87752fb8-e9f6-4235-91e2-c4343677d817

mimidrv.sys :inline

Description

Mimidrv is a signed Windows Driver Model WDM kernel mode software driver meant to be used with the standard Mimikatz executable.

  • UUID: 87752fb8-e9f6-4235-91e2-c4343677d817
  • Created: 2023-05-22
  • Author: Michael Haag
  • Acknowledgement: hfiref0x | hfiref0x

Download

This download link contains the malicious driver!

Commands

sc.exe create mimidrv.sys binPath=C:\windows\temp\mimidrv.sys type=kernel && sc.exe start mimidrv.sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://github.com/magicsword-io/LOLDrivers/issues/55#issuecomment-1537161951
  • https://github.com/hfiref0x/KDU
  • https://posts.specterops.io/mimidrv-in-depth-4d273d19e148
  • https://github.com/gentilkiwi/mimikatz

  • Known Vulnerable Samples

    PropertyValue
    Filenamemimidrv.sys
    Creation Timestamp2019-08-13 17:31:42
    MD529e03f4811b64969e48a99300978f58c
    SHA1a8ddb7565b61bc021cd2543a137e00627f999dcc
    SHA256200f98655d1f46d2599c2c8605ebb7e335fee3883a32135ca1a81e09819bc64a
    Authentihash MD545fc2828291ee88335899461a2e7d8b7
    Authentihash SHA10e732d18a7d880f0505433a0da0e100da0e1c3a3
    Authentihash SHA25677586c3968ec72ad19fa7098c9da27b0677e45220812eaab197075f4175e8cc6
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2017-03-19 20:32:16
    MD51d51029dfbd616bf121b40a0d1efeb10
    SHA1d3f6c3ea2ef7124403c0fb6e7e3a0558729b5285
    SHA256b8c71e1844e987cd6f9c2baf28d9520d4ccdd8593ce7051bb1b3c9bf1d97076a
    Authentihash MD59c7be6cc75cd27d1280f2a2b735546d1
    Authentihash SHA19b733883aec5bd5c2bcc371c28f6c5176aca2eff
    Authentihash SHA2567e1d32e156037b09105c3640d06e5b34fbe0bb49c605697d13b5fc26776fae26
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2019-08-13 17:31:13
    MD5ba54a0dbe2685e66e21d41b4529b3528
    SHA187e20486e804bfff393cc9ad9659858e130402a2
    SHA2569e56e96df36237e65b3d7dbc490afdc826215158f6278cd579c576c4b455b392
    Authentihash MD548b50265ab9ca2af10d7bee2d69c4630
    Authentihash SHA1f773bcfc7eae8a1c1b90c775f1fb63c7a64031c3
    Authentihash SHA2569a84ad211fc549d0f118b3211cb11fd3ab2ced86de9cd20173d03e1a47834133
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2019-05-03 17:51:55
    MD51325ec39e98225e487b40043faee8052
    SHA1bf5515fcf120c2548355d607cfd57e9b3e0af6e9
    SHA25626ef7b27d1afb685e0c136205a92d29b1091e3dcf6b7b39a4ec03fbbdb57cb55
    Authentihash MD5b092aa28bfe8b2d550e3e3a735e7fa24
    Authentihash SHA113030898df096d9882211379e018da940c2c8ac0
    Authentihash SHA256b8d3914b796832a576ed0c977db439c8a5d6df5d0608088c39c786ff81bc2f11
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2016-09-21 18:30:06
    MD5c5ae6ca044bd03c3506c132b033be1dc
    SHA1928b5971a0f7525209d599e2ef15c31717047022
    SHA256af4f42197f5ce2d11993434725c81ecb6f54025110dedf56be8ffc0e775d9895
    Authentihash MD550a2027559b8ba25b2b7d5700b608dab
    Authentihash SHA1f4c5c47723286a51e8c830100c157963c57934ba
    Authentihash SHA2567b49579b74108e2418a6b401cd729e3fafe1c8ba1fe8434f73c8d0f1758b08d3
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2013-11-24 13:23:00
    MD524d3ea54f25e32832ac20335a1ce1062
    SHA12a202830db58d5e942e4f6609228b14095ed2cab
    SHA256a906251667a103a484a6888dca3e9c8c81f513b8f037b98dfc11440802b0d640
    Authentihash MD58f1bac183519a07d73a86a3a747a8a9b
    Authentihash SHA18410c9e980425a89793fbe2612d3716184af2cb7
    Authentihash SHA25671c0c98aa54dc88af8b094ceef88352052d592e0f40892825dedbf1abba16635
    RichPEHeaderHash MD563c6b4112622c2a9182cdd1d0d5235d7
    RichPEHeaderHash SHA13e48025a171d18c5839ab1e58b64dbc6483417d0
    RichPEHeaderHash SHA256ed34aa4b85d59a228c388a98cfa6395194fde9f005fc0bb1aa2ec852377d82f6
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee152d7
    FieldValue
    ToBeSigned (TBS) MD5e140543fe3256027cfa79fc3c19c1776
    ToBeSigned (TBS) SHA1c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
    ToBeSigned (TBS) SHA2563ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2028-01-28 12:00:00
    Signature4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee152d7
    Version3
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 1121405c1f0ed258882be54d8686ba11ea45
    FieldValue
    ToBeSigned (TBS) MD5b95cbc184d388718612d5933f7b36770
    ToBeSigned (TBS) SHA1ff124c5d160710720108616ffee99bbe090ed363
    ToBeSigned (TBS) SHA25613027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
    SubjectC=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode , G1
    ValidFrom2013-08-23 00:00:00
    ValidTo2024-09-23 00:00:00
    Signature0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber1121405c1f0ed258882be54d8686ba11ea45
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • IofCompleteRequest
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ZwUnloadKey
    • RtlInitUnicodeString
    • MmGetSystemRoutineAddress
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • KeBugCheck
    • _vsnwprintf
    • IoDeleteDevice
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2019-04-08 16:54:18
    MD5c7b7f1edb9bbef174e6506885561d85d
    SHA1c3aafe8f67c6738489377031cb5a1197e99b202d
    SHA2564bd4715d2a7af627da11513e32fab925c872babebdb7ff5675a75815fbf95021
    Authentihash MD583781f2cad5e578a633bd6869b7ea8b3
    Authentihash SHA1611e32fcb95d91770078b4cc630a00396cb013bb
    Authentihash SHA256e0fa3fa9488583353b39f12f857911b7115ecd82b70f6fb7be70633d72147649
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2018-12-09 15:56:22
    MD54cf14a96485a1270fed97bb8000e4f86
    SHA18aa0e832e5ca2eb79dafabadbe9948a191008383
    SHA25660ee78a2b070c830fabb54c6bde0d095dff8fad7f72aa719758b3c41c72c2aa9
    Authentihash MD52d3446ae7ea69e3c1048b51089c71d8f
    Authentihash SHA14a57ed5011ec329c5756a58946ce5280677f22be
    Authentihash SHA256ebc3a28af05f5b0b456f6ea59ad613109bbb1e2a888d7e3808e331335a77f087
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2020-02-08 04:26:40
    MD5eb57f03b7603f0b235af62e8cd5be8c2
    SHA1b5696e2183d9387776820ef3afa388200f08f5a6
    SHA256bc49cb96f3136c3e552bf29f808883abb9e651040415484c1736261b52756908
    Authentihash MD581d5b7724b6a1c5be4978397c8f963b1
    Authentihash SHA177179256fcde70ccb24b5a5017f9299543d4f364
    Authentihash SHA256fc26cebb27c76c6e3d22da679cff81477cab4fcabfb6f5a8a27f596ab51713ae
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409
    FieldValue
    ToBeSigned (TBS) MD5a637f8f3c278575f41cda67c2063c050
    ToBeSigned (TBS) SHA1debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
    ToBeSigned (TBS) SHA256f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2026-04-13 10:00:00
    Signature1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber751e3ee9c5dc2f3e8f04e59dee5ed409
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2020-05-02 08:23:21
    MD570a71fe86df717ac59dbf856d7ac5789
    SHA1fe54a1acc5438883e5c1bba87b78bb7322e2c739
    SHA256f03f0fb3a26bb83e8f8fa426744cf06f2e6e29f5220663b1d64265952b8de1a1
    Authentihash MD5e5bce10af730d5869942ecd31c7f157f
    Authentihash SHA1a1f710378ed3f8763641137b839f7570200c019d
    Authentihash SHA2567af0efdd72c68fdd105bb73be148ab7bf78a157cb1b241a85362a5bc5da91bd8
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409
    FieldValue
    ToBeSigned (TBS) MD5a637f8f3c278575f41cda67c2063c050
    ToBeSigned (TBS) SHA1debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
    ToBeSigned (TBS) SHA256f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2026-04-13 10:00:00
    Signature1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber751e3ee9c5dc2f3e8f04e59dee5ed409
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2016-08-21 16:57:31
    MD54198d3db44d7c4b3ba9072d258a4fc2d
    SHA1e42bd2f585c00a1d6557df405246081f89542d15
    SHA256bcb774b6f6ff504d2db58096601bc5cb419c169bfbeaa3af852417e87d9b2aa0
    Authentihash MD5014d3ae3aca830bd77782f26492d1083
    Authentihash SHA123ce72f43542a945b95acd9ac4a27dbbf7f59196
    Authentihash SHA2566416ea9d2a15899dbf4a98b70bdedb4cc6eaf748c14c554b26ae2fe57ef8aa2a
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2018-08-16 16:45:45
