Description
Kernel driver seen in a recent CopperStealer campaign.
- UUID: 9c3c6e89-3916-498f-81e5-da057ab3ed42
- Created: 2023-04-22
- Author: Michael Haag
- Acknowledgement: |
Download
This download link contains the malicious driver!
Commands
sc.exe create windbg.sys binPath=C:\windows\temp\windbg.sys type=kernel && sc.exe start windbg.sys
| Use Case | Privileges | Operating System |
|---|
| Elevate privileges | kernel | Windows 10 |
Detections
Sigma 🛡️
Expand
Names
detects loading using name only
Hashes
detects loading using hashes only
Resources
https://www.proofpoint.com/us/blog/threat-insight/now-you-see-it-now-you-dont-copperstealer-performs-widespread-thefthttps://twitter.com/jaydinbas/status/1642898531445886978?s=20https://twitter.com/jaydinbas/status/1646475092006785027?s=20Known Vulnerable Samples
Download
Certificates
Expand
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 012eab44fa8853d913e7107c89406432
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 5d40693a8cfc4fd21f0c610ed3ee8477 |
| ToBeSigned (TBS) SHA1 | 4dffeb59ea4c32c7b87c9fe44d55f5e622444824 |
| ToBeSigned (TBS) SHA256 | d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74 |
| Subject | ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd. |
| ValidFrom | 2020-11-17 00:00:00 |
| ValidTo | 2023-11-12 23:59:59 |
| Signature | 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 012eab44fa8853d913e7107c89406432 |
| Version | 3 |
Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | f92649915476229b093c211c2b18e6c4 |
| ToBeSigned (TBS) SHA1 | 2d54c16a8f8b69ccdea48d0603c132f547a5cf75 |
| ToBeSigned (TBS) SHA256 | 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA |
| ValidFrom | 2012-04-18 12:00:00 |
| ValidTo | 2027-04-18 12:00:00 |
| Signature | 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 0dd0e3374ac95bdbfa6b434b2a48ec06 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- IoDeleteDevice
- IoDetachDevice
- memcpy
- memset
- ZwClose
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- ObOpenObjectByPointer
- PsProcessType
- PsLookupProcessByProcessId
- MmGetSystemRoutineAddress
- RtlInitUnicodeString
- IofCallDriver
- PsGetCurrentProcessId
- IoGetLowerDeviceObject
- ObfDereferenceObject
- IoGetAttachedDeviceReference
- IoUnregisterShutdownNotification
- KeDelayExecutionThread
- IoAttachDeviceToDeviceStackSafe
- IoCreateDevice
- IoEnumerateDeviceObjectList
- IoRegisterShutdownNotification
- IoUnregisterFsRegistrationChange
- IoRegisterFsRegistrationChange
- _vsnwprintf
- PsGetVersion
- ZwAllocateVirtualMemory
- MmUnmapLockedPages
- IoFreeMdl
- MmMapLockedPages
- MmBuildMdlForNonPagedPool
- MmCreateMdl
- ZwReadFile
- ZwQueryInformationFile
- IoCreateFile
- _wcsicmp
- _wcsnicmp
- RtlEqualUnicodeString
- ZwWriteFile
- ZwFlushKey
- ZwSetValueKey
- ZwQueryValueKey
- RtlRandom
- KeQuerySystemTime
- ZwDeleteKey
- ZwOpenKey
- ZwEnumerateKey
- IoFreeIrp
- KeSetEvent
- KeWaitForSingleObject
- KeGetCurrentThread
- KeInitializeEvent
- IoAllocateIrp
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- IoFileObjectType
- ObQueryNameString
- RtlCopyUnicodeString
- MmIsAddressValid
- PsGetProcessPeb
- RtlCreateUnicodeString
- ZwDeleteValueKey
- ZwCreateKey
- RtlFreeUnicodeString
- ZwDeleteFile
- PsRemoveLoadImageNotifyRoutine
- CmUnRegisterCallback
- PsSetLoadImageNotifyRoutine
- CmRegisterCallback
- ObReferenceObjectByName
- ZwFreeVirtualMemory
- ZwWaitForSingleObject
- KeUnstackDetachProcess
- KeStackAttachProcess
- ZwDuplicateObject
- PsGetProcessSessionId
- _strnicmp
- RtlSubAuthoritySid
- RtlSubAuthorityCountSid
- ZwQueryInformationToken
- ZwOpenProcessTokenEx
- PsTerminateSystemThread
- PsThreadType
- PsCreateSystemThread
- KeTickCount
- KeBugCheckEx
- _vsnprintf
- strncmp
- strchr
- strncpy
- strstr
- ExAllocatePool
- _stricmp
- rand
- ZwCreateFile
- IoBuildDeviceIoControlRequest
- MmProbeAndLockPages
- IoAllocateMdl
- _allshl
- RtlUnwind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
"TBS": {
"MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
"SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
"SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
"SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
},
"ValidFrom": "2020-11-17 00:00:00",
"ValidTo": "2023-11-12 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 33000000f3158ea57d1c559f290000000000f3
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8d4476692bcda36ed89244b94bd705f0 |
| ToBeSigned (TBS) SHA1 | ce72176d5cad611366e13a9a997ad7ecc7eb815f |
| ToBeSigned (TBS) SHA256 | dd1db9c0e7e50040ac6c586c1b6fd479cef240c064473373f75fbeb3e04ff972 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2023-01-12 19:14:51 |
| ValidTo | 2023-12-15 19:14:51 |
| Signature | 04d1261b735b38b551b427cf9a295d4eb18edd92de14079aa33a10511ee6d262938b29ae208f96be64a80e2967fb8d7aa5750613901a9da6a82935398175482096430c9acecb55ee2c5468d119f467378c18251a8fe01e9d7b79bce903ccb7afb227e2d0abee00bd9fd6bbbbd67c014888dc46f3efa912d4576f7ca9980957609cd21fbd51815cb11bee95fa780498d905e866bc1a604e407ee0d97a105bcc8e600200b19b9c3a56cb3918047f21ba9ee2228b46b8e5c8b456ba65e6f0c40d28294b654761660e9d14948866c3f0f65f028e47641059d3f195812e871362128bcefb901d5aeace862e3d683b291d65c138138ea1335fe3552f4c46a7f7b0c6e5 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000000f3158ea57d1c559f290000000000f3 |
| Version | 3 |
Certificate 610baac1000000000009
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a569061297e8e824767dbc3184a69bea |
| ToBeSigned (TBS) SHA1 | adbb26a587a8f44b4fccaecb306f980d1c55a150 |
| ToBeSigned (TBS) SHA256 | cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012 |
| ValidFrom | 2012-04-18 23:48:38 |
| ValidTo | 2027-04-18 23:58:38 |
| Signature | 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 610baac1000000000009 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- IoDeleteDevice
- IoDetachDevice
- memcpy
- memset
- ZwClose
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- ObOpenObjectByPointer
- PsProcessType
- PsLookupProcessByProcessId
- MmGetSystemRoutineAddress
- RtlInitUnicodeString
- IofCallDriver
- PsGetCurrentProcessId
- IoGetLowerDeviceObject
- ObfDereferenceObject
- IoGetAttachedDeviceReference
- IoUnregisterShutdownNotification
- KeDelayExecutionThread
- IoAttachDeviceToDeviceStackSafe
- IoCreateDevice
- IoEnumerateDeviceObjectList
- IoRegisterShutdownNotification
- IoUnregisterFsRegistrationChange
- IoRegisterFsRegistrationChange
- _vsnwprintf
- PsGetVersion
- ZwAllocateVirtualMemory
- MmUnmapLockedPages
- IoFreeMdl
- MmMapLockedPages
- MmBuildMdlForNonPagedPool
- MmCreateMdl
- ZwReadFile
- ZwQueryInformationFile
- IoCreateFile
- _wcsicmp
- _wcsnicmp
- RtlEqualUnicodeString
- ZwWriteFile
- ZwFlushKey
- ZwSetValueKey
- ZwQueryValueKey
- RtlRandom
- KeQuerySystemTime
- ZwDeleteKey
- ZwOpenKey
- ZwEnumerateKey
- IoFreeIrp
- KeSetEvent
- KeWaitForSingleObject
- KeGetCurrentThread
- KeInitializeEvent
- IoAllocateIrp
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- IoFileObjectType
- ObQueryNameString
- RtlCopyUnicodeString
- MmIsAddressValid
- PsGetProcessPeb
- RtlCreateUnicodeString
- ZwDeleteValueKey
- ZwCreateKey
- RtlFreeUnicodeString
- ZwDeleteFile
- PsRemoveLoadImageNotifyRoutine
- CmUnRegisterCallback
- PsSetLoadImageNotifyRoutine
- CmRegisterCallback
- ObReferenceObjectByName
- ZwFreeVirtualMemory
- ZwWaitForSingleObject
- KeUnstackDetachProcess
- KeStackAttachProcess
- ZwDuplicateObject
- PsGetProcessSessionId
- _strnicmp
- RtlSubAuthoritySid
- RtlSubAuthorityCountSid
- ZwQueryInformationToken
- ZwOpenProcessTokenEx
- PsTerminateSystemThread
- PsThreadType
- PsCreateSystemThread
- KeTickCount
- KeBugCheckEx
- _vsnprintf
- strncmp
- strchr
- strncpy
- strstr
- ExAllocatePool
- _stricmp
- rand
- ZwCreateFile
- IoBuildDeviceIoControlRequest
- MmProbeAndLockPages
- IoAllocateMdl
- _allshl
- RtlUnwind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
"TBS": {
"MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
"SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
"SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
"SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
},
"ValidFrom": "2020-11-17 00:00:00",
"ValidTo": "2023-11-12 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 33000000f5e8773b206b1ccd610000000000f5
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | bf6aed18e4c3fd6ac87330096df18117 |
| ToBeSigned (TBS) SHA1 | f96be504b875f1e63bf51eacc6768e4fdecddcc6 |
| ToBeSigned (TBS) SHA256 | 76c137a4dd29ebb1cb6a5d319d17e7049ad6d524f9de5d47c24c14b16a4f0720 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2023-01-12 19:14:52 |
| ValidTo | 2023-12-15 19:14:52 |
| Signature | 5548d9042f4a8d4776b5fccbacda2e58d5161fb7932287aa5da1c9afaca15c230908ed96adeb0f6a86dc3972a85de00fb4d4db0a52394116887998fd673f57a0520fa1e39806b348e555cfe5a419c501a0fbfbdb79e88d37656735fa6cd56d5c465fe3871f5157e357d73956d4586bd50508522be7e24d2357d7ab53e3ae46d2d168e52d0d15761eaab962c36ee0791cabd33869f11f9512772261cda6249f16f85772116cc0585975600e5fe949e1a2bb85820ddf901b9e48ee805aacd1c826a1304916e2180de5d3ecc2fc0375d3a877ab8a058dda7e05aa91727523e579d17ce0dce414612d9b638b1ff5ad74d654c5b7e638a3cca372c5f51db638794ed6 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000000f5e8773b206b1ccd610000000000f5 |
