SANDRA.sys 
Description
SANDRA.sys is a vulnerable driver and more information will be added as found.
- UUID: a7628504-9e35-4e42-91f7-0c0a512549f4
- Created: 2023-05-06
- Author: Nasreddine Bencherchali
- Acknowledgement: |
Download
This download link contains the vulnerable driver!
Commands
sc.exe create SANDRA binPath=C:\windows\temp\SANDRA type=kernel && sc.exe start SANDRA
| Use Case | Privileges | Operating System |
|---|
| Elevate privileges | kernel | Windows 10 |
Detections
Sigma 🛡️
Expand
Names
detects loading using name only
Hashes
detects loading using hashes only
Resources
Internal ResearchKnown Vulnerable Samples
Download
Certificates
Expand
Certificate 05ab96
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 861ac2a336eb5977ee1d342b79b3339a |
| ToBeSigned (TBS) SHA1 | 172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd |
| ToBeSigned (TBS) SHA256 | 4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1 |
| Subject | C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust TrustCenter CodeSigning CA I |
| ValidFrom | 2006-02-01 21:44:28 |
| ValidTo | 2016-01-30 21:44:28 |
| Signature | 65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 05ab96 |
| Version | 3 |
Certificate 008da900010020ba965fe3dc471ba8
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 53874260ddccaab0a480923b0bdb9f87 |
| ToBeSigned (TBS) SHA1 | 918b8c4efb05da56f1d3d99f99a20eebaca51734 |
| ToBeSigned (TBS) SHA256 | ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e |
| Subject | C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development, OU=GeoTrust Code Signing, CN=SiSoftware Ltd |
| ValidFrom | 2006-08-25 14:34:37 |
| ValidTo | 2009-08-25 14:34:37 |
| Signature | 4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 008da900010020ba965fe3dc471ba8 |
| Version | 3 |
Certificate 02358f
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 75ffae38758191312831922d8786a94e |
| ToBeSigned (TBS) SHA1 | d134a530fe0e79d599a54543644dd0f05020d64f |
| ToBeSigned (TBS) SHA256 | ff5857d0dbbcfcef23ec8aadc7cb4db858d427de94bf380629223fe6429ece19 |
| Subject | C=US, O=GeoTrust Inc., OU=GeoTrust TrustCenter Timestamp, CN=GeoTrust TrustCenter Authenticode Timestamp I |
| ValidFrom | 2006-02-13 15:40:22 |
| ValidTo | 2016-02-11 15:40:22 |
| Signature | bb64424e3d84a554ba24c4d75f1adbff39b1e0569823903b43d0d95dde4aacb2c13c40d61330b7ba52d48127399813f0c3754d556b0375bcc671348bf7e7e73916ed64ef034ef6a611ad21b3ecc0281f040d8c09aa32d72c99f16216d26e6f387e29504782ab56733ba9e75c53456699b30acfc19840d31d4228274c497f1ab1f9827a2ff19b3b784e48511a2af48c06c09610e337b18d9be9739267b2b45fae47daa2fd8f5b9dbbb85a080a12c025ecd637182df0661ec24020c0303cc7fe64d032590519f908d367c1d5ffa85948d7c1dda9f06fe09acc4e55a625fa3175f41d46ab5c9e35a86b9dfa1bb608e586a0ed95d9fe6ff59f4f26724567ba77449e |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 02358f |
| Version | 3 |
Certificate 610bdc8f00000000001a
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 6e11ed171e9a07e607b8ca65bf0e8858 |
| ToBeSigned (TBS) SHA1 | 6d329a72420f76868584957854cdc45172e9f902 |
| ToBeSigned (TBS) SHA256 | 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b |
| Subject | C=US, O=Equifax, OU=Equifax Secure Certificate Authority |
| ValidFrom | 2006-05-23 17:01:15 |
| ValidTo | 2016-05-23 17:11:15 |
| Signature | 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 610bdc8f00000000001a |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ZwSetValueKey
- NtQueryInformationProcess
- ZwClose
- MmMapIoSpace
- MmUnmapIoSpace
- IoQueryDeviceDescription
- ZwSetInformationThread
- RtlUnicodeStringToAnsiString
- MmMapLockedPagesSpecifyCache
- MmUnmapLockedPages
- IoFreeMdl
- IoAllocateMdl
- MmBuildMdlForNonPagedPool
- ZwCreateKey
- IoRegisterShutdownNotification
- MmResetDriverPaging
- KeAcquireSpinLockRaiseToDpc
- KeReleaseSpinLock
- IofCompleteRequest
- MmPageEntireDriver
- IoUnregisterShutdownNotification
- IoDeleteSymbolicLink
- IoDeleteDevice
- RtlQueryRegistryValues
- IoCreateDevice
- IoCreateSymbolicLink
- KeBugCheckEx
- RtlAppendUnicodeToString
- IoReportResourceUsage
- RtlInitUnicodeString