    MD5bdb305aa0806f8b38b7ce43c927fe919
    SHA1844d7bcd1a928d340255ff42971cca6244a459bf
    SHA256a85d3fd59bb492a290552e5124bfe3f9e26a3086d69d42ccc44737b5a66673ec
    Authentihash MD57d7c88f9aa5cddebfdf05583095e292a
    Authentihash SHA163ec2554b377adb9a2c610f4f98afdbb9512e802
    Authentihash SHA2560820ae4ffc5258b49787423bd392cd29a6a77777b955dd210a41238b02f05c3e
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2014-01-11 07:24:30
    MD5e172a38ade3aa0a2bc1bf9604a54a3b5
    SHA1c5bd9f2b3a51ba0da08d7c84bab1f2d03a95e405
    SHA25694ba4bcbdb55d6faf9f33642d0072109510f5c57e8c963d1a3eb4f9111f30112
    Authentihash MD58051f1d130479b666ce25171f0368aa9
    Authentihash SHA1acbcc2ee1f5150c4ff2918b7b8a38fff3df8328f
    Authentihash SHA2560cde416accd63c33ac9f4fd7bb6426c8bc3e6a18a335e9bbfea7cc767c30d3b6
    RichPEHeaderHash MD59ef7d3e0d40381093233ad6158457c82
    RichPEHeaderHash SHA1de9692ae52b47eb6c3384d87c48ae5b8abec3472
    RichPEHeaderHash SHA25638e33f9063e4b5374496e628a2d0cc0858d3b9ce65fd320d40928b79a0fef5e9
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee152d7
    FieldValue
    ToBeSigned (TBS) MD5e140543fe3256027cfa79fc3c19c1776
    ToBeSigned (TBS) SHA1c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
    ToBeSigned (TBS) SHA2563ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2028-01-28 12:00:00
    Signature4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee152d7
    Version3
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 1121405c1f0ed258882be54d8686ba11ea45
    FieldValue
    ToBeSigned (TBS) MD5b95cbc184d388718612d5933f7b36770
    ToBeSigned (TBS) SHA1ff124c5d160710720108616ffee99bbe090ed363
    ToBeSigned (TBS) SHA25613027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
    SubjectC=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode , G1
    ValidFrom2013-08-23 00:00:00
    ValidTo2024-09-23 00:00:00
    Signature0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber1121405c1f0ed258882be54d8686ba11ea45
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • IofCompleteRequest
    • PsDereferencePrimaryToken
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • KeServiceDescriptorTable
    • MmGetSystemRoutineAddress
    • RtlInitUnicodeString
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • NtBuildNumber
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsProcessType
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2016-05-24 16:19:13
    MD54e4c068c06331130334f23957fca9e3c
    SHA19e2ebc489c50b6bbae3b08473e007baa65ff208f
    SHA2562da2b883e48e929f5365480d487590957d9e6582cc6da2c0b42699ba85e54fe2
    Authentihash MD5c25bd15b32ec15b42f3873f7af977d4a
    Authentihash SHA1a49347cfcc27732b692e31052aaf07c0849748fa
    Authentihash SHA256e37671575137d4e726efe2cfb730455bfcc5c08d553330dc68840ce8f7c63280
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2018-03-17 17:21:06
    MD50d2ba47286f1c68e87622b3a16bf9d92
    SHA1e5566684a9e0c1afadae80c3a8be6636f6cad7cf
    SHA25621617210249d2a35016e8ca6bd7a1edda25a12702a2294d56010ee8148637f5a
    Authentihash MD596f61230b60e338e222fdd60d55d3657
    Authentihash SHA1107bdd495d694b253776c4e9907a21d55847eda3
    Authentihash SHA25689ec70089d61eccb9021edc6f1b50a9ef99196467a011e1dc7d0325aa51b7dff
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 6b326a0f0328d37a1d530bfd23bd48e2
    FieldValue
    ToBeSigned (TBS) MD5e556c75dbca00e43684d23c11c032d4a
    ToBeSigned (TBS) SHA150925e36ffd52e5b4d32689e9007b14a3a417168
    ToBeSigned (TBS) SHA256f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
    SubjectC=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Code Signing CA SHA2
    ValidFrom2015-10-29 11:30:29
    ValidTo2027-06-09 11:30:29
    Signatureaae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber6b326a0f0328d37a1d530bfd23bd48e2
    Version3
    Certificate 1519af351702ab2d86968d0be928f529
    FieldValue
    ToBeSigned (TBS) MD57227ed4392de49333e052f8f17c41f69
    ToBeSigned (TBS) SHA1e019d8060f65cc923dab50ea282fb8895c1c75f9
    ToBeSigned (TBS) SHA256eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
    SubjectC=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source Developer, Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
    ValidFrom2017-12-04 09:50:34
    ValidTo2018-12-04 09:50:34
    Signaturea671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber1519af351702ab2d86968d0be928f529
    Version3
    Certificate 613bc791000000000034
    FieldValue
    ToBeSigned (TBS) MD5f5f0d604dd56b0446f98fb67e98a76f8
    ToBeSigned (TBS) SHA1c749c146cc00030ff36ecf9b698e6a377bc15605
    ToBeSigned (TBS) SHA256df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
    SubjectC=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
    ValidFrom2011-04-15 20:15:34
    ValidTo2021-04-15 20:25:34
    Signature419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber613bc791000000000034
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2020-01-04 10:59:21
    MD558c37866cbc3d1338e4fc58ada924ffe
    SHA16c7663de88a0fba1f63a984f926c6ef449059e38
    SHA2567b846b0a717665e4d9fb313f25d1f6a5b782e495387aea45cf87ad3c049ac0db
    Authentihash MD53be821abb1d26f9f18cbec3ba98bd1b1
    Authentihash SHA1496ae577a52cdbf6f19fb10bfb8a42448d9f2279
    Authentihash SHA256c24f503462a98f7a8bf0dbff0c8242e1f3d4e6cdf4327152f508717f0eafee4b
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409
    FieldValue
    ToBeSigned (TBS) MD5a637f8f3c278575f41cda67c2063c050
    ToBeSigned (TBS) SHA1debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
    ToBeSigned (TBS) SHA256f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2026-04-13 10:00:00
    Signature1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber751e3ee9c5dc2f3e8f04e59dee5ed409
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2018-08-19 17:53:35
    MD5aa98b95f5cbae8260122de06a215ee10
    SHA11fdb2474908bdd2ee1e9bd3f224626f9361caab7
    SHA256d7aa8abdda8a68b8418e86bef50c19ef2f34bc66e7b139e43c2a99ab48c933be
    Authentihash MD511397e23887327ebc3488a5c8c248fd3
    Authentihash SHA1e3451a9f2de7be02b5d46cb7049d21bb0ca9363e
    Authentihash SHA256f2d3101ef507e6d9ae5475d8fd9b1ca6d2548fe0454c25389d6981f1b33f88f7
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2020-03-08 06:32:35
    MD5e1a9aa4c14669b1fb1f67a7266f87e82
    SHA198130128685c8640a8a8391cb4718e98dd8fe542
    SHA256c42c1e5c3c04163bf61c3b86b04a5ec7d302af7e254990cef359ac80474299da
    Authentihash MD55462bedeee0d01475f6b129a7e7a96d2
    Authentihash SHA13557c20c63fe9f08995f6d76ab6ad80cb2e11da6
    Authentihash SHA256714ac82a4e2b971f19df9c5cdcc7d7df52ac44ce1bfad675e50122406bed04a2
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409
    FieldValue
    ToBeSigned (TBS) MD5a637f8f3c278575f41cda67c2063c050
    ToBeSigned (TBS) SHA1debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
    ToBeSigned (TBS) SHA256f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2026-04-13 10:00:00
    Signature1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber751e3ee9c5dc2f3e8f04e59dee5ed409
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2017-06-06 18:25:53
    MD55076fba3d90e346fd17f78db0a4aa12c
    SHA19086e670e3a4518c0bcdf0da131748d4085ef42b
    SHA2566d68d8a71a11458ddf0cbb73c0f145bee46ef29ce03ad7ece6bd6aa9d31db9b7
    Authentihash MD53eabdd91d711f5a696d02a9a64e1192d
    Authentihash SHA1bc893a4040dc41d18853d4d1c5d90d01564f79ef
    Authentihash SHA256054c2b8c5e89a2bff72eb6e1169537cf8654b614d9aac1e1e3d8ea02343872fc
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2020-09-16 04:01:34
    MD5840a5edf2534dd23a082cf7b28cbfc4d
    SHA18ad0919629731b9a8062f7d3d4a727b28f22e81a
    SHA256b0b80a11802b4a8ca69c818a03e76e7ef57c2e293de456439401e8e6073f8719
    Authentihash MD561a26b2fe61a0d6037fdcbb047f97496
    Authentihash SHA12cbec330507fb9951a7b0442bf4fe7b9d4cefd88
    Authentihash SHA25636670821bb4a9d69bb6193e21b0da5c52975f001d3ed2dd7ee6307a2cff8317c
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409
    FieldValue