| Version | 3 |
Certificate 610baac1000000000009
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a569061297e8e824767dbc3184a69bea |
| ToBeSigned (TBS) SHA1 | adbb26a587a8f44b4fccaecb306f980d1c55a150 |
| ToBeSigned (TBS) SHA256 | cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012 |
| ValidFrom | 2012-04-18 23:48:38 |
| ValidTo | 2027-04-18 23:58:38 |
| Signature | 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 610baac1000000000009 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ExAllocatePoolWithTag
- PsProcessType
- IoGetLowerDeviceObject
- ExFreePoolWithTag
- IoRegisterShutdownNotification
- IoAttachDeviceToDeviceStackSafe
- PsLookupProcessByProcessId
- RtlInitUnicodeString
- IoDeleteDevice
- MmGetSystemRoutineAddress
- IoDetachDevice
- KeDelayExecutionThread
- IoUnregisterShutdownNotification
- ZwClose
- IoGetAttachedDeviceReference
- PsGetCurrentProcessId
- ObfDereferenceObject
- IoCreateDevice
- IoEnumerateDeviceObjectList
- IoUnregisterFsRegistrationChange
- ObOpenObjectByPointer
- IoRegisterFsRegistrationChange
- IofCallDriver
- MmUnmapLockedPages
- _wcsicmp
- PsGetProcessPeb
- ZwCreateKey
- RtlCreateUnicodeString
- MmMapLockedPages
- PsSetLoadImageNotifyRoutine
- _wcsnicmp
- ZwReadFile
- IoGetRelatedDeviceObject
- KeSetEvent
- IoCreateFile
- KeInitializeEvent
- ZwDeleteValueKey
- ZwSetValueKey
- RtlEqualUnicodeString
- MmBuildMdlForNonPagedPool
- IoFreeMdl
- RtlFreeUnicodeString
- ObQueryNameString
- IoFileObjectType
- ZwQueryValueKey
- _vsnwprintf
- RtlRandom
- ObReferenceObjectByHandle
- KeWaitForSingleObject
- PsRemoveLoadImageNotifyRoutine
- ZwFlushKey
- MmCreateMdl
- IoFreeIrp
- ZwDeleteFile
- PsGetVersion
- IoAllocateIrp
- CmRegisterCallback
- RtlCopyUnicodeString
- MmIsAddressValid
- CmUnRegisterCallback
- ZwQueryInformationFile
- ZwWriteFile
- ZwDeleteKey
- ZwEnumerateKey
- ZwAllocateVirtualMemory
- ZwOpenKey
- KeUnstackDetachProcess
- ZwWaitForSingleObject
- ZwFreeVirtualMemory
- PsGetProcessSessionId
- ZwDuplicateObject
- ObReferenceObjectByName
- KeStackAttachProcess
- RtlSubAuthoritySid
- _strnicmp
- ZwOpenProcessTokenEx
- PsCreateSystemThread
- PsTerminateSystemThread
- PsThreadType
- RtlSubAuthorityCountSid
- ZwQueryInformationToken
- KeBugCheckEx
- strncmp
- strstr
- strchr
- strncpy
- _vsnprintf
- rand
- _stricmp
- ExAllocatePool
- IoBuildDeviceIoControlRequest
- ZwCreateFile
- MmProbeAndLockPages
- IoAllocateMdl
- __C_specific_handler
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
"TBS": {
"MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
"SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
"SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
"SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
},
"ValidFrom": "2020-11-17 00:00:00",
"ValidTo": "2023-11-12 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 5f9e06262d2eed425c886a4709350426
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | e01323d4e9f20b9c042abdd9585d2d81 |
| ToBeSigned (TBS) SHA1 | d1fab71f563191354037fe0bb8bf73718c721e45 |
| ToBeSigned (TBS) SHA256 | 9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14 |
| Subject | C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd. |
| ValidFrom | 2014-05-06 00:00:00 |
| ValidTo | 2015-05-06 23:59:59 |
| Signature | 14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 5f9e06262d2eed425c886a4709350426 |
| Version | 3 |
Certificate 611993e400000000001c
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 78a717e082dcc1cda3458d917e677d14 |
| ToBeSigned (TBS) SHA1 | 4a872e0e51f9b304469cd1dedb496ee9b8b983a4 |
| ToBeSigned (TBS) SHA256 | 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8 |
| Subject | C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5 |
| ValidFrom | 2011-02-22 19:25:17 |
| ValidTo | 2021-02-22 19:35:17 |
| Signature | 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611993e400000000001c |
| Version | 3 |
Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | b30c31a572b0409383ed3fbe17e56e81 |
| ToBeSigned (TBS) SHA1 | 4843a82ed3b1f2bfbee9671960e1940c942f688d |
| ToBeSigned (TBS) SHA256 | 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9 |
| Subject | C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA |
| ValidFrom | 2010-02-08 00:00:00 |
| ValidTo | 2020-02-07 23:59:59 |
| Signature | 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 5200e5aa2556fc1a86ed96c9d44b33c7 |
| Version | 3 |
Certificate 300f6facdd6698747ca94636a7782db9
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 63499ed59a1293b786649470e4ce0bd7 |
| ToBeSigned (TBS) SHA1 | 7309d8eaa65da1f3da7030c08f00a3b0a20fa908 |
| ToBeSigned (TBS) SHA256 | 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937 |
| Subject | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA |
| ValidFrom | 2019-05-02 00:00:00 |
| ValidTo | 2038-01-18 23:59:59 |
| Signature | 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.12 |
| IsCertificateAuthority | True |
| SerialNumber | 300f6facdd6698747ca94636a7782db9 |
| Version | 3 |
Certificate 0090397f9ad24a3a13f2bd915f0838a943
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 26ec2c9bfcb06fdf8a6d95f2c616fd72 |
| ToBeSigned (TBS) SHA1 | 635466f1432046f6fd338624c068872ab6488b12 |
| ToBeSigned (TBS) SHA256 | 2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839 |
| Subject | C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3 |
| ValidFrom | 2022-05-11 00:00:00 |
| ValidTo | 2033-08-10 23:59:59 |
| Signature | 73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.12 |
| IsCertificateAuthority | False |
| SerialNumber | 0090397f9ad24a3a13f2bd915f0838a943 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ExAllocatePoolWithTag
- PsProcessType
- IoGetLowerDeviceObject
- ExFreePoolWithTag
- IoRegisterShutdownNotification
- IoAttachDeviceToDeviceStackSafe
- PsLookupProcessByProcessId
- RtlInitUnicodeString
- IoDeleteDevice
- MmGetSystemRoutineAddress
- IoDetachDevice
- KeDelayExecutionThread
- IoUnregisterShutdownNotification
- ZwClose
- IoGetAttachedDeviceReference
- PsGetCurrentProcessId
- ObfDereferenceObject
- IoCreateDevice
- IoEnumerateDeviceObjectList
- IoUnregisterFsRegistrationChange
- ObOpenObjectByPointer
- IoRegisterFsRegistrationChange
- IofCallDriver
- MmUnmapLockedPages
- _wcsicmp
- PsGetProcessPeb
- ZwCreateKey
- RtlCreateUnicodeString
- MmMapLockedPages
- PsSetLoadImageNotifyRoutine
- _wcsnicmp
- ZwReadFile
- IoCreateFile
- ZwDeleteValueKey
- ZwSetValueKey
- RtlEqualUnicodeString
- MmBuildMdlForNonPagedPool
- IoFreeMdl
- RtlFreeUnicodeString
- ObQueryNameString
- ZwQueryValueKey
- _vsnwprintf
- RtlRandom
- PsRemoveLoadImageNotifyRoutine
- ZwFlushKey
- MmCreateMdl
- ZwDeleteFile
- PsGetVersion
- CmRegisterCallback
- RtlCopyUnicodeString
- MmIsAddressValid
- CmUnRegisterCallback
- ZwQueryInformationFile
- ZwWriteFile
- ZwDeleteKey
- ZwEnumerateKey
- ZwAllocateVirtualMemory
- ZwOpenKey
- KeUnstackDetachProcess
- ZwWaitForSingleObject
- ZwFreeVirtualMemory
- PsGetProcessSessionId
- ZwDuplicateObject
- ObReferenceObjectByName
- KeStackAttachProcess
- RtlSubAuthoritySid
- _strnicmp
- KeSetEvent
- KeInitializeEvent
- ZwOpenProcessTokenEx
- PsCreateSystemThread
- PsTerminateSystemThread
- ObReferenceObjectByHandle
- KeWaitForSingleObject
- PsThreadType
- RtlSubAuthorityCountSid
- ZwQueryInformationToken
- KeBugCheckEx
- strncmp
- strstr
- strchr
- strncpy
- _vsnprintf
- rand
- _stricmp
- ExAllocatePool
- IoBuildDeviceIoControlRequest
- IoGetRelatedDeviceObject
- ZwCreateFile
- IoFreeIrp
- MmProbeAndLockPages
- IoAllocateMdl
- __C_specific_handler
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
"TBS": {
"MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
"SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
"SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
"SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
},
"ValidFrom": "2020-11-17 00:00:00",
"ValidTo": "2023-11-12 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 012eab44fa8853d913e7107c89406432
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 5d40693a8cfc4fd21f0c610ed3ee8477 |
| ToBeSigned (TBS) SHA1 | 4dffeb59ea4c32c7b87c9fe44d55f5e622444824 |
| ToBeSigned (TBS) SHA256 | d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74 |
| Subject | ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd. |
| ValidFrom | 2020-11-17 00:00:00 |
| ValidTo | 2023-11-12 23:59:59 |
| Signature | 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 012eab44fa8853d913e7107c89406432 |
| Version | 3 |
Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | f92649915476229b093c211c2b18e6c4 |
| ToBeSigned (TBS) SHA1 | 2d54c16a8f8b69ccdea48d0603c132f547a5cf75 |
| ToBeSigned (TBS) SHA256 | 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA |
| ValidFrom | 2012-04-18 12:00:00 |
| ValidTo | 2027-04-18 12:00:00 |
| Signature | 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 0dd0e3374ac95bdbfa6b434b2a48ec06 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- IoDeleteDevice
