e1a9c58bf10be99f6562476b7a0166c6b86
SHA256	082a79311da64b6adc3655e79aa090a9262acaac3b917a363b9571f520a17f6a
Authentihash MD5	a8b213ca94c0e3ec1a7f7adec23a28b5
Authentihash SHA1	9a5372857a976684be6662228f00cb778240cad5
Authentihash SHA256	e1b3a3a67599aae12c073ba5ca0928c2c316d438c2b5462194c97687dda64903
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-02-08 04:26:05
MD5	0308b6888e0f197db6704ca20203eee4
SHA1	39169c9b79502251ca2155c8f1cd7e63fd9a42e9
SHA256	ac5fb90e88d8870cd5569e661bea98cf6b001d83ab7c65a5196ea3743146939a
Authentihash MD5	21f52d165d7ecec822ad4db476abc497
Authentihash SHA1	a4ba5483cb66bb55d3523f03b4abf35e8641cdfb
Authentihash SHA256	0fe7b0aaeb4b93840492f7d299a5ac481feb74296afcda1da4214db40856f003
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-08-06 18:22:01
MD5	f7f31bccc9b7b2964ac85106831022b1
SHA1	bb5b17cff0b9e15f1648b4136e95bd20d899aef5
SHA256	efa56907b9d0ec4430a5d581f490b6b9052b1e979da4dab6a110ab92e17d4576
Authentihash MD5	9be199eb75e20575da83510649a2cbc8
Authentihash SHA1	48dfc07c244e3fbf0f5b84ad4c03e103660fe6ee
Authentihash SHA256	29a04c696d544e36b5b5b054b3bfa8c7a5bc2aa261c48eded8f0265d82ec9157
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-01-04 10:58:56
MD5	b5dcc869a91efcc6e8ea0c3c07605d63
SHA1	98588b1d1b63747fa6ee406983bf50ad48a2208b
SHA256	80e4c83cfa9d675a6746ab846fa5da76d79e87a9297e94e595a2d781e02673b3
Authentihash MD5	2fae440eea265327c767ca35b28dc3be
Authentihash SHA1	0835c5e8536d3abcf20f0af3baa24943d67a4326
Authentihash SHA256	6413aa70a5664953223205b6364d676fac0c0491d12ddaadc91b7f12fa53f77b
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-08-16 16:46:18
MD5	68caf620ef8deaf06819cf8c80d3367b
SHA1	86f34eaea117f629297218a4d196b5729e72d7b9
SHA256	02ebf848fa618eba27065db366b15ee6629d98f551d20612ac38b9f655f37715
Authentihash MD5	877f0b3e3854d66aa97efc41d0527fbf
Authentihash SHA1	769cc9a5a5a768503df511c80bb60bf04e3e8df8
Authentihash SHA256	dca34739f3935caed2af248206452e7ba1fdf394c901e74729b5a96884dc6228
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-08-04 17:23:33
MD5	d075d56dfce6b9b13484152b1ef40f93
SHA1	50c6b3cafc35462009d02c10f2e79373936dd7bb
SHA256	19dfacea1b9f19c0379f89b2424ceb028f2ce59b0db991ba83ae460027584987
Authentihash MD5	67eeaf7f745b43a4c207c49cd585dd8a
Authentihash SHA1	1e528afea49197c1d9e67aa6fa08e99b675162e4
Authentihash SHA256	5b5590995c6bcd39884dceda1e87e8516a3767bce00519ce140a46f1a77666ff
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2021-06-22 14:01:04
MD5	e39152eadd76751b1d7485231b280948
SHA1	635a39ff5066e1ac7c1c5995d476d8c233966dda
SHA256	4b97d63ebdeda6941bb8cef5e94741c6cca75237ca830561f2262034805f0919
Authentihash MD5	3d94608c59c92218809dd4fcb7ccb9c5
Authentihash SHA1	39488246d1782664bedc39c53cdc14d804af542f