    ToBeSigned (TBS) MD5a637f8f3c278575f41cda67c2063c050
    ToBeSigned (TBS) SHA1debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
    ToBeSigned (TBS) SHA256f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2026-04-13 10:00:00
    Signature1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber751e3ee9c5dc2f3e8f04e59dee5ed409
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2020-05-02 08:23:45
    MD5c1ab425977d467b64f437a6c5ad82b44
    SHA1ab4399647ebd16c02728c702534a30eb0b7ccbe7
    SHA2560f98492c92e35042b09032e3d9aedc357e4df94fc840217fa1091046f9248a06
    Authentihash MD55d9f62bffce7ee809a2eaf9ca717dd02
    Authentihash SHA1ba4f2cf927b7ff43e97f50691a494e11a0a469a9
    Authentihash SHA2562ac415873e0a8638f5154ac4c1713b6f0527119b59706df65a5b3ed73ece02a6
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409
    FieldValue
    ToBeSigned (TBS) MD5a637f8f3c278575f41cda67c2063c050
    ToBeSigned (TBS) SHA1debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
    ToBeSigned (TBS) SHA256f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2026-04-13 10:00:00
    Signature1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber751e3ee9c5dc2f3e8f04e59dee5ed409
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2017-12-18 17:16:07
    MD5c4a517a02ba9f6eac5cf06e3629cc076
    SHA140df7a55c200371853cc3fd3cc03b5ac932f5cd6
    SHA256ec96b15ce218f97ec1d8f07f13b052d274c4c8438f31daf246ccfaaee5e1bebd
    Authentihash MD52e081681b4d0312dc306f9cb9014d8a7
    Authentihash SHA14c5406a663664443c16374ab8e29bcd984a4ba47
    Authentihash SHA2568e1d02a67ad311f9e48d42813e6d208bda3e7e4da0d212d7b484a8454b41678c
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2019-07-20 14:57:32
    MD5d416494232c4197cb36a914df2e17677
    SHA1c42178977bd7bbefe084da0129ed808cb7266204
    SHA256b0a27ac1a8173413de13860d2b2e34cb6bc4d1149f94b62d319042e11d8b004c
    Authentihash MD58f336d1fbb353fd34fa196003f855db3
    Authentihash SHA174ead5c8d4b3428f6348f09fcd29bf97701812be
    Authentihash SHA25677280614edf2e476a853c7881a4ff1402d67d4dd3e218af657f44fd4d4fbdbcb
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2019-04-08 16:53:54
    MD5abc168fdca7169bf9dc40cec9761018d
    SHA189165bbb761d6742ac2a6f5efbffc80c17990bd8
    SHA256f6157e033a12520c73dcedf8e49cd42d103e5874c34d6527bb9de25a5d26e5ad
    Authentihash MD5428ace923d811b754b41a4108a862809
    Authentihash SHA15610d6f3c2d45ca61b501d343fc8acf3ae4ce2a8
    Authentihash SHA256028011ae3cd1d972b7c46fc8261f583d1fe5dedcef02ee63ee532b3668bfdc25
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2017-01-20 17:21:49
    MD577cfd3943cc34d9f5279c330cd8940bc
    SHA11048f641adf3988d882a159bf1332eeb6d6a7f09
    SHA2564af8192870afe18c77381dfaf8478f8914fa32906812bb53073da284a49ae4c7
    Authentihash MD55ec7174b07ff641f2f8e9d3d05528c81
    Authentihash SHA1c204693c32d015a5123b408390eb0cca0a4ea1ed
    Authentihash SHA2564d11419d2f1d6217481d12d3f3fcd13f693f7454f9fadcdeee72bdc0ce06c8e2
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2017-04-09 15:24:17
    MD5a37ed7663073319d02f2513575a22995
    SHA1005754dab657ddc6dae28eee313ca2cc6a0c375c
    SHA256a78c9871da09fab21aec9b88a4e880f81ecb1ed0fa941f31cc2f041067e8e972
    Authentihash MD5a100ac9683e98fca3ac42bf39b003cb0
    Authentihash SHA16b202f5986e6a47b2f2ca5cba5c61f0c4be9cf8e
    Authentihash SHA2561e0133cfe93c0e1cdd995b8668134bafcd35976c8f02400112668d91da7eb34a
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2020-05-18 16:48:26
    MD5d6a1dd7b2c06f058b408b3613c13d413
    SHA109375f13521fc0cacf2cf0a28b2a9248f71498d7
    SHA2562456a7921fa8ab7b9779e5665e6b42fccc019feb9e49a9a28a33ec0a4bb323c4
    Authentihash MD5931256ebd447cf1d01ad99dddc6f0c5e
    Authentihash SHA1322c7020b513df1b694be2d7be3b6b3ac2251639
    Authentihash SHA2560867af893422b7191e77907de58faf787d4763cc7e9a2a3a91c72f1995a9c3f3
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409
    FieldValue
    ToBeSigned (TBS) MD5a637f8f3c278575f41cda67c2063c050
    ToBeSigned (TBS) SHA1debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
    ToBeSigned (TBS) SHA256f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2026-04-13 10:00:00
    Signature1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber751e3ee9c5dc2f3e8f04e59dee5ed409
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2020-09-16 19:07:11
    MD5e37a08f516b8a7ca64163f5d9e68fe5a
    SHA1e730eb971ecb493b69de2308b6412836303f733a
    SHA25694c71954ac0b1fd9fa2bd5c506a16302100ba75d9f84f39ee9b333546c714601
    Authentihash MD50b1ae7891dd66b54b045f4015e98cb23
    Authentihash SHA11e4650f09fe5e378bcd186cc42dff679723c1534
    Authentihash SHA25663e9918f94a1ae5d71e8972f49bfbce13d8b1774b7237b022f182f03cc9ce715
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409
    FieldValue
    ToBeSigned (TBS) MD5a637f8f3c278575f41cda67c2063c050
    ToBeSigned (TBS) SHA1debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
    ToBeSigned (TBS) SHA256f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2026-04-13 10:00:00
    Signature1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber751e3ee9c5dc2f3e8f04e59dee5ed409
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2013-12-03 16:32:24
    MD5d5918d735a23f746f0e83f724c4f26e5
    SHA1607387cc90b93d58d6c9a432340261fde846b1d9
    SHA25630e083cd7616b1b969a92fd18cf03097735596cce7fcf3254b2ca344e526acc2
    Authentihash MD5c71dea7c26db633e2af7e3fc9ca4516c
    Authentihash SHA11ffad2d690442310d981d7dd8b2f37e95597822e
    Authentihash SHA256bf2ab728d27075bf2245ddc3257ad8df5179c8c4a449493ea995af9a979d6a2e
    RichPEHeaderHash MD59ef7d3e0d40381093233ad6158457c82
    RichPEHeaderHash SHA1de9692ae52b47eb6c3384d87c48ae5b8abec3472
    RichPEHeaderHash SHA25638e33f9063e4b5374496e628a2d0cc0858d3b9ce65fd320d40928b79a0fef5e9
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee152d7
    FieldValue
    ToBeSigned (TBS) MD5e140543fe3256027cfa79fc3c19c1776
    ToBeSigned (TBS) SHA1c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
    ToBeSigned (TBS) SHA2563ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2028-01-28 12:00:00
    Signature4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee152d7
    Version3
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 1121405c1f0ed258882be54d8686ba11ea45
    FieldValue
    ToBeSigned (TBS) MD5b95cbc184d388718612d5933f7b36770
    ToBeSigned (TBS) SHA1ff124c5d160710720108616ffee99bbe090ed363
    ToBeSigned (TBS) SHA25613027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
    SubjectC=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode , G1
    ValidFrom2013-08-23 00:00:00
    ValidTo2024-09-23 00:00:00
    Signature0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber1121405c1f0ed258882be54d8686ba11ea45
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • IofCompleteRequest
    • PsDereferencePrimaryToken
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • KeServiceDescriptorTable
    • MmGetSystemRoutineAddress
    • RtlInitUnicodeString
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • NtBuildNumber
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsProcessType
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2016-10-05 12:44:38
    MD532b67a6cd6dd998b9f563ed13d54a8bc
    SHA1acb8e45ebd1252313ece94198df47edf9294e7d3
    SHA256897f2bbe81fc3b1ae488114b93f3eb0133a85678d061c7a6f718507971f33736
    Authentihash MD5add099b0c47042a564bcd05951d11bb0
    Authentihash SHA137cdbacc289a5750701dd418f39d933f29e3c5d6
    Authentihash SHA25691e64a75caa5015cb1d874372e4fdfefa506de680a962fdd97b83206bdf1e27e
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2020-08-06 18:22:25
    MD519b15eeccab0752c6793f782ca665a45
    SHA1ac18c7847c32957abe8155bcbe71c1f35753b527
    SHA256569fe70bedd0df8585689b0e88ad8bd0544fdf88b9dbfc2076f4bdbcf89c28aa
    Authentihash MD52e4dfda0e2f4d7987914bbfb65851dbc
    Authentihash SHA1df5b27a1f2eacf4dc0f0c74cff377ffc4299fbcc
    Authentihash SHA25616b6a65d569ad3d0a1ff5aaf2374c28cebab4a289ffee42b79f7a48d5979b579