- IoDetachDevice
- memcpy
- memset
- ZwClose
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- ObOpenObjectByPointer
- PsProcessType
- PsLookupProcessByProcessId
- MmGetSystemRoutineAddress
- RtlInitUnicodeString
- IofCallDriver
- PsGetCurrentProcessId
- IoGetLowerDeviceObject
- ObfDereferenceObject
- IoGetAttachedDeviceReference
- IoUnregisterShutdownNotification
- KeDelayExecutionThread
- IoAttachDeviceToDeviceStackSafe
- IoCreateDevice
- IoEnumerateDeviceObjectList
- IoRegisterShutdownNotification
- IoUnregisterFsRegistrationChange
- IoRegisterFsRegistrationChange
- _vsnwprintf
- PsGetVersion
- ZwAllocateVirtualMemory
- MmUnmapLockedPages
- IoFreeMdl
- MmMapLockedPages
- MmBuildMdlForNonPagedPool
- MmCreateMdl
- ZwReadFile
- ZwQueryInformationFile
- IoCreateFile
- _wcsicmp
- _wcsnicmp
- RtlEqualUnicodeString
- ZwWriteFile
- ZwFlushKey
- ZwSetValueKey
- ZwQueryValueKey
- RtlRandom
- KeQuerySystemTime
- ZwDeleteKey
- ZwOpenKey
- ZwEnumerateKey
- IoFreeIrp
- KeSetEvent
- KeWaitForSingleObject
- KeGetCurrentThread
- KeInitializeEvent
- IoAllocateIrp
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- IoFileObjectType
- ObQueryNameString
- RtlCopyUnicodeString
- MmIsAddressValid
- PsGetProcessPeb
- RtlCreateUnicodeString
- ZwDeleteValueKey
- ZwCreateKey
- RtlFreeUnicodeString
- ZwDeleteFile
- PsRemoveLoadImageNotifyRoutine
- CmUnRegisterCallback
- PsSetLoadImageNotifyRoutine
- CmRegisterCallback
- ObReferenceObjectByName
- ZwFreeVirtualMemory
- ZwWaitForSingleObject
- KeUnstackDetachProcess
- KeStackAttachProcess
- ZwDuplicateObject
- PsGetProcessSessionId
- _strnicmp
- RtlSubAuthoritySid
- RtlSubAuthorityCountSid
- ZwQueryInformationToken
- ZwOpenProcessTokenEx
- PsTerminateSystemThread
- PsThreadType
- PsCreateSystemThread
- KeTickCount
- KeBugCheckEx
- _vsnprintf
- strncmp
- strchr
- strncpy
- strstr
- ExAllocatePool
- _stricmp
- rand
- ZwCreateFile
- IoBuildDeviceIoControlRequest
- MmProbeAndLockPages
- IoAllocateMdl
- _allshl
- RtlUnwind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
"TBS": {
"MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
"SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
"SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
"SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
},
"ValidFrom": "2020-11-17 00:00:00",
"ValidTo": "2023-11-12 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Imports
Expand
Imported Functions
Expand
- ExAllocatePoolWithTag
- PsProcessType
- IoGetLowerDeviceObject
- ExFreePoolWithTag
- IoRegisterShutdownNotification
- IoAttachDeviceToDeviceStackSafe
- PsLookupProcessByProcessId
- RtlInitUnicodeString
- IoDeleteDevice
- MmGetSystemRoutineAddress
- IoDetachDevice
- KeDelayExecutionThread
- IoUnregisterShutdownNotification
- ZwClose
- IoGetAttachedDeviceReference
- PsGetCurrentProcessId
- ObfDereferenceObject
- IoCreateDevice
- IoEnumerateDeviceObjectList
- IoUnregisterFsRegistrationChange
- ObOpenObjectByPointer
- IoRegisterFsRegistrationChange
- IofCallDriver
- MmUnmapLockedPages
- _wcsicmp
- PsGetProcessPeb
- ZwCreateKey
- RtlCreateUnicodeString
- MmMapLockedPages
- PsSetLoadImageNotifyRoutine
- _wcsnicmp
- ZwReadFile
- IoGetRelatedDeviceObject
- KeSetEvent
- IoCreateFile
- KeInitializeEvent
- ZwDeleteValueKey
- ZwSetValueKey
- RtlEqualUnicodeString
- MmBuildMdlForNonPagedPool
- IoFreeMdl
- RtlFreeUnicodeString
- ObQueryNameString
- IoFileObjectType
- ZwQueryValueKey
- _vsnwprintf
- RtlRandom
- ObReferenceObjectByHandle
- KeWaitForSingleObject
- PsRemoveLoadImageNotifyRoutine
- ZwFlushKey
- MmCreateMdl
- IoFreeIrp
- ZwDeleteFile
- PsGetVersion
- IoAllocateIrp
- CmRegisterCallback
- RtlCopyUnicodeString
- MmIsAddressValid
- CmUnRegisterCallback
- ZwQueryInformationFile
- ZwWriteFile
- ZwDeleteKey
- ZwEnumerateKey
- ZwAllocateVirtualMemory
- ZwOpenKey
- KeUnstackDetachProcess
- ZwWaitForSingleObject
- ZwFreeVirtualMemory
- PsGetProcessSessionId
- ZwDuplicateObject
- ObReferenceObjectByName
- KeStackAttachProcess
- RtlSubAuthoritySid
- _strnicmp
- ZwOpenProcessTokenEx
- PsCreateSystemThread
- PsTerminateSystemThread
- PsThreadType
- RtlSubAuthorityCountSid
- ZwQueryInformationToken
- KeBugCheckEx
- strncmp
- strstr
- strchr
- strncpy
- _vsnprintf
- rand
- _stricmp
- ExAllocatePool
- IoBuildDeviceIoControlRequest
- ZwCreateFile
- MmProbeAndLockPages
- IoAllocateMdl
- __C_specific_handler
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
"TBS": {
"MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
"SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
"SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
"SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
},
"ValidFrom": "2020-11-17 00:00:00",
"ValidTo": "2023-11-12 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 5d11784fb81765023f89a4f4243fe1a9
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | b5ff0da6f1d327dca52b08e9c7c8d439 |
| ToBeSigned (TBS) SHA1 | c7acfdfc234a3bb37535cbe2785d9202b4b0a10c |
| ToBeSigned (TBS) SHA256 | 80a8f0e8652dcea59596b4238f4c2d9f0212a25ea7434fde70a68a202b7ed0b1 |
| Subject | C=CN, ST=Shandong, L=Binzhou, O=Binzhoushi Yongyu Feed Co.,LTd., CN=Binzhoushi Yongyu Feed Co.,LTd. |
| ValidFrom | 2014-01-17 00:00:00 |
| ValidTo | 2016-01-17 23:59:59 |
| Signature | 565de91bd9b0bbefe729b5e1a4070c18ee9855ad678967425dd8f4284cdd54fd20affa0449eb2061c26c0720e6b64ee7323461482ad375a2223074f1d41c96b48249ef810d1dc390b89890e703a407c05c7f5d8670573f22dcf7aa210b6d35793423e62a015309d1b37bc59664c32778d78bda41c215a9db9f13c95d922b5d2c0a798b3a642f50cc1aa12db6a398ab2741ce185e65d24ecbcad0d2309cf28530ae4c2ab4207dd35168d612ba3974230fd8d6121f4a9bd47b8ccb5e431f56e7b7f31e879a0f905dc16d1b73f0aa3ef9aeef75a471c09d484c1f474f97fcae827f29cedbd9f022d3e14a1d7ed7792a62b581f58e5e74c5eae41a32b9cc1da2f889 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 5d11784fb81765023f89a4f4243fe1a9 |
| Version | 3 |
Certificate 47974d7873a5bcab0d2fb370192fce5e
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | e3a93dc2a8a8a668fdbb286bfe9afab5 |
| ToBeSigned (TBS) SHA1 | 95795d2aa2a554a423bc8c6e5b0a016d14887d35 |
| ToBeSigned (TBS) SHA256 | d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e |
| Subject | C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2 |
| ValidFrom | 2010-02-08 00:00:00 |
| ValidTo | 2020-02-07 23:59:59 |
| Signature | 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 47974d7873a5bcab0d2fb370192fce5e |
| Version | 3 |
Certificate 611fb0a400000000001d
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a3f222107d4e1085e73b5b589c2f480b |
| ToBeSigned (TBS) SHA1 | b94aa26cd77c48d91a53ac44506cbd255e1d362c |
| ToBeSigned (TBS) SHA256 | a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa |
| Subject | C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA |
| ValidFrom | 2011-02-22 19:31:57 |
| ValidTo | 2021-02-22 19:41:57 |
| Signature | 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611fb0a400000000001d |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ExAllocatePoolWithTag
- PsProcessType
- IoGetLowerDeviceObject
- ExFreePoolWithTag
- IoRegisterShutdownNotification
- IoAttachDeviceToDeviceStackSafe
- PsLookupProcessByProcessId
- RtlInitUnicodeString
- IoDeleteDevice
- MmGetSystemRoutineAddress
- IoDetachDevice
- KeDelayExecutionThread
- IoUnregisterShutdownNotification
- ZwClose
- IoGetAttachedDeviceReference
- PsGetCurrentProcessId
- ObfDereferenceObject
- IoCreateDevice
- IoEnumerateDeviceObjectList
- IoUnregisterFsRegistrationChange
- ObOpenObjectByPointer
- IoRegisterFsRegistrationChange
- IofCallDriver
- MmUnmapLockedPages
- _wcsicmp
- PsGetProcessPeb
- ZwCreateKey
- RtlCreateUnicodeString
- MmMapLockedPages
- PsSetLoadImageNotifyRoutine
- _wcsnicmp
- ZwReadFile
- IoCreateFile
- ZwDeleteValueKey
- ZwSetValueKey
- RtlEqualUnicodeString
- MmBuildMdlForNonPagedPool
- IoFreeMdl
- RtlFreeUnicodeString
- ObQueryNameString
- ZwQueryValueKey
- _vsnwprintf
- RtlRandom
- PsRemoveLoadImageNotifyRoutine
- ZwFlushKey
- MmCreateMdl
- ZwDeleteFile
- PsGetVersion
- CmRegisterCallback
- RtlCopyUnicodeString
- MmIsAddressValid
- CmUnRegisterCallback
- ZwQueryInformationFile
- ZwWriteFile
- ZwDeleteKey
- ZwEnumerateKey
- ZwAllocateVirtualMemory
- ZwOpenKey
- KeUnstackDetachProcess
- ZwWaitForSingleObject
- ZwFreeVirtualMemory
- PsGetProcessSessionId
- ZwDuplicateObject
- ObReferenceObjectByName
- KeStackAttachProcess
- RtlSubAuthoritySid
- _strnicmp
- KeSetEvent
- KeInitializeEvent
- ZwOpenProcessTokenEx
- PsCreateSystemThread
- PsTerminateSystemThread
- ObReferenceObjectByHandle
- KeWaitForSingleObject
- PsThreadType
- RtlSubAuthorityCountSid
- ZwQueryInformationToken
- KeBugCheckEx
- strncmp
- strstr
- strchr
- strncpy
- _vsnprintf
- rand
- _stricmp
- ExAllocatePool
- IoBuildDeviceIoControlRequest
- IoGetRelatedDeviceObject
- ZwCreateFile
- IoFreeIrp
- MmProbeAndLockPages
- IoAllocateMdl
- __C_specific_handler
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
"TBS": {
"MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
"SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
"SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
"SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
},
"ValidFrom": "2020-11-17 00:00:00",
"ValidTo": "2023-11-12 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 012eab44fa8853d913e7107c89406432
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 5d40693a8cfc4fd21f0c610ed3ee8477 |
| ToBeSigned (TBS) SHA1 | 4dffeb59ea4c32c7b87c9fe44d55f5e622444824 |
| ToBeSigned (TBS) SHA256 | d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74 |
| Subject | ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd. |
| ValidFrom | 2020-11-17 00:00:00 |
| ValidTo | 2023-11-12 23:59:59 |
| Signature | 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 012eab44fa8853d913e7107c89406432 |
| Version | 3 |
Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | f92649915476229b093c211c2b18e6c4 |
| ToBeSigned (TBS) SHA1 | 2d54c16a8f8b69ccdea48d0603c132f547a5cf75 |
| ToBeSigned (TBS) SHA256 | 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA |
| ValidFrom | 2012-04-18 12:00:00 |
| ValidTo | 2027-04-18 12:00:00 |
| Signature | 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 0dd0e3374ac95bdbfa6b434b2a48ec06 |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- ntoskrnl.exe
- HAL.dll
Imported Functions
Expand
- ExAllocatePoolWithTag
- ExAllocatePool
- NtQuerySystemInformation
- ExFreePoolWithTag
- IoAllocateMdl
- MmProbeAndLockPages
- MmMapLockedPagesSpecifyCache
- MmUnlockPages
- IoFreeMdl
- KeQueryActiveProcessors
- KeSetSystemAffinityThread
- KeRevertToUserAffinityThread
- DbgPrint
- KeQueryPerformanceCounter
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .%V,
- .vK6
- .ubd
- .reloc
- .rsrc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
"TBS": {
"MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
"SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
"SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
"SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
},
"ValidFrom": "2020-11-17 00:00:00",
"ValidTo": "2023-11-12 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 012eab44fa8853d913e7107c89406432
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 5d40693a8cfc4fd21f0c610ed3ee8477 |
| ToBeSigned (TBS) SHA1 | 4dffeb59ea4c32c7b87c9fe44d55f5e622444824 |
| ToBeSigned (TBS) SHA256 | d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74 |
| Subject | ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd. |
| ValidFrom | 2020-11-17 00:00:00 |
| ValidTo | 2023-11-12 23:59:59 |
| Signature | 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 012eab44fa8853d913e7107c89406432 |
| Version | 3 |
Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | f92649915476229b093c211c2b18e6c4 |
| ToBeSigned (TBS) SHA1 | 2d54c16a8f8b69ccdea48d0603c132f547a5cf75 |
| ToBeSigned (TBS) SHA256 | 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA |
| ValidFrom | 2012-04-18 12:00:00 |
| ValidTo | 2027-04-18 12:00:00 |
| Signature | 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 0dd0e3374ac95bdbfa6b434b2a48ec06 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ExAllocatePoolWithTag
- PsProcessType
- IoGetLowerDeviceObject
- ExFreePoolWithTag
- IoRegisterShutdownNotification
- IoAttachDeviceToDeviceStackSafe
- PsLookupProcessByProcessId
- RtlInitUnicodeString
- IoDeleteDevice
- MmGetSystemRoutineAddress
- IoDetachDevice
- KeDelayExecutionThread
- IoUnregisterShutdownNotification
- ZwClose
- IoGetAttachedDeviceReference
- PsGetCurrentProcessId
- ObfDereferenceObject
- IoCreateDevice
- IoEnumerateDeviceObjectList
- IoUnregisterFsRegistrationChange
- ObOpenObjectByPointer
- IoRegisterFsRegistrationChange
- IofCallDriver
- MmUnmapLockedPages
- _wcsicmp
- PsGetProcessPeb
- ZwCreateKey
- RtlCreateUnicodeString
- MmMapLockedPages
- PsSetLoadImageNotifyRoutine
- _wcsnicmp
- ZwReadFile
- IoGetRelatedDeviceObject
- KeSetEvent
- IoCreateFile
- KeInitializeEvent
- ZwDeleteValueKey
- ZwSetValueKey
- RtlEqualUnicodeString
- MmBuildMdlForNonPagedPool
- IoFreeMdl
- RtlFreeUnicodeString
- ObQueryNameString
- IoFileObjectType
- ZwQueryValueKey
- _vsnwprintf
- RtlRandom
- ObReferenceObjectByHandle
- KeWaitForSingleObject
- PsRemoveLoadImageNotifyRoutine
- ZwFlushKey
- MmCreateMdl
- IoFreeIrp
- ZwDeleteFile
- PsGetVersion
- IoAllocateIrp
- CmRegisterCallback
- RtlCopyUnicodeString
- MmIsAddressValid
- CmUnRegisterCallback
- ZwQueryInformationFile
- ZwWriteFile
- ZwDeleteKey
- ZwEnumerateKey
- ZwAllocateVirtualMemory
- ZwOpenKey
- KeUnstackDetachProcess
- ZwWaitForSingleObject
- ZwFreeVirtualMemory
- PsGetProcessSessionId
- ZwDuplicateObject
- ObReferenceObjectByName
- KeStackAttachProcess
- RtlSubAuthoritySid
- _strnicmp
- ZwOpenProcessTokenEx
- PsCreateSystemThread
- PsTerminateSystemThread
- PsThreadType
- RtlSubAuthorityCountSid
- ZwQueryInformationToken
- KeBugCheckEx
- strncmp
- strstr
- strchr
- strncpy
- _vsnprintf
- rand
- _stricmp
- ExAllocatePool
- IoBuildDeviceIoControlRequest
- ZwCreateFile
- MmProbeAndLockPages
- IoAllocateMdl
- __C_specific_handler
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
"TBS": {
"MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
"SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
"SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
"SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
},
"ValidFrom": "2020-11-17 00:00:00",
"ValidTo": "2023-11-12 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 012eab44fa8853d913e7107c89406432
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 5d40693a8cfc4fd21f0c610ed3ee8477 |
| ToBeSigned (TBS) SHA1 | 4dffeb59ea4c32c7b87c9fe44d55f5e622444824 |
| ToBeSigned (TBS) SHA256 | d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74 |
| Subject | ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd. |
| ValidFrom | 2020-11-17 00:00:00 |
| ValidTo | 2023-11-12 23:59:59 |
| Signature | 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 012eab44fa8853d913e7107c89406432 |
| Version | 3 |
Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | f92649915476229b093c211c2b18e6c4 |
| ToBeSigned (TBS) SHA1 | 2d54c16a8f8b69ccdea48d0603c132f547a5cf75 |
| ToBeSigned (TBS) SHA256 | 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA |
| ValidFrom | 2012-04-18 12:00:00 |
| ValidTo | 2027-04-18 12:00:00 |
| Signature | 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 0dd0e3374ac95bdbfa6b434b2a48ec06 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ExAllocatePoolWithTag
- PsProcessType
- IoGetLowerDeviceObject
- ExFreePoolWithTag
- IoRegisterShutdownNotification
- IoAttachDeviceToDeviceStackSafe
- PsLookupProcessByProcessId
- RtlInitUnicodeString
- IoDeleteDevice
- MmGetSystemRoutineAddress
- IoDetachDevice
- KeDelayExecutionThread
- IoUnregisterShutdownNotification
- ZwClose
- IoGetAttachedDeviceReference
- PsGetCurrentProcessId
- ObfDereferenceObject
- IoCreateDevice
- IoEnumerateDeviceObjectList
- IoUnregisterFsRegistrationChange
- ObOpenObjectByPointer
- IoRegisterFsRegistrationChange
- IofCallDriver
- MmUnmapLockedPages
- _wcsicmp
- PsGetProcessPeb
- ZwCreateKey
- RtlCreateUnicodeString
- MmMapLockedPages
- PsSetLoadImageNotifyRoutine
- _wcsnicmp
- ZwReadFile
- IoGetRelatedDeviceObject
- KeSetEvent
- IoCreateFile
- KeInitializeEvent
- ZwDeleteValueKey
- ZwSetValueKey
- RtlEqualUnicodeString
- MmBuildMdlForNonPagedPool
- IoFreeMdl
- RtlFreeUnicodeString
- ObQueryNameString
- IoFileObjectType
- ZwQueryValueKey
- _vsnwprintf
- RtlRandom
- ObReferenceObjectByHandle
- KeWaitForSingleObject
- PsRemoveLoadImageNotifyRoutine
- ZwFlushKey
- MmCreateMdl
- IoFreeIrp
- ZwDeleteFile
- PsGetVersion
- IoAllocateIrp
- CmRegisterCallback
- RtlCopyUnicodeString
- MmIsAddressValid
- CmUnRegisterCallback
- ZwQueryInformationFile
- ZwWriteFile
- ZwDeleteKey
- ZwEnumerateKey
- ZwAllocateVirtualMemory
- ZwOpenKey
- KeUnstackDetachProcess
- ZwWaitForSingleObject
- ZwFreeVirtualMemory
- PsGetProcessSessionId
- ZwDuplicateObject
- ObReferenceObjectByName
- KeStackAttachProcess
- RtlSubAuthoritySid
- _strnicmp
- ZwOpenProcessTokenEx
- PsCreateSystemThread
- PsTerminateSystemThread
- PsThreadType
- RtlSubAuthorityCountSid
- ZwQueryInformationToken
- KeBugCheckEx
- strncmp
- strstr
- strchr
- strncpy
- _vsnprintf
- rand
- _stricmp
- ExAllocatePool
- IoBuildDeviceIoControlRequest
- ZwCreateFile
- MmProbeAndLockPages
- IoAllocateMdl
- __C_specific_handler
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
"TBS": {
"MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
"SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
"SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
"SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
},
"ValidFrom": "2020-11-17 00:00:00",
"ValidTo": "2023-11-12 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 012eab44fa8853d913e7107c89406432
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 5d40693a8cfc4fd21f0c610ed3ee8477 |
| ToBeSigned (TBS) SHA1 | 4dffeb59ea4c32c7b87c9fe44d55f5e622444824 |
| ToBeSigned (TBS) SHA256 | d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74 |
| Subject | ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd. |