- __C_specific_handler
- HalSetBusDataByOffset
- HalGetBusDataByOffset
- HalTranslateBusAddress
- KeStallExecutionProcessor
Exported Functions
Expand
Sections
Expand
- .text
- init
- .rdata
- .data
- .pdata
- INIT
- .rsrc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "05ab96",
"Signature": "65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust TrustCenter CodeSigning CA I",
"TBS": {
"MD5": "861ac2a336eb5977ee1d342b79b3339a",
"SHA1": "172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd",
"SHA256": "4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1",
"SHA384": "99b4b343c5b223a1446551c3dd26e2a0dcafe214460c5fcc4f9f12eaca42695ae9adb04fc19eec33f17d1659a0730e95"
},
"ValidFrom": "2006-02-01 21:44:28",
"ValidTo": "2016-01-30 21:44:28",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "008da900010020ba965fe3dc471ba8",
"Signature": "4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development, OU=GeoTrust Code Signing, CN=SiSoftware Ltd",
"TBS": {
"MD5": "53874260ddccaab0a480923b0bdb9f87",
"SHA1": "918b8c4efb05da56f1d3d99f99a20eebaca51734",
"SHA256": "ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e",
"SHA384": "2c9c1ef0dce7e30a34e8873394e6142d705ae6eb8c2aa7cafb4ff600f56df44213ad4437ea6771b0d79b79fa31eeda60"
},
"ValidFrom": "2006-08-25 14:34:37",
"ValidTo": "2009-08-25 14:34:37",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "02358f",
"Signature": "bb64424e3d84a554ba24c4d75f1adbff39b1e0569823903b43d0d95dde4aacb2c13c40d61330b7ba52d48127399813f0c3754d556b0375bcc671348bf7e7e73916ed64ef034ef6a611ad21b3ecc0281f040d8c09aa32d72c99f16216d26e6f387e29504782ab56733ba9e75c53456699b30acfc19840d31d4228274c497f1ab1f9827a2ff19b3b784e48511a2af48c06c09610e337b18d9be9739267b2b45fae47daa2fd8f5b9dbbb85a080a12c025ecd637182df0661ec24020c0303cc7fe64d032590519f908d367c1d5ffa85948d7c1dda9f06fe09acc4e55a625fa3175f41d46ab5c9e35a86b9dfa1bb608e586a0ed95d9fe6ff59f4f26724567ba77449e",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=GeoTrust Inc., OU=GeoTrust TrustCenter Timestamp, CN=GeoTrust TrustCenter Authenticode Timestamp I",
"TBS": {
"MD5": "75ffae38758191312831922d8786a94e",
"SHA1": "d134a530fe0e79d599a54543644dd0f05020d64f",
"SHA256": "ff5857d0dbbcfcef23ec8aadc7cb4db858d427de94bf380629223fe6429ece19",
"SHA384": "c0fea314395e452e7cf6713c28ef5405859078ec210d9110f1f2455754eca38eb516b349731e0499ec74a06c09153924"
},
"ValidFrom": "2006-02-13 15:40:22",
"ValidTo": "2016-02-11 15:40:22",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610bdc8f00000000001a",
"Signature": "87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Equifax, OU=Equifax Secure Certificate Authority",
"TBS": {
"MD5": "6e11ed171e9a07e607b8ca65bf0e8858",
"SHA1": "6d329a72420f76868584957854cdc45172e9f902",
"SHA256": "75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b",
"SHA384": "c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093"
},
"ValidFrom": "2006-05-23 17:01:15",
"ValidTo": "2016-05-23 17:11:15",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust TrustCenter CodeSigning CA I",
"SerialNumber": "008da900010020ba965fe3dc471ba8",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 05ab96
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 861ac2a336eb5977ee1d342b79b3339a |
| ToBeSigned (TBS) SHA1 | 172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd |
| ToBeSigned (TBS) SHA256 | 4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1 |
| Subject | C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust TrustCenter CodeSigning CA I |
| ValidFrom | 2006-02-01 21:44:28 |
| ValidTo | 2016-01-30 21:44:28 |
| Signature | 65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 05ab96 |
| Version | 3 |
Certificate 008da900010020ba965fe3dc471ba8
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 53874260ddccaab0a480923b0bdb9f87 |
| ToBeSigned (TBS) SHA1 | 918b8c4efb05da56f1d3d99f99a20eebaca51734 |
| ToBeSigned (TBS) SHA256 | ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e |
| Subject | C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development, OU=GeoTrust Code Signing, CN=SiSoftware Ltd |
| ValidFrom | 2006-08-25 14:34:37 |