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409
    FieldValue
    ToBeSigned (TBS) MD5a637f8f3c278575f41cda67c2063c050
    ToBeSigned (TBS) SHA1debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
    ToBeSigned (TBS) SHA256f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2026-04-13 10:00:00
    Signature1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber751e3ee9c5dc2f3e8f04e59dee5ed409
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2019-04-14 17:18:06
    MD54e906fcb13e2793c98f47291fd69391b
    SHA1492e40b01a9a6cec593691db4838f20b3eaeacc5
    SHA25607beac65e28ee124f1da354293a3d6ad7250ed1ce29b8342acfd22252548a5af
    Authentihash MD5243674ce6fa37a4276281283eddf4ff8
    Authentihash SHA1f930d8984de2ce203b9bfd509cf8ae48a483245c
    Authentihash SHA25611dc70eb8864bc00b4b8e7c62a52c4602864e2ec717cc0606e1252b119c91085
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2019-07-20 14:57:09
    MD5bb5bda8889d8d27ef984dbd6ad82c946
    SHA1947c76c8c8ba969797f56afd1fa1d1c4a1e3ed25
    SHA256406b844f4b5c82caf26056c67f9815ad8ecf1e6e5b07d446b456e5ff4a1476f9
    Authentihash MD5846935ae07a68052a0bcc0f776d4c68f
    Authentihash SHA1d40b1915ba1a63afcaeb9bef9e318d624939f971
    Authentihash SHA2561f43d0680cecea2db04d2f2eff7ff37a13beec280e62b76b9dbdc38d0e225fca
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2015-08-25 03:30:50
    MD53b71eab204a5f7ed77811e41fed73105
    SHA16ae26bde7ec27bd0fa971de6c7500eee34ee9b51
    SHA2562faf95a3405578d0e613c8d88d534aa7233da0a6217ce8475890140ab8fb33c8
    Authentihash MD5fd56e10ef3039c2f905eeec90aa92e2f
    Authentihash SHA17a59fe7acd7abc6dcf89dd3db31d37ea0da458dc
    Authentihash SHA2560895a8fa3ee38bb38cb9fcd0183cf9466c7577eab746b3540bd0b2f282246dc6
    RichPEHeaderHash MD594bfa9368ea43c71afa29bad9fc60535
    RichPEHeaderHash SHA1d8e5ebd3ca141f00753a138144cd1319d755858b
    RichPEHeaderHash SHA2565c236619ead1fde5073ecb323d1c2701a7c522489118cee4ffb4ccf14efc355f
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • RtlCompareMemory
    • ObfDereferenceObject
    • IofCompleteRequest
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • RtlInitUnicodeString
    • MmGetSystemRoutineAddress
    • PsSetCreateProcessNotifyRoutine
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • KeBugCheck
    • _vsnwprintf
    • IoDeleteDevice
    • NtBuildNumber
    • ObOpenObjectByPointer
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2020-08-09 14:44:41
    MD501c2e4d8234258451083d6ce4e8910b7
    SHA130a80f560f18609c1123636a8a1a1ef567fa67a7
    SHA25610ad50fcb360dcab8539ea322aaf2270565dc835b7535790937348523d723d6b
    Authentihash MD57fe1115f2a03e8be8e8b37c19fc4f655
    Authentihash SHA162afdbf554f7c383c2e5bd502ad119e3d207bee9
    Authentihash SHA256d5f58cbce305cbd4397c1da5e1a51d78575c67616f6d9c7d764f87cda540fa62
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409
    FieldValue
    ToBeSigned (TBS) MD5a637f8f3c278575f41cda67c2063c050
    ToBeSigned (TBS) SHA1debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
    ToBeSigned (TBS) SHA256f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2026-04-13 10:00:00
    Signature1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber751e3ee9c5dc2f3e8f04e59dee5ed409
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2018-05-26 18:37:46
    MD572f53f55898548767e0276c472be41e8
    SHA18416ee8fd88c3d069fbba90e959507c69a0ee3e9
    SHA2568b30b2dc36d5e8f1ffc7281352923773fb821cdf66eb6516f82c697a524b599b
    Authentihash MD50917b8ea0d9d70b92cd391196b7f6ef7
    Authentihash SHA110f7ced8bc6e3d8726fbef18229b42880cf65bad
    Authentihash SHA256c005f1bcb549d76ab86390217ad6b3a2226ec74fd6f4595c0fd28b73102b1b99
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2018-04-23 17:21:28
    MD57d26985a5048bad57d9c223362f3d55c
    SHA19f27987c32321f8da099efc1dc60a73f8f629d3a
    SHA2567662187c236003308a7951c2f49c0768636c492f8935292d02f69e59b01d236d
    Authentihash MD548a22b033380a73fd1f58d9704fd93fc
    Authentihash SHA10e9efb3a9f4a93e1a2bb03d5814a9bbeb2257898
    Authentihash SHA2569b6d450b6e2b66e8356b9d8a354e8c3a96426b7f15adf2f2025dda13c01881a3
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2014-01-02 17:13:08
    MD54484f4007de2c3ee4581a2cff77ca3b4
    SHA140372b4de2db020ce2659e1de806d4338fd7ebef
    SHA256bcca03ce1dd040e67eb71a7be0b75576316f0b6587b2058786fda8b6f0a5adfd
    Authentihash MD500a7bf199ea8ddcd3598e68f4d186f78
    Authentihash SHA185d77e69eb9e42b44266746233e28d027e77345c
    Authentihash SHA25681237053f6eeaf659970e9e5e7abba00261ec2b850b1f5b195d0888f8ce66d6f
    RichPEHeaderHash MD563c6b4112622c2a9182cdd1d0d5235d7
    RichPEHeaderHash SHA13e48025a171d18c5839ab1e58b64dbc6483417d0
    RichPEHeaderHash SHA256ed34aa4b85d59a228c388a98cfa6395194fde9f005fc0bb1aa2ec852377d82f6
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee152d7
    FieldValue
    ToBeSigned (TBS) MD5e140543fe3256027cfa79fc3c19c1776
    ToBeSigned (TBS) SHA1c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
    ToBeSigned (TBS) SHA2563ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2028-01-28 12:00:00
    Signature4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee152d7
    Version3
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 1121405c1f0ed258882be54d8686ba11ea45
    FieldValue
    ToBeSigned (TBS) MD5b95cbc184d388718612d5933f7b36770
    ToBeSigned (TBS) SHA1ff124c5d160710720108616ffee99bbe090ed363
    ToBeSigned (TBS) SHA25613027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
    SubjectC=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode , G1
    ValidFrom2013-08-23 00:00:00
    ValidTo2024-09-23 00:00:00
    Signature0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber1121405c1f0ed258882be54d8686ba11ea45
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • IofCompleteRequest
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ZwUnloadKey
    • RtlInitUnicodeString
    • MmGetSystemRoutineAddress
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • KeBugCheck
    • _vsnwprintf
    • IoDeleteDevice
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2014-06-09 17:33:12
    MD55eb2c576597dd21a6b44557c237cf896
    SHA13533d0a54c7ccd83afd6be24f6582b30e4ca0aab
    SHA256087270d57f1626f29ba9c25750ca19838a869b73a1f71af50bdf37d6ff776212
    Authentihash MD5ae57b5e19b5c4a3f750425dc18f78452
    Authentihash SHA1f59c9783573dccbfe1efbfb6c939aeecbcb2928b
    Authentihash SHA256f2b0d70e2d55a5f69ddaac13460cfcd63746ac1c09f826772cca5b857dde240a
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • RtlCompareMemory
    • ObfDereferenceObject
    • IofCompleteRequest
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • RtlInitUnicodeString
    • MmGetSystemRoutineAddress
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • KeBugCheck
    • _vsnwprintf
    • IoDeleteDevice
    • NtBuildNumber
    • ObOpenObjectByPointer
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2018-03-17 17:21:22
    MD5c5fc3605194e033bdf3781ff2adaeb61
    SHA123f562f8d5650b2fb92382d228013f2e36e35d6c
    SHA25640556dd9b79b755cc0b48d3d024ceb15bd2c0e04960062ab2a85cd7d4d1b724a
    Authentihash MD5cbd8f153004048ba8bbf8782fb39be8b
    Authentihash SHA1ef8533f6066e6d4088631e9e265918ea076da73f
    Authentihash SHA256ae55720475ab1c67e39720954111b90e96a5ebf5d3b91277f4c225a228d8739a
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 6b326a0f0328d37a1d530bfd23bd48e2
    FieldValue
    ToBeSigned (TBS) MD5e556c75dbca00e43684d23c11c032d4a
    ToBeSigned (TBS) SHA150925e36ffd52e5b4d32689e9007b14a3a417168
    ToBeSigned (TBS) SHA256f7b6eeb3a567223000a61f68c53b458193557c17e5d512d2825bcb13e5fc9be5
    SubjectC=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Code Signing CA SHA2
    ValidFrom2015-10-29 11:30:29
    ValidTo2027-06-09 11:30:29
    Signatureaae53f7654024c700e29a93996060f31b70bf1a68b52fb108f4f425b8cbd312301669de829a14dc350faf7f8450e1d82d7fcfea6320473fd71eccc880fa39208c5815802fd0b693bcdb83f493dd08d1c1314682e9b0d9aadb019e29ed27c3977886f23fd7b84fc446db5ba6b7092556c94b1d837fda9591db463b2dc13cd788e2535c19a8f37842ed445cce3f5cc8d73a8e33a6de7959470579150b66def73724f2f028760e2ea22a1ed3efdd18b668d2e726d4fc65d35ee93a898d2676ae9da19cd0283f974fc5f7a1804281edd22333b766c47055dd552fe0eba76f38310c76e305fa760c7fa7427319b2883ed218a1bf1235284ed95bcad3aa5a342019dbc