| ValidFrom | 2020-11-17 00:00:00 |
| ValidTo | 2023-11-12 23:59:59 |
| Signature | 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 012eab44fa8853d913e7107c89406432 |
| Version | 3 |
Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | f92649915476229b093c211c2b18e6c4 |
| ToBeSigned (TBS) SHA1 | 2d54c16a8f8b69ccdea48d0603c132f547a5cf75 |
| ToBeSigned (TBS) SHA256 | 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA |
| ValidFrom | 2012-04-18 12:00:00 |
| ValidTo | 2027-04-18 12:00:00 |
| Signature | 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 0dd0e3374ac95bdbfa6b434b2a48ec06 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ExAllocatePoolWithTag
- PsProcessType
- IoGetLowerDeviceObject
- ExFreePoolWithTag
- IoRegisterShutdownNotification
- IoAttachDeviceToDeviceStackSafe
- PsLookupProcessByProcessId
- RtlInitUnicodeString
- IoDeleteDevice
- MmGetSystemRoutineAddress
- IoDetachDevice
- KeDelayExecutionThread
- IoUnregisterShutdownNotification
- ZwClose
- IoGetAttachedDeviceReference
- PsGetCurrentProcessId
- ObfDereferenceObject
- IoCreateDevice
- IoEnumerateDeviceObjectList
- IoUnregisterFsRegistrationChange
- ObOpenObjectByPointer
- IoRegisterFsRegistrationChange
- IofCallDriver
- MmUnmapLockedPages
- _wcsicmp
- PsGetProcessPeb
- ZwCreateKey
- RtlCreateUnicodeString
- MmMapLockedPages
- PsSetLoadImageNotifyRoutine
- _wcsnicmp
- ZwReadFile
- IoGetRelatedDeviceObject
- KeSetEvent
- IoCreateFile
- KeInitializeEvent
- ZwDeleteValueKey
- ZwSetValueKey
- RtlEqualUnicodeString
- MmBuildMdlForNonPagedPool
- IoFreeMdl
- RtlFreeUnicodeString
- ObQueryNameString
- IoFileObjectType
- ZwQueryValueKey
- _vsnwprintf
- RtlRandom
- ObReferenceObjectByHandle
- KeWaitForSingleObject
- PsRemoveLoadImageNotifyRoutine
- ZwFlushKey
- MmCreateMdl
- IoFreeIrp
- ZwDeleteFile
- PsGetVersion
- IoAllocateIrp
- CmRegisterCallback
- RtlCopyUnicodeString
- MmIsAddressValid
- CmUnRegisterCallback
- ZwQueryInformationFile
- ZwWriteFile
- ZwDeleteKey
- ZwEnumerateKey
- ZwAllocateVirtualMemory
- ZwOpenKey
- KeUnstackDetachProcess
- ZwWaitForSingleObject
- ZwFreeVirtualMemory
- PsGetProcessSessionId
- ZwDuplicateObject
- ObReferenceObjectByName
- KeStackAttachProcess
- RtlSubAuthoritySid
- _strnicmp
- ZwOpenProcessTokenEx
- PsCreateSystemThread
- PsTerminateSystemThread
- PsThreadType
- RtlSubAuthorityCountSid
- ZwQueryInformationToken
- KeBugCheckEx
- strncmp
- strstr
- strchr
- strncpy
- _vsnprintf
- rand
- _stricmp
- ExAllocatePool
- IoBuildDeviceIoControlRequest
- ZwCreateFile
- MmProbeAndLockPages
- IoAllocateMdl
- __C_specific_handler
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
"TBS": {
"MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
"SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
"SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
"SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
},
"ValidFrom": "2020-11-17 00:00:00",
"ValidTo": "2023-11-12 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 33000000f5e8773b206b1ccd610000000000f5
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | bf6aed18e4c3fd6ac87330096df18117 |
| ToBeSigned (TBS) SHA1 | f96be504b875f1e63bf51eacc6768e4fdecddcc6 |
| ToBeSigned (TBS) SHA256 | 76c137a4dd29ebb1cb6a5d319d17e7049ad6d524f9de5d47c24c14b16a4f0720 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2023-01-12 19:14:52 |
| ValidTo | 2023-12-15 19:14:52 |
| Signature | 5548d9042f4a8d4776b5fccbacda2e58d5161fb7932287aa5da1c9afaca15c230908ed96adeb0f6a86dc3972a85de00fb4d4db0a52394116887998fd673f57a0520fa1e39806b348e555cfe5a419c501a0fbfbdb79e88d37656735fa6cd56d5c465fe3871f5157e357d73956d4586bd50508522be7e24d2357d7ab53e3ae46d2d168e52d0d15761eaab962c36ee0791cabd33869f11f9512772261cda6249f16f85772116cc0585975600e5fe949e1a2bb85820ddf901b9e48ee805aacd1c826a1304916e2180de5d3ecc2fc0375d3a877ab8a058dda7e05aa91727523e579d17ce0dce414612d9b638b1ff5ad74d654c5b7e638a3cca372c5f51db638794ed6 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000000f5e8773b206b1ccd610000000000f5 |
| Version | 3 |
Certificate 610baac1000000000009
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a569061297e8e824767dbc3184a69bea |
| ToBeSigned (TBS) SHA1 | adbb26a587a8f44b4fccaecb306f980d1c55a150 |
| ToBeSigned (TBS) SHA256 | cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012 |
| ValidFrom | 2012-04-18 23:48:38 |
| ValidTo | 2027-04-18 23:58:38 |
| Signature | 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 610baac1000000000009 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ExAllocatePoolWithTag
- PsProcessType
- IoGetLowerDeviceObject
- ExFreePoolWithTag
- IoRegisterShutdownNotification
- IoAttachDeviceToDeviceStackSafe
- PsLookupProcessByProcessId
- RtlInitUnicodeString
- IoDeleteDevice
- MmGetSystemRoutineAddress
- IoDetachDevice
- KeDelayExecutionThread
- IoUnregisterShutdownNotification
- ZwClose
- IoGetAttachedDeviceReference
- PsGetCurrentProcessId
- ObfDereferenceObject
- IoCreateDevice
- IoEnumerateDeviceObjectList
- IoUnregisterFsRegistrationChange
- ObOpenObjectByPointer
- IoRegisterFsRegistrationChange
- IofCallDriver
- MmUnmapLockedPages
- _wcsicmp
- PsGetProcessPeb
- ZwCreateKey
- RtlCreateUnicodeString
- MmMapLockedPages
- PsSetLoadImageNotifyRoutine
- _wcsnicmp
- ZwReadFile
- IoGetRelatedDeviceObject
- KeSetEvent
- IoCreateFile
- KeInitializeEvent
- ZwDeleteValueKey
- ZwSetValueKey
- RtlEqualUnicodeString
- MmBuildMdlForNonPagedPool
- IoFreeMdl
- RtlFreeUnicodeString
- ObQueryNameString
- IoFileObjectType
- ZwQueryValueKey
- _vsnwprintf
- RtlRandom
- ObReferenceObjectByHandle
- KeWaitForSingleObject
- PsRemoveLoadImageNotifyRoutine
- ZwFlushKey
- MmCreateMdl
- IoFreeIrp
- ZwDeleteFile
- PsGetVersion
- IoAllocateIrp
- CmRegisterCallback
- RtlCopyUnicodeString
- MmIsAddressValid
- CmUnRegisterCallback
- ZwQueryInformationFile
- ZwWriteFile
- ZwDeleteKey
- ZwEnumerateKey
- ZwAllocateVirtualMemory
- ZwOpenKey
- KeUnstackDetachProcess
- ZwWaitForSingleObject
- ZwFreeVirtualMemory
- PsGetProcessSessionId
- ZwDuplicateObject
- ObReferenceObjectByName
- KeStackAttachProcess
- RtlSubAuthoritySid
- _strnicmp
- ZwOpenProcessTokenEx
- PsCreateSystemThread
- PsTerminateSystemThread
- PsThreadType
- RtlSubAuthorityCountSid
- ZwQueryInformationToken
- KeBugCheckEx
- strncmp
- strstr
- strchr
- strncpy
- _vsnprintf
- rand
- _stricmp
- ExAllocatePool
- IoBuildDeviceIoControlRequest
- ZwCreateFile
- MmProbeAndLockPages
- IoAllocateMdl
- __C_specific_handler
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
"TBS": {
"MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
"SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
"SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
"SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
},
"ValidFrom": "2020-11-17 00:00:00",
"ValidTo": "2023-11-12 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 5f9e06262d2eed425c886a4709350426
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | e01323d4e9f20b9c042abdd9585d2d81 |
| ToBeSigned (TBS) SHA1 | d1fab71f563191354037fe0bb8bf73718c721e45 |
| ToBeSigned (TBS) SHA256 | 9db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14 |
| Subject | C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd. |
| ValidFrom | 2014-05-06 00:00:00 |
| ValidTo | 2015-05-06 23:59:59 |
| Signature | 14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 5f9e06262d2eed425c886a4709350426 |
| Version | 3 |
Certificate 611993e400000000001c
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 78a717e082dcc1cda3458d917e677d14 |
| ToBeSigned (TBS) SHA1 | 4a872e0e51f9b304469cd1dedb496ee9b8b983a4 |
| ToBeSigned (TBS) SHA256 | 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8 |
| Subject | C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5 |
| ValidFrom | 2011-02-22 19:25:17 |
| ValidTo | 2021-02-22 19:35:17 |
| Signature | 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611993e400000000001c |
| Version | 3 |
Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | b30c31a572b0409383ed3fbe17e56e81 |
| ToBeSigned (TBS) SHA1 | 4843a82ed3b1f2bfbee9671960e1940c942f688d |
| ToBeSigned (TBS) SHA256 | 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9 |
| Subject | C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA |
| ValidFrom | 2010-02-08 00:00:00 |
| ValidTo | 2020-02-07 23:59:59 |
| Signature | 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 5200e5aa2556fc1a86ed96c9d44b33c7 |
| Version | 3 |
Certificate 300f6facdd6698747ca94636a7782db9
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 63499ed59a1293b786649470e4ce0bd7 |
| ToBeSigned (TBS) SHA1 | 7309d8eaa65da1f3da7030c08f00a3b0a20fa908 |
| ToBeSigned (TBS) SHA256 | 8c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937 |
| Subject | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA |
| ValidFrom | 2019-05-02 00:00:00 |
| ValidTo | 2038-01-18 23:59:59 |
| Signature | 6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.12 |
| IsCertificateAuthority | True |
| SerialNumber | 300f6facdd6698747ca94636a7782db9 |
| Version | 3 |
Certificate 0090397f9ad24a3a13f2bd915f0838a943