Authentihash SHA256	fa659944a59430edc6162b285d0fa7b6fbfd28b9057f7286eee127888431844e
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-03-08 11:30:31
MD5	2bb353891d65c9e267eb98a3a2b694c3
SHA1	b2fb5036b29b12bcec04c3152b65b67ca14d61f2
SHA256	95e5b5500e63c31c6561161a82f7f9373f99b5b1f54b018c4866df4f2a879167
Authentihash MD5	822724c9a809efe8252bbe30dc35f876
Authentihash SHA1	59cccb4cf97b598b6b1ffd31e7021b5b7341e651
Authentihash SHA256	46aac78f7cd865d27189c8308841f12a5512e657be0dd6e8b178aac5223889fe
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-03-17 20:18:10
MD5	d70a80fc73dd43469934a7b1cc623c76
SHA1	bb6ef5518df35d9508673d5011138add8c30fc27
SHA256	d50cb5f4b28c6c26f17b9d44211e515c3c0cc2c0c4bf24cd8f9ed073238053ad
Authentihash MD5	4f83f4106a064454d042be3acdf51433
Authentihash SHA1	00389c07e9cc727910552e0e5d7a36b571587039
Authentihash SHA256	89e579ccbbd834bdd1d5b394843b6110813849000d9116489f14c146cbe66811
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2021-05-18 09:06:19
MD5	b52f51bbe6b49d0b475d943c29c4d4cb
SHA1	4f7989ad92b8c47c004d3731b7602ce0934d7a23
SHA256	ee525b90053bb30908b5d7bf4c5e9b8b9d6b7b5c9091a26fa25d30d3ad8ef5d0
Authentihash MD5	d19da93a227f29c779c50c8a381b0fa6
Authentihash SHA1	aae9989c7e466cfa4e1c33f8e7c5937554ba9aa0
Authentihash SHA256	b29cf0840f2efe394091e07e6701c44916a9e3dafdef6952c1d28fbeb4649df3
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-07-31 20:46:04
MD5	920df6e42cf91bbe19707f5a86e3c5c5
SHA1	a2fe7de67b3f7d4b1def88ce4ba080f473c0fbc6
SHA256	4999541c47abd4a7f2a002c180ae8d31c19804ce538b85870b8db53d3652862b
Authentihash MD5	139811484a728ff40094e2671eade0d5
Authentihash SHA1	a4539444af2f2a478a88ddf57d88f46d7ea0100c
Authentihash SHA256	fcad50a13dcf1eeefffe2c2f51a052fd13bfaeddb0bd1f3c2353c64284ea62e2
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2016-10-29 13:27:37
MD5	db86dfd7aefbb5be6728a63461b0f5f3
SHA1	de9469a5d01fb84afd41d176f363a66e410d46da
SHA256	3b2cd65a4fbdd784a6466e5196bc614c17d1dbaed3fd991d242e3be3e9249da6
Authentihash MD5	8161ee04d917caa1c90ac5e9721b0e94
Authentihash SHA1	97f35c9c492b84f5e5819d63442af76522c83581
Authentihash SHA256	d172d95afc72a8a4a6362175bd68b5f4405f166fff94464d845213af586fe8bd
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2018-06-16 10:49:00
MD5	5be61a24f50eb4c94d98b8a82ef58dcf
SHA1	a5914161f8a885702427cf75443fb08d28d904f0
SHA256	aafa642ca3d906138150059eeddb6f6b4fe9ad90c6174386cfe13a13e8be47d9
Authentihash MD5	f7d4bed422d5211ebf2a51e330f0910b
Authentihash SHA1	8c7217435c8c3ca65c2fc2a17788e40de9ecb248
Authentihash SHA256	07f962d8b90f359cf12faa55772d0ef05237ac2fbb2ff7d5cff700df93643e65
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 6b326a0f0328d37a1d530bfd23bd48e2