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber6b326a0f0328d37a1d530bfd23bd48e2
    Version3
    Certificate 1519af351702ab2d86968d0be928f529
    FieldValue
    ToBeSigned (TBS) MD57227ed4392de49333e052f8f17c41f69
    ToBeSigned (TBS) SHA1e019d8060f65cc923dab50ea282fb8895c1c75f9
    ToBeSigned (TBS) SHA256eee437f4170a21f7de0e590620ff2a9412f89af95e87589d0e5a1cca17f61825
    SubjectC=FR, O=Open Source Developer, ST=Ile de France, CN=Open Source Developer, Benjamin Delpy, emailAddress=benjamin@gentilkiwi.com
    ValidFrom2017-12-04 09:50:34
    ValidTo2018-12-04 09:50:34
    Signaturea671cf049079a759f4c1fa73dd7f3b3b84da6480a91a3c1a9d6d3bb1313d6714d14272b477c37a86b88a686344dcfd89c8af3a34deaaa5bab970adfa66c5ff206b22ef1954ccbf6b96fdf0f99e9066557fefbb5ddc55aa2a2891181d1a27b06acb79380b618344bd202361fb0399a7e6e6ccbcfa714265fa054e373261efaf6b74bc7e4c7994bcb832d61b3c573d2ec8c3926afb60d4b63428112dd6249c2a49cfded8fa33893fb2d452b135ad57be1ff7956825861e1fd53dfbc0cef82045fd699ebeb74230abfbac20467f087f6e7e2b19f0f961ea2f015c2e54e653507f9966193658afc237778e12001f05e1c6e0ec13d9574718593a2f2484cff950e019
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber1519af351702ab2d86968d0be928f529
    Version3
    Certificate 613bc791000000000034
    FieldValue
    ToBeSigned (TBS) MD5f5f0d604dd56b0446f98fb67e98a76f8
    ToBeSigned (TBS) SHA1c749c146cc00030ff36ecf9b698e6a377bc15605
    ToBeSigned (TBS) SHA256df5dacc623d44348fff0bc8ebe2cedc8ba212e33c6f10d7fd608f37f92a2c273
    SubjectC=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
    ValidFrom2011-04-15 20:15:34
    ValidTo2021-04-15 20:25:34
    Signature419f12160eedee2491fe5d5f10a097a8749e0dccf3115163122a5bb95dc7afac5aa25c0002cb728e0d9225b6522653be3c77a2c28c8089d84118571ab8d05057c328e7fad044804e7e8933286f3a47ef5e231ef27afe3a2a19dead6b1a2847786e9bbfeb7367589a2719d8eb5c3d085860629d5914cf9e76b3cfd962af7b72ac80f9e015ab9c7a5c4b1c7083db7094117bd22a4c7734dc36cccd46d40b198c09f6610ade481c9b3fff0b43d7f1018061abda70cfa78444acb31cce2630f5ca5f696735836ea3888c0fb8939bd65b0615e64b7db950ab09e07b2beb4c1a6bba1cca791bc59f81bde443f02de195d5a166076ce6e5456e060bdbf5bc4395b88aa50555e59668ac1d31db3804bc1c3db61975d1b5802a821e385c4676256c4d8b7483544375e77bb395bfee13609e0ecdfbcaf73a2a52a0a625497a17193ae8941f2c8204035ea9513cef526f7b43ceda2b81b47fda1a2c6265d1ec2837823014319d15bdffacc88b256e41bd1f23741be3fcf94be2eb46e68151530ec94a84788deca8b80f8d4c7fe0f6b0d2c538b24f82c410fe87b88ec6b6b0f87c12a7b4834dfc1e8b6a5bf9d564793ed1e37e1af6c81e59db4dca605c577ea25877ecfa05260032a7f6ff134e98d86f5b434cb336e425bcd93b9f38e00ee9be81e6c91f0f022f8d3a1288a88e1bb1e776913e18de361228fef766557c5bd464487452c32189
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber613bc791000000000034
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2017-03-17 20:17:55
    MD5154b45f072fe844676e6970612fd39c7
    SHA1161bae224cf184ed6c09c77fae866d42412c6d25
    SHA2568684aec77b4c3cafc1a6594de7e95695fa698625d4206a6c4b201875f76a5b38
    Authentihash MD5fd585505c4b2b1af4c34a2ce77d512e6
    Authentihash SHA1f605c31d34752378a3fa7af3c9ea2a5d8f77abf8
    Authentihash SHA2566789e1a2e0d23528a91e49851bd95bceb6ffe9927f34b52a78ecc2b1d4bc13b8
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2014-01-08 19:55:13
    MD517509f0a98dc5c5d52c3f9ac1428a21b
    SHA1bbc8bd714c917bb1033f37e4808b4b002cd04166
    SHA256baf7fbc4743a81eb5e4511023692b2dfdc32ba670ba3e4ed8c09db7a19bd82d3
    Authentihash MD5b6c12d1f29ddfb6ec890716547cf2d73
    Authentihash SHA1a09ba29949130996281198fb44aef7a47ce105d7
    Authentihash SHA256db7a15aa5b85845831dcdcebf837b22cf43fa572dd9cb0bb0d264af519b8d406
    RichPEHeaderHash MD563c6b4112622c2a9182cdd1d0d5235d7
    RichPEHeaderHash SHA13e48025a171d18c5839ab1e58b64dbc6483417d0
    RichPEHeaderHash SHA256ed34aa4b85d59a228c388a98cfa6395194fde9f005fc0bb1aa2ec852377d82f6
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee152d7
    FieldValue
    ToBeSigned (TBS) MD5e140543fe3256027cfa79fc3c19c1776
    ToBeSigned (TBS) SHA1c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
    ToBeSigned (TBS) SHA2563ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2028-01-28 12:00:00
    Signature4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee152d7
    Version3
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 1121405c1f0ed258882be54d8686ba11ea45
    FieldValue
    ToBeSigned (TBS) MD5b95cbc184d388718612d5933f7b36770
    ToBeSigned (TBS) SHA1ff124c5d160710720108616ffee99bbe090ed363
    ToBeSigned (TBS) SHA25613027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
    SubjectC=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode , G1
    ValidFrom2013-08-23 00:00:00
    ValidTo2024-09-23 00:00:00
    Signature0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber1121405c1f0ed258882be54d8686ba11ea45
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • IofCompleteRequest
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ZwUnloadKey
    • RtlInitUnicodeString
    • MmGetSystemRoutineAddress
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • KeBugCheck
    • _vsnwprintf
    • IoDeleteDevice
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2017-12-03 13:13:32
    MD5754e21482baf18b8b0ed0f4be462ba03
    SHA1f6728821eddd14a21a9536e0f138c6d71cbd9307
    SHA25636c65aeb255c06898ffe32e301030e0b74c8bca6fe7be593584b8fdaacd4e475
    Authentihash MD56eb9ad2adbe534c4bd984792bafd7d40
    Authentihash SHA18e4ce688f1f6247b817e1c90c31e6496659f2551
    Authentihash SHA2568bec85d128eb0444f10fc89b95b2c6b84a8d0405cb0a6dbc30cff8ea4c0ca043
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2021-05-18 09:07:29
    MD51cd5e231064e03c596e819b6ff48daf9
    SHA1e514dfadbeb4d2305988c3281bf105d252dee3a7
    SHA256d37996abc8efb29f1ccbb4335ce9ba9158bec86cc4775f0177112e87e4e3be5c
    Authentihash MD5e6028245682168cc81b895bf28e87b4e
    Authentihash SHA16f5f42d443ce64ed70c2c17fe3f07da91e1aab0b
    Authentihash SHA2566e521e54a1e5a03abaae405b58a84758058f3fac5e8cd8a370f232c7dc7bb164
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409
    FieldValue
    ToBeSigned (TBS) MD5a637f8f3c278575f41cda67c2063c050
    ToBeSigned (TBS) SHA1debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
    ToBeSigned (TBS) SHA256f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2026-04-13 10:00:00
    Signature1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber751e3ee9c5dc2f3e8f04e59dee5ed409
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2020-05-18 16:48:54
    MD528102acca39ad0199f262ba9958be3f4
    SHA1beed6fb6a96996e9b016fa7f2cf7702a49c8f130
    SHA256aaf04d89fd15bc61265e545f8e1da80e20f59f90058ed343c62ee24358e3af9e
    Authentihash MD5d89425acef6e1ac239ee8b3c937b87cb
    Authentihash SHA1010113b420a09a502afc93ddebb8f9dce796bb48
    Authentihash SHA256a4d7e16649ce3c7ad9355e8d7418a4c234b3763e262f8ccfbda4bc64a402ed27
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409
    FieldValue
    ToBeSigned (TBS) MD5a637f8f3c278575f41cda67c2063c050
    ToBeSigned (TBS) SHA1debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
    ToBeSigned (TBS) SHA256f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2026-04-13 10:00:00
    Signature1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber751e3ee9c5dc2f3e8f04e59dee5ed409
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2019-05-12 17:34:58
    MD527384ec4c634701012a2962c30badad2
    SHA17d453dccb25bf36c411c92e2744c24f9b801225d
    SHA256c4f041de66ec8cc5ab4a03bbc46f99e073157a4e915a9ab4069162de834ffc5c
    Authentihash MD50acd0b319d16a5f8ca04cb46f549bacf
    Authentihash SHA1dd15f4ca159b4dffe6094af6b00174732c8c0463
    Authentihash SHA2565ffba52ea8bba7aeaf9fb32e1ba97b5bbd5c31739d594e722d9e89907dbb5cdd
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2014-01-05 17:23:52