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 26ec2c9bfcb06fdf8a6d95f2c616fd72 |
| ToBeSigned (TBS) SHA1 | 635466f1432046f6fd338624c068872ab6488b12 |
| ToBeSigned (TBS) SHA256 | 2219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839 |
| Subject | C=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3 |
| ValidFrom | 2022-05-11 00:00:00 |
| ValidTo | 2033-08-10 23:59:59 |
| Signature | 73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.12 |
| IsCertificateAuthority | False |
| SerialNumber | 0090397f9ad24a3a13f2bd915f0838a943 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- IoDeleteDevice
- IoDetachDevice
- memcpy
- memset
- ZwClose
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- ObOpenObjectByPointer
- PsProcessType
- PsLookupProcessByProcessId
- MmGetSystemRoutineAddress
- RtlInitUnicodeString
- IofCallDriver
- PsGetCurrentProcessId
- IoGetLowerDeviceObject
- ObfDereferenceObject
- IoGetAttachedDeviceReference
- IoUnregisterShutdownNotification
- KeDelayExecutionThread
- IoAttachDeviceToDeviceStackSafe
- IoCreateDevice
- IoEnumerateDeviceObjectList
- IoRegisterShutdownNotification
- IoUnregisterFsRegistrationChange
- IoRegisterFsRegistrationChange
- _vsnwprintf
- PsGetVersion
- ZwAllocateVirtualMemory
- MmUnmapLockedPages
- IoFreeMdl
- MmMapLockedPages
- MmBuildMdlForNonPagedPool
- MmCreateMdl
- ZwReadFile
- ZwQueryInformationFile
- IoCreateFile
- _wcsicmp
- _wcsnicmp
- RtlEqualUnicodeString
- ZwWriteFile
- ZwFlushKey
- ZwSetValueKey
- ZwQueryValueKey
- RtlRandom
- KeQuerySystemTime
- ZwDeleteKey
- ZwOpenKey
- ZwEnumerateKey
- ObQueryNameString
- RtlCopyUnicodeString
- MmIsAddressValid
- PsGetProcessPeb
- RtlCreateUnicodeString
- ZwDeleteValueKey
- ZwCreateKey
- RtlFreeUnicodeString
- ZwDeleteFile
- PsRemoveLoadImageNotifyRoutine
- CmUnRegisterCallback
- PsSetLoadImageNotifyRoutine
- CmRegisterCallback
- ObReferenceObjectByName
- ZwFreeVirtualMemory
- ZwWaitForSingleObject
- KeUnstackDetachProcess
- KeStackAttachProcess
- ZwDuplicateObject
- PsGetProcessSessionId
- _strnicmp
- RtlSubAuthoritySid
- RtlSubAuthorityCountSid
- ZwQueryInformationToken
- ZwOpenProcessTokenEx
- PsTerminateSystemThread
- KeWaitForSingleObject
- ObReferenceObjectByHandle
- PsThreadType
- PsCreateSystemThread
- KeInitializeEvent
- KeSetEvent
- KeTickCount
- KeBugCheckEx
- _vsnprintf
- strncmp
- strchr
- strncpy
- strstr
- ExAllocatePool
- _stricmp
- rand
- ZwCreateFile
- IoBuildDeviceIoControlRequest
- IoGetRelatedDeviceObject
- MmProbeAndLockPages
- IoFreeIrp
- IoAllocateMdl
- _allshl
- RtlUnwind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
"TBS": {
"MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
"SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
"SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
"SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
},
"ValidFrom": "2020-11-17 00:00:00",
"ValidTo": "2023-11-12 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 5d11784fb81765023f89a4f4243fe1a9
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | b5ff0da6f1d327dca52b08e9c7c8d439 |
| ToBeSigned (TBS) SHA1 | c7acfdfc234a3bb37535cbe2785d9202b4b0a10c |
| ToBeSigned (TBS) SHA256 | 80a8f0e8652dcea59596b4238f4c2d9f0212a25ea7434fde70a68a202b7ed0b1 |
| Subject | C=CN, ST=Shandong, L=Binzhou, O=Binzhoushi Yongyu Feed Co.,LTd., CN=Binzhoushi Yongyu Feed Co.,LTd. |
| ValidFrom | 2014-01-17 00:00:00 |
| ValidTo | 2016-01-17 23:59:59 |
| Signature | 565de91bd9b0bbefe729b5e1a4070c18ee9855ad678967425dd8f4284cdd54fd20affa0449eb2061c26c0720e6b64ee7323461482ad375a2223074f1d41c96b48249ef810d1dc390b89890e703a407c05c7f5d8670573f22dcf7aa210b6d35793423e62a015309d1b37bc59664c32778d78bda41c215a9db9f13c95d922b5d2c0a798b3a642f50cc1aa12db6a398ab2741ce185e65d24ecbcad0d2309cf28530ae4c2ab4207dd35168d612ba3974230fd8d6121f4a9bd47b8ccb5e431f56e7b7f31e879a0f905dc16d1b73f0aa3ef9aeef75a471c09d484c1f474f97fcae827f29cedbd9f022d3e14a1d7ed7792a62b581f58e5e74c5eae41a32b9cc1da2f889 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 5d11784fb81765023f89a4f4243fe1a9 |
| Version | 3 |
Certificate 47974d7873a5bcab0d2fb370192fce5e
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | e3a93dc2a8a8a668fdbb286bfe9afab5 |
| ToBeSigned (TBS) SHA1 | 95795d2aa2a554a423bc8c6e5b0a016d14887d35 |
| ToBeSigned (TBS) SHA256 | d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e |
| Subject | C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2 |
| ValidFrom | 2010-02-08 00:00:00 |
| ValidTo | 2020-02-07 23:59:59 |
| Signature | 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 47974d7873a5bcab0d2fb370192fce5e |
| Version | 3 |
Certificate 611fb0a400000000001d
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a3f222107d4e1085e73b5b589c2f480b |
| ToBeSigned (TBS) SHA1 | b94aa26cd77c48d91a53ac44506cbd255e1d362c |
| ToBeSigned (TBS) SHA256 | a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa |
| Subject | C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA |
| ValidFrom | 2011-02-22 19:31:57 |
| ValidTo | 2021-02-22 19:41:57 |
| Signature | 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611fb0a400000000001d |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- IoDeleteDevice
- IoDetachDevice
- memcpy
- memset
- ZwClose
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- ObOpenObjectByPointer
- PsProcessType
- PsLookupProcessByProcessId
- MmGetSystemRoutineAddress
- RtlInitUnicodeString
- IofCallDriver
- PsGetCurrentProcessId
- IoGetLowerDeviceObject
- ObfDereferenceObject
- IoGetAttachedDeviceReference
- IoUnregisterShutdownNotification
- KeDelayExecutionThread
- IoAttachDeviceToDeviceStackSafe
- IoCreateDevice
- IoEnumerateDeviceObjectList
- IoRegisterShutdownNotification
- IoUnregisterFsRegistrationChange
- IoRegisterFsRegistrationChange
- _vsnwprintf
- PsGetVersion
- ZwAllocateVirtualMemory
- MmUnmapLockedPages
- IoFreeMdl
- MmMapLockedPages
- MmBuildMdlForNonPagedPool
- MmCreateMdl
- ZwReadFile
- ZwQueryInformationFile
- IoCreateFile
- _wcsicmp
- _wcsnicmp
- RtlEqualUnicodeString
- ZwWriteFile
- ZwFlushKey
- ZwSetValueKey
- ZwQueryValueKey
- RtlRandom
- KeQuerySystemTime
- ZwDeleteKey
- ZwOpenKey
- ZwEnumerateKey
- ObQueryNameString
- RtlCopyUnicodeString
- MmIsAddressValid
- PsGetProcessPeb
- RtlCreateUnicodeString
- ZwDeleteValueKey
- ZwCreateKey
- RtlFreeUnicodeString
- ZwDeleteFile
- PsRemoveLoadImageNotifyRoutine
- CmUnRegisterCallback
- PsSetLoadImageNotifyRoutine
- CmRegisterCallback
- ObReferenceObjectByName
- ZwFreeVirtualMemory
- ZwWaitForSingleObject
- KeUnstackDetachProcess
- KeStackAttachProcess
- ZwDuplicateObject
- PsGetProcessSessionId
- _strnicmp
- RtlSubAuthoritySid
- RtlSubAuthorityCountSid
- ZwQueryInformationToken
- ZwOpenProcessTokenEx
- PsTerminateSystemThread
- KeWaitForSingleObject
- ObReferenceObjectByHandle
- PsThreadType
- PsCreateSystemThread
- KeInitializeEvent
- KeSetEvent
- KeTickCount
- KeBugCheckEx
- _vsnprintf
- strncmp
- strchr
- strncpy
- strstr
- ExAllocatePool
- _stricmp
- rand
- ZwCreateFile
- IoBuildDeviceIoControlRequest
- IoGetRelatedDeviceObject
- MmProbeAndLockPages
- IoFreeIrp
- IoAllocateMdl
- _allshl
- RtlUnwind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
"TBS": {
"MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
"SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
"SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
"SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
},
"ValidFrom": "2020-11-17 00:00:00",
"ValidTo": "2023-11-12 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 012eab44fa8853d913e7107c89406432
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 5d40693a8cfc4fd21f0c610ed3ee8477 |
| ToBeSigned (TBS) SHA1 | 4dffeb59ea4c32c7b87c9fe44d55f5e622444824 |
| ToBeSigned (TBS) SHA256 | d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74 |
| Subject | ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd. |
| ValidFrom | 2020-11-17 00:00:00 |
| ValidTo | 2023-11-12 23:59:59 |
| Signature | 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 012eab44fa8853d913e7107c89406432 |
| Version | 3 |
Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | f92649915476229b093c211c2b18e6c4 |
| ToBeSigned (TBS) SHA1 | 2d54c16a8f8b69ccdea48d0603c132f547a5cf75 |
| ToBeSigned (TBS) SHA256 | 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA |
| ValidFrom | 2012-04-18 12:00:00 |
| ValidTo | 2027-04-18 12:00:00 |
| Signature | 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 0dd0e3374ac95bdbfa6b434b2a48ec06 |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- ntoskrnl.exe
- HAL.dll
Imported Functions
Expand
- IoDeleteDevice
- ExAllocatePool
- NtQuerySystemInformation
- ExFreePoolWithTag
- IoAllocateMdl
- MmProbeAndLockPages
- MmMapLockedPagesSpecifyCache
- MmUnlockPages
- IoFreeMdl
- KeQueryActiveProcessors
- KeSetSystemAffinityThread
- KeRevertToUserAffinityThread
- DbgPrint
- _except_handler3
- KeQueryPerformanceCounter
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- INIT
- .!ah
- .ayl
- .a"#
- .reloc
- .rsrc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
"TBS": {
"MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
"SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
"SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
"SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
},
"ValidFrom": "2020-11-17 00:00:00",
"ValidTo": "2023-11-12 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 012eab44fa8853d913e7107c89406432
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 5d40693a8cfc4fd21f0c610ed3ee8477 |
| ToBeSigned (TBS) SHA1 | 4dffeb59ea4c32c7b87c9fe44d55f5e622444824 |
| ToBeSigned (TBS) SHA256 | d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74 |
| Subject | ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd. |
| ValidFrom | 2020-11-17 00:00:00 |
| ValidTo | 2023-11-12 23:59:59 |
| Signature | 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 012eab44fa8853d913e7107c89406432 |
| Version | 3 |
Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | f92649915476229b093c211c2b18e6c4 |
| ToBeSigned (TBS) SHA1 | 2d54c16a8f8b69ccdea48d0603c132f547a5cf75 |
| ToBeSigned (TBS) SHA256 | 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA |
| ValidFrom | 2012-04-18 12:00:00 |
| ValidTo | 2027-04-18 12:00:00 |
| Signature | 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 0dd0e3374ac95bdbfa6b434b2a48ec06 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- IoDeleteDevice
- IoDetachDevice
- memcpy
- memset
- ZwClose
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- ObOpenObjectByPointer
- PsProcessType
- PsLookupProcessByProcessId
- MmGetSystemRoutineAddress
- RtlInitUnicodeString
- IofCallDriver
- PsGetCurrentProcessId
- IoGetLowerDeviceObject
- ObfDereferenceObject
- IoGetAttachedDeviceReference
- IoUnregisterShutdownNotification
- KeDelayExecutionThread
- IoAttachDeviceToDeviceStackSafe
- IoCreateDevice
- IoEnumerateDeviceObjectList
- IoRegisterShutdownNotification
- IoUnregisterFsRegistrationChange
- IoRegisterFsRegistrationChange
- _vsnwprintf
- PsGetVersion
- ZwAllocateVirtualMemory
- MmUnmapLockedPages
- IoFreeMdl
- MmMapLockedPages
- MmBuildMdlForNonPagedPool
- MmCreateMdl
- ZwReadFile
- ZwQueryInformationFile
- IoCreateFile
- _wcsicmp
- _wcsnicmp
- RtlEqualUnicodeString
- ZwWriteFile
- ZwFlushKey
- ZwSetValueKey
- ZwQueryValueKey
- RtlRandom
- KeQuerySystemTime
- ZwDeleteKey
- ZwOpenKey
- ZwEnumerateKey
- IoFreeIrp
- KeSetEvent
- KeWaitForSingleObject
- KeGetCurrentThread
- KeInitializeEvent
- IoAllocateIrp
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- IoFileObjectType
- ObQueryNameString
- RtlCopyUnicodeString
- MmIsAddressValid
- PsGetProcessPeb
- RtlCreateUnicodeString
- ZwDeleteValueKey
- ZwCreateKey
- RtlFreeUnicodeString
- ZwDeleteFile
- PsRemoveLoadImageNotifyRoutine
- CmUnRegisterCallback
- PsSetLoadImageNotifyRoutine
- CmRegisterCallback
- ObReferenceObjectByName
- ZwFreeVirtualMemory
- ZwWaitForSingleObject
- KeUnstackDetachProcess
- KeStackAttachProcess
- ZwDuplicateObject
- PsGetProcessSessionId
- _strnicmp
- RtlSubAuthoritySid
- RtlSubAuthorityCountSid
- ZwQueryInformationToken
- ZwOpenProcessTokenEx
- PsTerminateSystemThread
- PsThreadType
- PsCreateSystemThread
- KeTickCount
- KeBugCheckEx
- _vsnprintf
- strncmp
- strchr
- strncpy
- strstr
- ExAllocatePool
- _stricmp
- rand
- ZwCreateFile
- IoBuildDeviceIoControlRequest
- MmProbeAndLockPages
- IoAllocateMdl
- _allshl
- RtlUnwind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
"TBS": {
"MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
"SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
"SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
"SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
},
"ValidFrom": "2020-11-17 00:00:00",
"ValidTo": "2023-11-12 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 012eab44fa8853d913e7107c89406432
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 5d40693a8cfc4fd21f0c610ed3ee8477 |
| ToBeSigned (TBS) SHA1 | 4dffeb59ea4c32c7b87c9fe44d55f5e622444824 |
| ToBeSigned (TBS) SHA256 | d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74 |
| Subject | ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd. |
| ValidFrom | 2020-11-17 00:00:00 |
| ValidTo | 2023-11-12 23:59:59 |
| Signature | 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 012eab44fa8853d913e7107c89406432 |
| Version | 3 |
Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | f92649915476229b093c211c2b18e6c4 |
| ToBeSigned (TBS) SHA1 | 2d54c16a8f8b69ccdea48d0603c132f547a5cf75 |
| ToBeSigned (TBS) SHA256 | 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA |
| ValidFrom | 2012-04-18 12:00:00 |
| ValidTo | 2027-04-18 12:00:00 |
| Signature | 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 0dd0e3374ac95bdbfa6b434b2a48ec06 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- IoDeleteDevice
- IoDetachDevice
- memcpy
- memset
- ZwClose
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- ObOpenObjectByPointer
- PsProcessType
- PsLookupProcessByProcessId
- MmGetSystemRoutineAddress
- RtlInitUnicodeString
- IofCallDriver
- PsGetCurrentProcessId
- IoGetLowerDeviceObject
- ObfDereferenceObject
- IoGetAttachedDeviceReference
- IoUnregisterShutdownNotification
- KeDelayExecutionThread
- IoAttachDeviceToDeviceStackSafe
- IoCreateDevice
- IoEnumerateDeviceObjectList
- IoRegisterShutdownNotification
- IoUnregisterFsRegistrationChange
- IoRegisterFsRegistrationChange
- _vsnwprintf
- PsGetVersion
- ZwAllocateVirtualMemory
- MmUnmapLockedPages
- IoFreeMdl
- MmMapLockedPages
- MmBuildMdlForNonPagedPool
- MmCreateMdl
- ZwReadFile
- ZwQueryInformationFile
- IoCreateFile
- _wcsicmp
- _wcsnicmp
- RtlEqualUnicodeString
- ZwWriteFile
- ZwFlushKey
- ZwSetValueKey
- ZwQueryValueKey
- RtlRandom
- KeQuerySystemTime
- ZwDeleteKey
- ZwOpenKey
- ZwEnumerateKey
- IoFreeIrp
- KeSetEvent
- KeWaitForSingleObject
- KeGetCurrentThread
- KeInitializeEvent
- IoAllocateIrp
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- IoFileObjectType
- ObQueryNameString
- RtlCopyUnicodeString
- MmIsAddressValid
- PsGetProcessPeb
- RtlCreateUnicodeString
- ZwDeleteValueKey
- ZwCreateKey
- RtlFreeUnicodeString
- ZwDeleteFile
- PsRemoveLoadImageNotifyRoutine
- CmUnRegisterCallback
- PsSetLoadImageNotifyRoutine
- CmRegisterCallback
- ObReferenceObjectByName
- ZwFreeVirtualMemory
- ZwWaitForSingleObject
- KeUnstackDetachProcess
- KeStackAttachProcess
- ZwDuplicateObject
- PsGetProcessSessionId
- _strnicmp
- RtlSubAuthoritySid
- RtlSubAuthorityCountSid
- ZwQueryInformationToken
- ZwOpenProcessTokenEx
- PsTerminateSystemThread
- PsThreadType
- PsCreateSystemThread
- KeTickCount
- KeBugCheckEx
- _vsnprintf
- strncmp
- strchr
- strncpy
- strstr
- ExAllocatePool
- _stricmp
- rand
- ZwCreateFile
- IoBuildDeviceIoControlRequest
- MmProbeAndLockPages
- IoAllocateMdl
- _allshl
- RtlUnwind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
"TBS": {
"MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
"SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
"SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
"SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
},
"ValidFrom": "2020-11-17 00:00:00",
"ValidTo": "2023-11-12 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 012eab44fa8853d913e7107c89406432
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 5d40693a8cfc4fd21f0c610ed3ee8477 |
| ToBeSigned (TBS) SHA1 | 4dffeb59ea4c32c7b87c9fe44d55f5e622444824 |
| ToBeSigned (TBS) SHA256 | d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74 |
| Subject | ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd. |
| ValidFrom | 2020-11-17 00:00:00 |
| ValidTo | 2023-11-12 23:59:59 |
| Signature | 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 012eab44fa8853d913e7107c89406432 |
| Version | 3 |
Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | f92649915476229b093c211c2b18e6c4 |
| ToBeSigned (TBS) SHA1 | 2d54c16a8f8b69ccdea48d0603c132f547a5cf75 |
| ToBeSigned (TBS) SHA256 | 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA |
| ValidFrom | 2012-04-18 12:00:00 |
| ValidTo | 2027-04-18 12:00:00 |
| Signature | 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 0dd0e3374ac95bdbfa6b434b2a48ec06 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- IoDeleteDevice
- IoDetachDevice
- memcpy
- memset
- ZwClose
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- ObOpenObjectByPointer
- PsProcessType
- PsLookupProcessByProcessId
- MmGetSystemRoutineAddress
- RtlInitUnicodeString
- IofCallDriver
- PsGetCurrentProcessId
- IoGetLowerDeviceObject
- ObfDereferenceObject
- IoGetAttachedDeviceReference
- IoUnregisterShutdownNotification
- KeDelayExecutionThread
- IoAttachDeviceToDeviceStackSafe
- IoCreateDevice
- IoEnumerateDeviceObjectList
- IoRegisterShutdownNotification
- IoUnregisterFsRegistrationChange
- IoRegisterFsRegistrationChange
- _vsnwprintf
- PsGetVersion
- ZwAllocateVirtualMemory
- MmUnmapLockedPages
- IoFreeMdl
- MmMapLockedPages
- MmBuildMdlForNonPagedPool
- MmCreateMdl
- ZwReadFile
- ZwQueryInformationFile
- IoCreateFile
- _wcsicmp
- _wcsnicmp
- RtlEqualUnicodeString
- ZwWriteFile
- ZwFlushKey
- ZwSetValueKey
- ZwQueryValueKey
- RtlRandom
- KeQuerySystemTime
- ZwDeleteKey
- ZwOpenKey
- ZwEnumerateKey