Field	Value
ToBeSigned (TBS) MD5	e556c75dbca00e43684d23c11c032d4a
ToBeSigned (TBS) SHA1	50925e36ffd52e5b4d32689e9007b14a3a417168
ToBeSigned (TBS) SHA256	f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
Subject	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Code Signing CA SHA2
ValidFrom	2015-10-29 11:30:29
ValidTo	2027-06-09 11:30:29
Signature	aae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	6b326a0f0328d37a1d530bfd23bd48e2
Version	3

Certificate 1519af351702ab2d86968d0be928f529

Field	Value
ToBeSigned (TBS) MD5	7227ed4392de49333e052f8f17c41f69
ToBeSigned (TBS) SHA1	e019d8060f65cc923dab50ea282fb8895c1c75f9
ToBeSigned (TBS) SHA256	eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
Subject	C=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source Developer, Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
ValidFrom	2017-12-04 09:50:34
ValidTo	2018-12-04 09:50:34
Signature	a671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	False
SerialNumber	1519af351702ab2d86968d0be928f529
Version	3

Certificate 613bc791000000000034

Field	Value
ToBeSigned (TBS) MD5	f5f0d604dd56b0446f98fb67e98a76f8
ToBeSigned (TBS) SHA1	c749c146cc00030ff36ecf9b698e6a377bc15605
ToBeSigned (TBS) SHA256	df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
Subject	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
ValidFrom	2011-04-15 20:15:34
ValidTo	2021-04-15 20:25:34
Signature	419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	613bc791000000000034
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-03-27 19:18:03
MD5	2730cc25ad385acc7213a1261b21c12d
SHA1	9648ad90ec683c63cc02a99111a002f9b00478d1
SHA256	82b7fa34ad07dbf9afa63b2f6ed37973a1b4fe35dee90b3cf5c788c15c9f08f7
Authentihash MD5	ea59bf845819844f1e170473b1fcc657
Authentihash SHA1	fee88f233e0d57a61531ccc8d39bf68ff4cc1ccf
Authentihash SHA256	683936955d7e3281573fcbaa149fc384a06dc4a12cd67ce601aba2f1a32b19c3
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-03-12 05:47:24
MD5	44857ca402a15ab51dc5afe47abdfa44
SHA1	c75e8fceed74a4024d38ca7002d42e1ecf982462
SHA256	4bca0a401b364a5cc1581a184116c5bafa224e13782df13272bc1b748173d1be
Authentihash MD5	c5eb3885068942d541e5373728f92461
Authentihash SHA1	3ce1d1098eb5147ef224357eb9c40d1cdfd04ea8
Authentihash SHA256	01096e6d09cad1af557561f678e70434355a4d07a94ba97774957c16e87bab6a
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2016-10-24 18:25:21
MD5	13a57a4ef721440c7c9208b51f7c05de
SHA1	6d09d826581baa1817be6fbd44426db9b05f1909
SHA256	9dc7beb60a0a6e7238fc8589b6c2665331be1e807b4d2b3ddd1c258dbbd3e2f7
Authentihash MD5	9ee33a7eee222c3d253561ab621ed335
Authentihash SHA1	23f0282fa5e45febc717ea79e394d47a0328d4ee
Authentihash SHA256	234664ae69df63d55c1477f3adc33ffdb130fc939c55c16e73e3339a133bcfa3
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2015-01-22 14:16:07
MD5	3359e1d4244a7d724949c63e89689ef8
SHA1	6972314b6d6b0109b9d0a951eb06041f531f589b
SHA256	06ddf49ac8e06e6b83fccba1141c90ea01b65b7db592c54ffe8aa6d30a75c0b8
Authentihash MD5	c5f0c9fee92943e29d4b2a8716381e20
Authentihash SHA1	2f1dc67f1c8b7335d6cfee17f3732527d732d7dd
Authentihash SHA256	b9914ac1acbdc493d78c289bd185c301498c312602cabfcae8aa86cecb9fd14c
RichPEHeaderHash MD5	94bfa9368ea43c71afa29bad9fc60535
RichPEHeaderHash SHA1	d8e5ebd3ca141f00753a138144cd1319d755858b
RichPEHeaderHash SHA256	5c236619ead1fde5073ecb323d1c2701a7c522489118cee4ffb4ccf14efc355f
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
RtlCompareMemory
ObfDereferenceObject
IofCompleteRequest
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
RtlInitUnicodeString
MmGetSystemRoutineAddress
PsSetCreateProcessNotifyRoutine
IoEnumerateRegisteredFiltersList
KeBugCheckEx
KeBugCheck
_vsnwprintf
IoDeleteDevice
NtBuildNumber
ObOpenObjectByPointer
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2020-08-04 17:23:09
MD5	1e0eb80347e723fa31fce2abb0301d44
SHA1	01cf1fe3937fb6585ffb468b116a3af8ddf9ef16
SHA256	1a5c08d40a5e73b9fe63ea5761eaec8f41d916ca3da2acbc4e6e799b06af5524
Authentihash MD5	844d7fd5ec208cdb66f3cc238b32139f
Authentihash SHA1	0e7956ca48ab640cf72c4030f77c6e62bdf6eab4
Authentihash SHA256	3327d9e938d4ae29de110e219662ce04932935a7886e99feb508ffe77c9e00c2
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409

Field	Value
ToBeSigned (TBS) MD5	a637f8f3c278575f41cda67c2063c050
ToBeSigned (TBS) SHA1	debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
ToBeSigned (TBS) SHA256	f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2026-04-13 10:00:00
Signature	1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
SignatureAlgorithmOID	1.2.840.113549.1.1.11
IsCertificateAuthority	True
SerialNumber	751e3ee9c5dc2f3e8f04e59dee5ed409
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2019-05-12 17:34:34
MD5	2c39f6172fbc967844cac12d7ab2fa55
SHA1	3d27013557b5e68e7212a2f78dfe60c5a2a46327
SHA256	41ad660820c41fc8b1860b13dc1fea8bc8cb2faceb36ed3e29d40d28079d2b1f
Authentihash MD5	486125bd8dbe6940040149ff7cde6796
Authentihash SHA1	47b3cbd97520c493ecaaf9cf93d08f31f3288b43
Authentihash SHA256	785723a3afe96876382524a9e90984f379c41521cd1f86a2172314ad58785e4f
RichPEHeaderHash MD5	c4873a245675b1071413f34af4d80050
RichPEHeaderHash SHA1	dd32c95fe9c3a8bcfa7623a732f2492214ff5881
RichPEHeaderHash SHA256	2673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
Company	gentilkiwi (Benjamin DELPY)
Description	mimidrv for Windows (mimikatz)
Product	mimidrv (mimikatz)
OriginalFilename	mimidrv.sys