    MD5cee36b5c6362993fa921435979bfbe4a
    SHA178fd06c82d3ba765c38bad8f48d1821a06280e39
    SHA256b169a5f643524d59330fafe6e3e328e2179fc5116ee6fae5d39581467d53ac03
    Authentihash MD5e044ca432fdc8ae1dafd1548ce4236f7
    Authentihash SHA1a2db837199644df18a514e7d9f069bce18eebc9b
    Authentihash SHA256770552bfc6598f165443da94ac0c6aca00f95a6a9a8e89713f9980730d9ee9c2
    RichPEHeaderHash MD563c6b4112622c2a9182cdd1d0d5235d7
    RichPEHeaderHash SHA13e48025a171d18c5839ab1e58b64dbc6483417d0
    RichPEHeaderHash SHA256ed34aa4b85d59a228c388a98cfa6395194fde9f005fc0bb1aa2ec852377d82f6
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee152d7
    FieldValue
    ToBeSigned (TBS) MD5e140543fe3256027cfa79fc3c19c1776
    ToBeSigned (TBS) SHA1c655f94eb1ecc93de319fc0c9a2dc6c5ec063728
    ToBeSigned (TBS) SHA2563ca71e85908ff67368e4dc00253f5691b9e6d50c966e7784143d75fb92aa3448
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign Timestamping CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2028-01-28 12:00:00
    Signature4e5e56901e46b4d94931f3bb1739281bc216ddfd41dc0905049b6fb2a29ad6992e40990055b5ea3fa52076d38634d417cc553ac782eeefa8babcd8069f1550dfcd167b523a02d7191afdaff0785ce04bc518df3a241edaacb8a95804020730dbb0125efe31bef00448f4f070f83a5e5683cf3dfb0dbcf4c5ed979db9d4dba52784e3389b8ba735864420a43b6da46a0ba183fd28ebdaef28f6cc885dfb0a3b00abe021ebe22f356c0f8e344597eba2f79933357ecb9a8abb454de73f9fc2d98afa65b26ec77e65ffe892e12c31a2f7b02736488f266f3bee4d761f79c3e57f9635bc2d0ecc01b08e7fff518080a792d4b34446648c874f166307314b63b0dff3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee152d7
    Version3
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 1121405c1f0ed258882be54d8686ba11ea45
    FieldValue
    ToBeSigned (TBS) MD5b95cbc184d388718612d5933f7b36770
    ToBeSigned (TBS) SHA1ff124c5d160710720108616ffee99bbe090ed363
    ToBeSigned (TBS) SHA25613027620255363f07bbf85ae7d0dc06c07d8b0f4368b12f983ee3f4fce605733
    SubjectC=SG, O=GMO GlobalSign Pte Ltd, CN=GlobalSign TSA for MS Authenticode , G1
    ValidFrom2013-08-23 00:00:00
    ValidTo2024-09-23 00:00:00
    Signature0231142e5857644185e8af12753c881cc35eec2ce9a13cf5baaa531db9d12963dc436786d439dadec6c9ffbe4585f4a4d7c151ea18ee40585ee67bcca241291338c8ea21169cce90a62efba6cad994df401df902182bbef65d4f9fff9a48dbc50509ca80cea0f9dc4bc323e6038fb4b4af5b71296191181a6b7af2fd0dd1cd7d5e98ebba705ee5f4ea43de353dc514818adb3e105ebb72faa1a093ab031cc1653c91138b045d2bc4b9161bcc55c50ce8abe743c9b28328a5531347ab3964b91cea3430b176009521f1d43da8fda00032d76e983ca69c3b0b83becbb8bb2a268c59b8b9aeaf26ace234a2dc210d810b3813f745a3e3dbc4aca16d1bb7e5615cd7
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber1121405c1f0ed258882be54d8686ba11ea45
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • IofCompleteRequest
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ZwUnloadKey
    • RtlInitUnicodeString
    • MmGetSystemRoutineAddress
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • KeBugCheck
    • _vsnwprintf
    • IoDeleteDevice
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2018-08-19 17:53:57
    MD526aedc10d4215ba997495d3a68355f4a
    SHA1dac68b8ee002d5bb61be3d59908a61a26efb7c09
    SHA256443c0ba980d4db9213b654a45248fd855855c1cc81d18812cae9d16729ff9a85
    Authentihash MD541fe68e2598cbb23aa596f1bd4e7fed5
    Authentihash SHA1cf9146f5b5bb803f5235a5748bdea5f979f1d348
    Authentihash SHA256931e4d6f7f04b122bc5bc6a61fb4e0186796623f4fc72d0c42ccfa886f1c5fb2
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2017-02-26 18:35:22
    MD580219fb6b5954c33e16bac5ecdac651b
    SHA1020580278d74d0fe741b0f786d8dca7554359997
    SHA256a42f4ae69b8755a957256b57eb3d319678eab81705f0ffea0d649ace7321108f
    Authentihash MD5ffd20b63526f607fef3166adc66b74c1
    Authentihash SHA133bd7996a2f2a9b08ea6f584af08356ea03dbaee
    Authentihash SHA2562c44c0464e5b01540ba573be7555b3fcbdb65c9f1193f9c1d02b04c70090d4ac
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2017-01-20 17:22:03
    MD505dd59bd4f175304480affd8f1305c37
    SHA1fcae2ea5990189f6f230b51e398e3000b71897f2
    SHA256469713c76c7a887826611b8c7180209a8bb6250f91d0f1eb84ac4d450ef15870
    Authentihash MD54a8ee19d43bae91e26013c808044a28d
    Authentihash SHA11aa1c735479fca1c1845c19497ef648c9200e450
    Authentihash SHA25667d4654d7e78e4d0761d8e200096935791d59acb2bf98106dafff449647c840f
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2017-02-26 18:35:38
    MD5cbd8d370462503508e44dba023bdf9bc
    SHA1ff3e19cd461ddf67529a765cbec9cb81d84dc7da
    SHA256c4c9c84b211899ceb0d18a839afa497537a7c7c01ab481965a09788a9e16590c
    Authentihash MD5a15fbc087bc936c1456483743d1442a0
    Authentihash SHA1c84b7bb35214a2eb2a7cdc722bcdc16b70a3bb72
    Authentihash SHA256c9cba07502b8a10034ddf75b35f4d6f2a24862cde5bff300720f5df04d4cfe6b
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2020-08-05 02:32:20
    MD5fb593b1f1f80d20fc7f4b818065c64b6
    SHA1e0b263f2d9c08f27c6edf5a25aa67a65c88692b0
    SHA256ee7b8eb150df2788bb9d5fe468327899d9f60d6731c379fd75143730a83b1c55
    Authentihash MD560526c634c51161cb26c25788cc1f754
    Authentihash SHA1c3af9f1b621ec0ec684383fd51441009114a7c3d
    Authentihash SHA25668ea8d1bfabf37920686a0814c0bf47cbc4527543716fd94c0d3f23382e15081
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409
    FieldValue
    ToBeSigned (TBS) MD5a637f8f3c278575f41cda67c2063c050
    ToBeSigned (TBS) SHA1debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
    ToBeSigned (TBS) SHA256f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2026-04-13 10:00:00
    Signature1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber751e3ee9c5dc2f3e8f04e59dee5ed409
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2016-10-24 18:25:06
    MD5ae338d91d1b05a72559b7f6ed717362d
    SHA1d6de8211dba7074d92b5830618176a3eb8eb6670
    SHA256ddf427ce55b36db522f638ba38e34cd7b96a04cb3c47849b91e7554bfd09a69a
    Authentihash MD51158fc2285d1ac1be5703fe36ea874fe
    Authentihash SHA1be6cc01ed5411c7f2e95ea007e2c09d28fb183c8
    Authentihash SHA2565e1c7bdb1fa71145a0704a5f00d894043a7754cb82d1d8213cb6a899bd767cab
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2020-03-08 06:32:09
    MD5f56db4eba3829c0918413b5c0b42f00f
    SHA19c36600c2640007d3410dea8017573a113374873
    SHA256e8ec06b1fa780f577ff0e8c713e0fd9688a48e0329c8188320f9eb62dfc0667f
    Authentihash MD506bd72b5eecfb76faa05351128fbefee
    Authentihash SHA114b5b696377d733c602cde2f8d0fa1809e17fc63
    Authentihash SHA256ba467c6edee7266721c220fbc84cb80c995d429052846865d869609602d6e48c
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409
    FieldValue
    ToBeSigned (TBS) MD5a637f8f3c278575f41cda67c2063c050
    ToBeSigned (TBS) SHA1debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
    ToBeSigned (TBS) SHA256f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2026-04-13 10:00:00
    Signature1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber751e3ee9c5dc2f3e8f04e59dee5ed409
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2018-05-01 16:26:26
    MD5e27b2486aa5c256b662812b465b6036c
    SHA16451522b1fb428e549976d0742df5034f8124b17
    SHA256e8743094f002239a8a9d6d7852c7852e0bb63cd411b007bd8c194bcba159ef15
    Authentihash MD51c12d5a009e2fd6ee42e9673806349e7
    Authentihash SHA145f1ec5d7153b72321d6a040026172a62618e9e7
    Authentihash SHA256edf05640ad7caa10756cc4163e926de74157da1d81b4d245b602a36f4c8cb4d0
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2017-01-20 17:22:03
    MD535e512f9bedc89dca5ce81f35820714c
    SHA1e841c8494b715b27b33be6f800ca290628507aba
    SHA25629348ebe12d872c5f40e316a0043f7e5babe583374487345a79bad0ba93fbdfe
    Authentihash MD50e71a90d0095278a48893d4068a3f1f8
    Authentihash SHA1f3019b52f343521d3e133106f692d467a5c86093
    Authentihash SHA256d9c3857d2959a3eff45eefe43d8ed1c23bd6908ae8a9a7e2e4e402bbf3e6d3ec
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2017-04-09 15:24:03
    MD5d13c1b76b4a1ca3ff5ab63678b51df6d
    SHA1465abe9634c199a5f80f8a4f77ec3118c0d69652
    SHA256618b15970671700188f4102e5d0638184e2723e8f57f7e917fa49792daebdadb