- IoFreeIrp
- KeSetEvent
- KeWaitForSingleObject
- KeGetCurrentThread
- KeInitializeEvent
- IoAllocateIrp
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- IoFileObjectType
- ObQueryNameString
- RtlCopyUnicodeString
- MmIsAddressValid
- PsGetProcessPeb
- RtlCreateUnicodeString
- ZwDeleteValueKey
- ZwCreateKey
- RtlFreeUnicodeString
- ZwDeleteFile
- PsRemoveLoadImageNotifyRoutine
- CmUnRegisterCallback
- PsSetLoadImageNotifyRoutine
- CmRegisterCallback
- ObReferenceObjectByName
- ZwFreeVirtualMemory
- ZwWaitForSingleObject
- KeUnstackDetachProcess
- KeStackAttachProcess
- ZwDuplicateObject
- PsGetProcessSessionId
- _strnicmp
- RtlSubAuthoritySid
- RtlSubAuthorityCountSid
- ZwQueryInformationToken
- ZwOpenProcessTokenEx
- PsTerminateSystemThread
- PsThreadType
- PsCreateSystemThread
- KeTickCount
- KeBugCheckEx
- _vsnprintf
- strncmp
- strchr
- strncpy
- strstr
- ExAllocatePool
- _stricmp
- rand
- ZwCreateFile
- IoBuildDeviceIoControlRequest
- MmProbeAndLockPages
- IoAllocateMdl
- _allshl
- RtlUnwind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
"TBS": {
"MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
"SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
"SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
"SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
},
"ValidFrom": "2020-11-17 00:00:00",
"ValidTo": "2023-11-12 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 33000000f3158ea57d1c559f290000000000f3
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8d4476692bcda36ed89244b94bd705f0 |
| ToBeSigned (TBS) SHA1 | ce72176d5cad611366e13a9a997ad7ecc7eb815f |
| ToBeSigned (TBS) SHA256 | dd1db9c0e7e50040ac6c586c1b6fd479cef240c064473373f75fbeb3e04ff972 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2023-01-12 19:14:51 |
| ValidTo | 2023-12-15 19:14:51 |
| Signature | 04d1261b735b38b551b427cf9a295d4eb18edd92de14079aa33a10511ee6d262938b29ae208f96be64a80e2967fb8d7aa5750613901a9da6a82935398175482096430c9acecb55ee2c5468d119f467378c18251a8fe01e9d7b79bce903ccb7afb227e2d0abee00bd9fd6bbbbd67c014888dc46f3efa912d4576f7ca9980957609cd21fbd51815cb11bee95fa780498d905e866bc1a604e407ee0d97a105bcc8e600200b19b9c3a56cb3918047f21ba9ee2228b46b8e5c8b456ba65e6f0c40d28294b654761660e9d14948866c3f0f65f028e47641059d3f195812e871362128bcefb901d5aeace862e3d683b291d65c138138ea1335fe3552f4c46a7f7b0c6e5 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000000f3158ea57d1c559f290000000000f3 |
| Version | 3 |
Certificate 610baac1000000000009
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a569061297e8e824767dbc3184a69bea |
| ToBeSigned (TBS) SHA1 | adbb26a587a8f44b4fccaecb306f980d1c55a150 |
| ToBeSigned (TBS) SHA256 | cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012 |
| ValidFrom | 2012-04-18 23:48:38 |
| ValidTo | 2027-04-18 23:58:38 |
| Signature | 5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 610baac1000000000009 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- IoDeleteDevice
- IoDetachDevice
- memcpy
- memset
- ZwClose
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- ObOpenObjectByPointer
- PsProcessType
- PsLookupProcessByProcessId
- MmGetSystemRoutineAddress
- RtlInitUnicodeString
- IofCallDriver
- PsGetCurrentProcessId
- IoGetLowerDeviceObject
- ObfDereferenceObject
- IoGetAttachedDeviceReference
- IoUnregisterShutdownNotification
- KeDelayExecutionThread
- IoAttachDeviceToDeviceStackSafe
- IoCreateDevice
- IoEnumerateDeviceObjectList
- IoRegisterShutdownNotification
- IoUnregisterFsRegistrationChange
- IoRegisterFsRegistrationChange
- _vsnwprintf
- PsGetVersion
- ZwAllocateVirtualMemory
- MmUnmapLockedPages
- IoFreeMdl
- MmMapLockedPages
- MmBuildMdlForNonPagedPool
- MmCreateMdl
- ZwReadFile
- ZwQueryInformationFile
- IoCreateFile
- _wcsicmp
- _wcsnicmp
- RtlEqualUnicodeString
- ZwWriteFile
- ZwFlushKey
- ZwSetValueKey
- ZwQueryValueKey
- RtlRandom
- KeQuerySystemTime
- ZwDeleteKey
- ZwOpenKey
- ZwEnumerateKey
- IoFreeIrp
- KeSetEvent
- KeWaitForSingleObject
- KeGetCurrentThread
- KeInitializeEvent
- IoAllocateIrp
- IoGetRelatedDeviceObject
- ObReferenceObjectByHandle
- IoFileObjectType
- ObQueryNameString
- RtlCopyUnicodeString
- MmIsAddressValid
- PsGetProcessPeb
- RtlCreateUnicodeString
- ZwDeleteValueKey
- ZwCreateKey
- RtlFreeUnicodeString
- ZwDeleteFile
- PsRemoveLoadImageNotifyRoutine
- CmUnRegisterCallback
- PsSetLoadImageNotifyRoutine
- CmRegisterCallback
- ObReferenceObjectByName
- ZwFreeVirtualMemory
- ZwWaitForSingleObject
- KeUnstackDetachProcess
- KeStackAttachProcess
- ZwDuplicateObject
- PsGetProcessSessionId
- _strnicmp
- RtlSubAuthoritySid
- RtlSubAuthorityCountSid
- ZwQueryInformationToken
- ZwOpenProcessTokenEx
- PsTerminateSystemThread
- PsThreadType
- PsCreateSystemThread
- KeTickCount
- KeBugCheckEx
- _vsnprintf
- strncmp
- strchr
- strncpy
- strstr
- ExAllocatePool
- _stricmp
- rand
- ZwCreateFile
- IoBuildDeviceIoControlRequest
- MmProbeAndLockPages
- IoAllocateMdl
- _allshl
- RtlUnwind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
"TBS": {
"MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
"SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
"SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
"SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
},
"ValidFrom": "2020-11-17 00:00:00",
"ValidTo": "2023-11-12 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 012eab44fa8853d913e7107c89406432
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 5d40693a8cfc4fd21f0c610ed3ee8477 |
| ToBeSigned (TBS) SHA1 | 4dffeb59ea4c32c7b87c9fe44d55f5e622444824 |
| ToBeSigned (TBS) SHA256 | d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74 |
| Subject | ??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd. |
| ValidFrom | 2020-11-17 00:00:00 |
| ValidTo | 2023-11-12 23:59:59 |
| Signature | 9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 012eab44fa8853d913e7107c89406432 |
| Version | 3 |
Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | f92649915476229b093c211c2b18e6c4 |
| ToBeSigned (TBS) SHA1 | 2d54c16a8f8b69ccdea48d0603c132f547a5cf75 |
| ToBeSigned (TBS) SHA256 | 2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA |
| ValidFrom | 2012-04-18 12:00:00 |
| ValidTo | 2027-04-18 12:00:00 |
| Signature | 9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 0dd0e3374ac95bdbfa6b434b2a48ec06 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ExAllocatePoolWithTag
- PsProcessType
- IoGetLowerDeviceObject
- ExFreePoolWithTag
- IoRegisterShutdownNotification
- IoAttachDeviceToDeviceStackSafe
- PsLookupProcessByProcessId
- RtlInitUnicodeString
- IoDeleteDevice
- MmGetSystemRoutineAddress
- IoDetachDevice
- KeDelayExecutionThread
- IoUnregisterShutdownNotification
- ZwClose
- IoGetAttachedDeviceReference
- PsGetCurrentProcessId
- ObfDereferenceObject
- IoCreateDevice
- IoEnumerateDeviceObjectList
- IoUnregisterFsRegistrationChange
- ObOpenObjectByPointer
- IoRegisterFsRegistrationChange
- IofCallDriver
- MmUnmapLockedPages
- _wcsicmp
- PsGetProcessPeb
- ZwCreateKey
- RtlCreateUnicodeString
- MmMapLockedPages
- PsSetLoadImageNotifyRoutine
- _wcsnicmp
- ZwReadFile
- IoGetRelatedDeviceObject
- KeSetEvent
- IoCreateFile
- KeInitializeEvent
- ZwDeleteValueKey
- ZwSetValueKey
- RtlEqualUnicodeString
- MmBuildMdlForNonPagedPool
- IoFreeMdl
- RtlFreeUnicodeString
- ObQueryNameString
- IoFileObjectType
- ZwQueryValueKey
- _vsnwprintf
- RtlRandom
- ObReferenceObjectByHandle
- KeWaitForSingleObject
- PsRemoveLoadImageNotifyRoutine
- ZwFlushKey
- MmCreateMdl
- IoFreeIrp
- ZwDeleteFile
- PsGetVersion
- IoAllocateIrp
- CmRegisterCallback
- RtlCopyUnicodeString
- MmIsAddressValid
- CmUnRegisterCallback
- ZwQueryInformationFile
- ZwWriteFile
- ZwDeleteKey
- ZwEnumerateKey
- ZwAllocateVirtualMemory
- ZwOpenKey
- KeUnstackDetachProcess
- ZwWaitForSingleObject
- ZwFreeVirtualMemory
- PsGetProcessSessionId
- ZwDuplicateObject
- ObReferenceObjectByName
- KeStackAttachProcess
- RtlSubAuthoritySid
- _strnicmp
- ZwOpenProcessTokenEx
- PsCreateSystemThread
- PsTerminateSystemThread
- PsThreadType
- RtlSubAuthorityCountSid
- ZwQueryInformationToken
- KeBugCheckEx
- strncmp
- strstr
- strchr
- strncpy
- _vsnprintf
- rand
- _stricmp
- ExAllocatePool
- IoBuildDeviceIoControlRequest
- ZwCreateFile
- MmProbeAndLockPages
- IoAllocateMdl
- __C_specific_handler
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
"TBS": {
"MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
"SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
"SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
"SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
},
"ValidFrom": "2020-11-17 00:00:00",
"ValidTo": "2023-11-12 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
"Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"TBS": {
"MD5": "f92649915476229b093c211c2b18e6c4",
"SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
"SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
"SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
"SerialNumber": "012eab44fa8853d913e7107c89406432",
"Version": 1
}
],
"SignerInfo": ""
}
source
last_updated: 2024-04-09