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx
FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-06-18 10:46:24
MD5	c159fb0f345a8771e56aab8e16927361
SHA1	ac4ace1c21c5cb72c6edf6f2f0cc3513d7c942c3
SHA256	af7ca247bf229950fb48674b21712761ac650d33f13a4dca44f61c59f4c9ac46
Authentihash MD5	12c01d5a170fb10316ddfa8c9ad9ca9b
Authentihash SHA1	64ebdc45f21f854c1feb7e228e3c3ff4fcf3fcb9
Authentihash SHA256	577e381b5d36faf15cde84ed59c51e2dcb65d90140848111429e1c8cfb0553f5
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

Property	Value
Filename
Creation Timestamp	2017-12-19 16:17:57
MD5	6ececf26ff8b03ed7ffbddadec9a9dab
SHA1	4e0f5576804dab14abb29a29edb9616a1dbe280a
SHA256	773b4a1efb9932dd5116c93d06681990759343dfe13c0858d09245bc610d5894
Authentihash MD5	754edc1697f09e26fb3833d0381570d1
Authentihash SHA1	b5464d2e71937e21f5658eaa0a3608ac57c29bc2
Authentihash SHA256	c6f7acc48d15f334a757a416809eb596d291952cf730a281de4a4423e18dce76
RichPEHeaderHash MD5	d45d2640e1584c776a1d10e5f695d7ad
RichPEHeaderHash SHA1	fef88c261764494d9a145b37b7739f3454786729
RichPEHeaderHash SHA256	213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707

Download

Certificates

Expand

Certificate 0400000000012f4ee1355c

Field	Value
ToBeSigned (TBS) MD5	f6a9e8eb8784f3f694b4e353c08a0ff5
ToBeSigned (TBS) SHA1	589a7d4df869395601ba7538a65afae8c4616385
ToBeSigned (TBS) SHA256	cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
Subject	C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
ValidFrom	2011-04-13 10:00:00
ValidTo	2019-04-13 10:00:00
Signature	225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	0400000000012f4ee1355c
Version	3

Certificate 112169417a1c3ef46a301f99385f50680fa0

Field	Value
ToBeSigned (TBS) MD5	ee0a53dda8301d1e78bd5487f1d49bf4
ToBeSigned (TBS) SHA1	5538f8cd492c2ec8d581f3665d2b4217c86fa19a
ToBeSigned (TBS) SHA256	a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
Subject	C=FR, CN=Benjamin Delpy
ValidFrom	2011-06-28 09:46:16
ValidTo	2014-06-28 09:46:16
Signature	7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	False
SerialNumber	112169417a1c3ef46a301f99385f50680fa0
Version	3

Certificate 610b7f6b000000000019

Field	Value
ToBeSigned (TBS) MD5	4798d55be7663a75649cda4dedc686ef
ToBeSigned (TBS) SHA1	0f1ab2937b245d9466ea6f9bf056a5942e3989cf
ToBeSigned (TBS) SHA256	ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
Subject	C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
ValidFrom	2006-05-23 17:00:51
ValidTo	2016-05-23 17:10:51
Signature	13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
SignatureAlgorithmOID	1.2.840.113549.1.1.5
IsCertificateAuthority	True
SerialNumber	610b7f6b000000000019
Version	3

Imports

Expand

ntoskrnl.exe
FLTMGR.SYS

Imported Functions

Expand

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx
FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Exported Functions

Expand

Sections

Expand

.text
.rdata
.data
.pdata
PAGE
INIT
.rsrc
.reloc

Signature

Expand

{
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0400000000012f4ee1355c",
      "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "TBS": {
        "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
        "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
        "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
        "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
      },
      "ValidFrom": "2011-04-13 10:00:00",
      "ValidTo": "2019-04-13 10:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=FR, CN=Benjamin Delpy",
      "TBS": {
        "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
        "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
        "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
        "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
      },
      "ValidFrom": "2011-06-28 09:46:16",
      "ValidTo": "2014-06-28 09:46:16",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610b7f6b000000000019",
      "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
      "TBS": {
        "MD5": "4798d55be7663a75649cda4dedc686ef",
        "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
        "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
        "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
      },
      "ValidFrom": "2006-05-23 17:00:51",
      "ValidTo": "2016-05-23 17:10:51",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
      "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

source

last_updated: 2024-04-09