    Authentihash MD576e3258ee4cff03a0237ea6447ae1025
    Authentihash SHA1045af64ec7d1ac2b0114e165b678c4c812f56dd1
    Authentihash SHA256047e4158225af627382c412fa1f870479a238841341bc13e60312269feb14083
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2017-06-07 16:45:17
    MD565f800e1112864bf41eb815649f428d5
    SHA12480549ec8564cd37519a419ab2380cf3e8bab9e
    SHA25652f3905bbd97dcd2dbd22890e5e8413b9487088f1ee2fa828030a6a45b3975fd
    Authentihash MD521cc1cc1dba53e09f8dcef2d178b0993
    Authentihash SHA1ce242aadea5cd44d19308693e1f44b30dad41a0f
    Authentihash SHA25613999eb266b759e879816fdab640d59ef9e35e2ea61575810979d9eb22fdfd4d
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2019-05-12 17:00:04
    MD5a5bcaa2fc87b42e2e5d62a2e5dfcbc80
    SHA10a62c574603158d2d0c3be2a43c6bb0074ed297c
    SHA2568b32fc8b15363915605c127ccbf5cbe71778f8dfbf821a25455496e969a01434
    Authentihash MD56eedef4a3eab4a6990e8f65b144d8289
    Authentihash SHA129e4237767f1a886f45d0eef5910f126ebb9d28e
    Authentihash SHA256058c84860fb9fefd4c5cec57b6ef9f43146a6509b6894f2a27fb5a2dd16d578b
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2020-09-16 19:07:40
    MD5528ce5ce19eb34f401ef024de7ddf222
    SHA1221717a48ee8e2d19470579c987674f661869e17
    SHA2564d42678df3917c37f44a1506307f1677b9a689efcf350b1acce7e6f64b514905
    Authentihash MD5808907b8d815b6fb6f1f1c717451ad35
    Authentihash SHA17cd0b806ae09e408565814f7efe885abb4d977f1
    Authentihash SHA25694f4bcc9b062406ee7468659c1710d3e0cb057c7b7194e15cd72845082138019
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409
    FieldValue
    ToBeSigned (TBS) MD5a637f8f3c278575f41cda67c2063c050
    ToBeSigned (TBS) SHA1debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
    ToBeSigned (TBS) SHA256f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2026-04-13 10:00:00
    Signature1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber751e3ee9c5dc2f3e8f04e59dee5ed409
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2017-03-12 05:47:38
    MD54a27a2bdc6fbe39eeec6455fb1e0ef20
    SHA1fde0fff1c3e4c053148748504d4b9e0cc97f37ec
    SHA256c4fb31e3f24e40742a1b9855a2d67048fe64b26d8d2dbcec77d2d5deeded2bcc
    Authentihash MD5ac18951cc5192f08f3ba50187eef941e
    Authentihash SHA1092f12bf5a2d77c03411d7c377199ab47fe3f59b
    Authentihash SHA25630f9aca036adbcc15cace326e042ed3590f00045f66982afbf569d8fd9b6747b
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2019-05-12 17:00:34
    MD598d53f6b3bec0a3417a04fbb9e17fa06
    SHA1a0cefb5b55f7a7a145b549613e26b6805515a1ad
    SHA25631b66a57fae0cc28a6a236d72a35c8b6244f997e700f9464f9cbf800dbf8bee6
    Authentihash MD57c814e64b0a2b3541d7c9bb9d99edfbc
    Authentihash SHA183222199cc9661710e7d99fad9d690eb6b3fdbaf
    Authentihash SHA2564f5166322f578fb111b6f2af375052008a5263311890f85c3e4ebc9c0f85affa
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2018-03-25 13:01:09
    MD58b75047199825c8e62fdcc1c915db8bd
    SHA185076aa3bffb40339021286b73d72dd5a8e4396a
    SHA256d41e39215c2c1286e4cd3b1dc0948adefb161f22bc3a78756a027d41614ee4ff
    Authentihash MD5bab6f5a48952fb91e53fa1a59d8d8107
    Authentihash SHA1cba35561689cf4923bfb3fc5c8f1cbd445ee90fb
    Authentihash SHA256869f22f072f71abc741cf9d3b9cbc9020a2611286670c6e6d67cd240629518f6
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2020-08-05 02:32:43
    MD593496a436c5546156a69deb255a9fed0
    SHA10de86ec7d7f16a3680df89256548301eed970393
    SHA2564136f1eb11cc463a858393ea733d5f1c220a3187537626f7f5d63eccf7c5a03f
    Authentihash MD50991b6f38efda0c20966f68c2de98b53
    Authentihash SHA14682423da48820f26f188ae5b4aa12c3fbd2c290
    Authentihash SHA2568c87d5f1261a367493fd2f240ace027bef5b178cff3dea22d45e8fa2b0f0541e
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409
    FieldValue
    ToBeSigned (TBS) MD5a637f8f3c278575f41cda67c2063c050
    ToBeSigned (TBS) SHA1debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
    ToBeSigned (TBS) SHA256f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2026-04-13 10:00:00
    Signature1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber751e3ee9c5dc2f3e8f04e59dee5ed409
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2017-11-27 19:15:03
    MD55e9231e85cecfc6141e3644fda12a734
    SHA1599de57a5c05e27bb72c7b8a677e531d8e4bf8b5
    SHA25664d4370843a07e25d4ceb68816015efcaeca9429bb5bb692a88e615b48c7da96
    Authentihash MD570915af229fae80af7cb1cd93122fd7c
    Authentihash SHA128740c785f9634c582292650cb6ec8660424c0ba
    Authentihash SHA256002616bfe5bf3b13868d649d74ffe748317e3b0b33de8b9008683c906a0cae83
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2014-06-14 14:54:15
    MD5fe508caa54ffeb2285d9f00df547fe4a
    SHA1af42afda54d150810a60baa7987f9f09d49d1317
    SHA2564dc24fd07f8fb854e685bc540359c59f177de5b91231cc44d6231e33c9e932b1
    Authentihash MD5a776ebade70bf7e3d7c5e1db0ccddec9
    Authentihash SHA16b01aeeb1d0318fbb286e244d2c84c34af67b530
    Authentihash SHA2564b5206b5928e03929cca1eda3f12e6df14b31f80e8c16c1bb29109c072053b90
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • RtlCompareMemory
    • ObfDereferenceObject
    • IofCompleteRequest
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • RtlInitUnicodeString
    • MmGetSystemRoutineAddress
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • KeBugCheck
    • _vsnwprintf
    • IoDeleteDevice
    • NtBuildNumber
    • ObOpenObjectByPointer
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2017-02-25 18:17:02
    MD5e0cc9b415d884f85c45be145872892b8
    SHA17638c048af5beae44352764390deea597cc3e7b1
    SHA25626bea3b3ab2001d91202f289b7e41499d810474607db7a0893ceab74f5532f47
    Authentihash MD5c3766cd40f4ef52f59f3e9c8848a6dbe
    Authentihash SHA116cf0d8d085d3db18e202d657dfccd5022b389fb
    Authentihash SHA256612aa28d12aefd2af8565d4df6df9caa61b5fe8370fffb08933c03d558789e37
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2017-11-05 19:33:50
    MD587dc81ebe85f20c1a7970e495a778e60
    SHA107f78a47f447e4d8a72ad4bc6a26427b9577ec82
    SHA256822982c568b6f44b610f8dc4ab5d94795c33ae08a6a608050941264975c1ecdb
    Authentihash MD5be49be6ceb35f15a49b39f72a43bfc54
    Authentihash SHA1895e108e141e238fdeeef2ef11addb4962c48986
    Authentihash SHA25635d552d7603a26ea7ed111bd865cddaf7aa342481c89af7b2697beb25b99e829
    RichPEHeaderHash MD5c4873a245675b1071413f34af4d80050
    RichPEHeaderHash SHA1dd32c95fe9c3a8bcfa7623a732f2492214ff5881
    RichPEHeaderHash SHA2562673ca796c70fa90f1374f5b3699e6a168ef6168dbe7a95b9d9179fe8067d7af
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 0400000000012f4ee1355c
    FieldValue
    ToBeSigned (TBS) MD5f6a9e8eb8784f3f694b4e353c08a0ff5
    ToBeSigned (TBS) SHA1589a7d4df869395601ba7538a65afae8c4616385
    ToBeSigned (TBS) SHA256cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2019-04-13 10:00:00
    Signature225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0400000000012f4ee1355c
    Version3
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • NtBuildNumber
    • IofCompleteRequest
    • KeBugCheck
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsInitialSystemProcess
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • PsGetProcessImageFileName
    • PsGetProcessId
    • ZwClose
    • ZwSetInformationProcess
    • ZwDuplicateToken
    • ObOpenObjectByPointer
    • PsProcessType
    • RtlInitUnicodeString
    • PsReferencePrimaryToken
    • IoGetCurrentProcess
    • RtlCompareMemory
    • ZwOpenProcessTokenEx
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • IoFreeMdl
    • MmUnlockPages
    • MmProbeAndLockPages
    • IoAllocateMdl
    • memcpy
    • KeServiceDescriptorTable
    • IoEnumerateRegisteredFiltersList
    • KeTickCount
    • MmGetSystemRoutineAddress
    • IoDeleteSymbolicLink
    • IoDeleteDevice
    • memset
    • PsDereferencePrimaryToken
    • _vsnwprintf
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwind
    • KeBugCheckEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltGetVolumeFromInstance
    • FltObjectDereference
    • FltEnumerateFilters

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2020-08-09 14:45:11
    MD57108b0d4021af4c41de2c223319cd4c1
    SHA1e6966e360038be3b9d8c9b2582eba4e263796084
    SHA2563ca5d47d076e99c312578ef6499e1fa7b9db88551cfc0f138da11105aca7c5e1
    Authentihash MD5e370210d04ac9f5c57b8ca7f7eec6101
    Authentihash SHA10c37f01c0ef527deafc03b2dcd6516494690ee99
    Authentihash SHA256dc732dc22d0521fce33ed9c37359f702c985d2f35bc00209c3a4a076d6ff564d
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409
    FieldValue
    ToBeSigned (TBS) MD5a637f8f3c278575f41cda67c2063c050
    ToBeSigned (TBS) SHA1debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
    ToBeSigned (TBS) SHA256f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2026-04-13 10:00:00
    Signature1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber751e3ee9c5dc2f3e8f04e59dee5ed409
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610b7f6b000000000019
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • FLTMGR.SYS

    Imported Functions

    Expand
    • KeBugCheck
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoCreateDevice
    • PsProcessType
    • PsGetProcessImageFileName
    • PsLookupProcessByProcessId
    • PsReferencePrimaryToken
    • ZwOpenProcessTokenEx
    • IoGetCurrentProcess
    • ZwSetInformationProcess
    • ZwClose
    • ZwDuplicateToken
    • PsInitialSystemProcess
    • _vsnwprintf
    • ObfDereferenceObject
    • ObOpenObjectByPointer
    • PsGetProcessId
    • PsDereferencePrimaryToken
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • IoFreeMdl
    • MmProbeAndLockPages
    • MmUnlockPages
    • IoAllocateMdl
    • ZwUnloadKey
    • IoEnumerateRegisteredFiltersList
    • KeBugCheckEx
    • MmGetSystemRoutineAddress
    • IoDeleteDevice
    • RtlInitUnicodeString
    • NtBuildNumber
    • RtlCompareMemory
    • IoDeleteSymbolicLink
    • PsGetVersion
    • ExAllocatePoolWithQuotaTag
    • ZwQuerySystemInformation
    • RtlUnwindEx
    • FltGetFilterInformation
    • FltEnumerateInstances
    • FltEnumerateFilters
    • FltObjectDereference
    • FltGetVolumeFromInstance

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0400000000012f4ee1355c",
          "Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "TBS": {
            "MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
            "SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
            "SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
            "SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
          },
          "ValidFrom": "2011-04-13 10:00:00",
          "ValidTo": "2019-04-13 10:00:00",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=FR, CN=Benjamin Delpy",
          "TBS": {
            "MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
            "SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
            "SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
            "SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
          },
          "ValidFrom": "2011-06-28 09:46:16",
          "ValidTo": "2014-06-28 09:46:16",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "610b7f6b000000000019",
          "Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
          "TBS": {
            "MD5": "4798d55be7663a75649cda4dedc686ef",
            "SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
            "SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
            "SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
          },
          "ValidFrom": "2006-05-23 17:00:51",
          "ValidTo": "2016-05-23 17:10:51",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
          "SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2020-01-02 11:21:29
    MD57ebe606acd81abf1f8cb0767c974164b
    SHA10320534df24a37a245a0b09679a5adb27018fb5f
    SHA2564c89c907b7525b39409af1ad11cc7d2400263601edafc41c935715ef5bd145de
    Authentihash MD5e6fba20c6bbb9db76f7670964c004540
    Authentihash SHA1f6dba973bc3f6ae8abfd377bfa1ab7018895ebc0
    Authentihash SHA2560feb05a7cc11793d995c920779cffeae68afabc54ffa8d8c361e5ba44fa57c8e
    RichPEHeaderHash MD5d45d2640e1584c776a1d10e5f695d7ad
    RichPEHeaderHash SHA1fef88c261764494d9a145b37b7739f3454786729
    RichPEHeaderHash SHA256213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707
    Companygentilkiwi (Benjamin DELPY)
    Descriptionmimidrv for Windows (mimikatz)
    Productmimidrv (mimikatz)
    OriginalFilenamemimidrv.sys

    Download

    Certificates

    Expand
    Certificate 112169417a1c3ef46a301f99385f50680fa0
    FieldValue
    ToBeSigned (TBS) MD5ee0a53dda8301d1e78bd5487f1d49bf4
    ToBeSigned (TBS) SHA15538f8cd492c2ec8d581f3665d2b4217c86fa19a
    ToBeSigned (TBS) SHA256a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
    SubjectC=FR, CN=Benjamin Delpy
    ValidFrom2011-06-28 09:46:16
    ValidTo2014-06-28 09:46:16
    Signature7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber112169417a1c3ef46a301f99385f50680fa0
    Version3
    Certificate 751e3ee9c5dc2f3e8f04e59dee5ed409
    FieldValue
    ToBeSigned (TBS) MD5a637f8f3c278575f41cda67c2063c050
    ToBeSigned (TBS) SHA1debd0fdaef0c60f58c4b60d3b58ace611c9a5c43
    ToBeSigned (TBS) SHA256f6cae0b028995eb13b1c2cce5b5107384ab7c77279ae5560933e345061d99cc0
    SubjectC=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
    ValidFrom2011-04-13 10:00:00
    ValidTo2026-04-13 10:00:00
    Signature1e2e9fd69b54b405cefee51b1f7fc5a8888b88efb71586907960c6a85cf47ace95c3e2200f4dc558fc968afa3bdf3ba001dec95c5c3c549db3ce3495207db396241856f30229b5bcc8e6c038a68a23fcd652c212b75740c4bcab36642e5f234f34a5232bc55bfe980d43b751af7d7e6d175b31f638253562be56b3b4399c1a89538b45999ceb9f8aeac33d6346e4e8dbf71f5070a4a5eebc27050857ae7e05355a134aa2ddaa0259cca96f4dc6824016adc0a15d37478885bb53a3203911b4c8c44ff6b5a2a3100162418286e2906edbfd09628ac353d9054aa42483e83ba6b1129464a09a350e4cf59e18caaeccbfb56d2f29bb956a0364eeb6a80da5c53429
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber751e3ee9c5dc2f3e8f04e59dee5ed409
    Version3
    Certificate 610b7f6b000000000019
    FieldValue
    ToBeSigned (TBS) MD54798d55be7663a75649cda4dedc686ef
    ToBeSigned (TBS) SHA10f1ab2937b245d9466ea6f9bf056a5942e3989cf
    ToBeSigned (TBS) SHA256ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
    SubjectC=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
    ValidFrom2006-05-23 17:00:51
    ValidTo2016-05-23 17:10:51
    Signature13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c8