| ValidTo | 2009-08-25 14:34:37 |
| Signature | 4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 008da900010020ba965fe3dc471ba8 |
| Version | 3 |
Certificate 02358f
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 75ffae38758191312831922d8786a94e |
| ToBeSigned (TBS) SHA1 | d134a530fe0e79d599a54543644dd0f05020d64f |
| ToBeSigned (TBS) SHA256 | ff5857d0dbbcfcef23ec8aadc7cb4db858d427de94bf380629223fe6429ece19 |
| Subject | C=US, O=GeoTrust Inc., OU=GeoTrust TrustCenter Timestamp, CN=GeoTrust TrustCenter Authenticode Timestamp I |
| ValidFrom | 2006-02-13 15:40:22 |
| ValidTo | 2016-02-11 15:40:22 |
| Signature | bb64424e3d84a554ba24c4d75f1adbff39b1e0569823903b43d0d95dde4aacb2c13c40d61330b7ba52d48127399813f0c3754d556b0375bcc671348bf7e7e73916ed64ef034ef6a611ad21b3ecc0281f040d8c09aa32d72c99f16216d26e6f387e29504782ab56733ba9e75c53456699b30acfc19840d31d4228274c497f1ab1f9827a2ff19b3b784e48511a2af48c06c09610e337b18d9be9739267b2b45fae47daa2fd8f5b9dbbb85a080a12c025ecd637182df0661ec24020c0303cc7fe64d032590519f908d367c1d5ffa85948d7c1dda9f06fe09acc4e55a625fa3175f41d46ab5c9e35a86b9dfa1bb608e586a0ed95d9fe6ff59f4f26724567ba77449e |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 02358f |
| Version | 3 |
Certificate 610bdc8f00000000001a
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 6e11ed171e9a07e607b8ca65bf0e8858 |
| ToBeSigned (TBS) SHA1 | 6d329a72420f76868584957854cdc45172e9f902 |
| ToBeSigned (TBS) SHA256 | 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b |
| Subject | C=US, O=Equifax, OU=Equifax Secure Certificate Authority |
| ValidFrom | 2006-05-23 17:01:15 |
| ValidTo | 2016-05-23 17:11:15 |
| Signature | 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 610bdc8f00000000001a |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ZwSetValueKey
- NtQueryInformationProcess
- ZwClose
- MmMapIoSpace
- MmUnmapIoSpace
- IoQueryDeviceDescription
- ZwSetInformationThread
- RtlUnicodeStringToAnsiString
- IoAllocateMdl
- MmBuildMdlForNonPagedPool
- MmMapLockedPagesSpecifyCache
- MmUnmapLockedPages
- IoFreeMdl
- ZwCreateKey
- IoCreateDevice
- IoCreateSymbolicLink
- IoRegisterShutdownNotification
- MmResetDriverPaging
- KeAcquireSpinLockRaiseToDpc
- KeReleaseSpinLock
- IofCompleteRequest
- MmPageEntireDriver
- IoUnregisterShutdownNotification
- IoDeleteSymbolicLink
- IoDeleteDevice
- RtlQueryRegistryValues
- KeBugCheckEx
- RtlAppendUnicodeToString
- IoReportResourceUsage
- RtlInitUnicodeString
- __C_specific_handler
- HalSetBusDataByOffset
- HalGetBusDataByOffset
- HalTranslateBusAddress
- KeStallExecutionProcessor
Exported Functions
Expand
Sections
Expand
- .text
- init
- .rdata
- .data
- .pdata
- INIT
- .rsrc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "05ab96",
"Signature": "65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust TrustCenter CodeSigning CA I",
"TBS": {
"MD5": "861ac2a336eb5977ee1d342b79b3339a",
"SHA1": "172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd",
"SHA256": "4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1",
"SHA384": "99b4b343c5b223a1446551c3dd26e2a0dcafe214460c5fcc4f9f12eaca42695ae9adb04fc19eec33f17d1659a0730e95"
},
"ValidFrom": "2006-02-01 21:44:28",
"ValidTo": "2016-01-30 21:44:28",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "008da900010020ba965fe3dc471ba8",
"Signature": "4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development, OU=GeoTrust Code Signing, CN=SiSoftware Ltd",
"TBS": {
"MD5": "53874260ddccaab0a480923b0bdb9f87",
"SHA1": "918b8c4efb05da56f1d3d99f99a20eebaca51734",
"SHA256": "ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e",
"SHA384": "2c9c1ef0dce7e30a34e8873394e6142d705ae6eb8c2aa7cafb4ff600f56df44213ad4437ea6771b0d79b79fa31eeda60"
},
"ValidFrom": "2006-08-25 14:34:37",
"ValidTo": "2009-08-25 14:34:37",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "02358f",
"Signature": "bb64424e3d84a554ba24c4d75f1adbff39b1e0569823903b43d0d95dde4aacb2c13c40d61330b7ba52d48127399813f0c3754d556b0375bcc671348bf7e7e73916ed64ef034ef6a611ad21b3ecc0281f040d8c09aa32d72c99f16216d26e6f387e29504782ab56733ba9e75c53456699b30acfc19840d31d4228274c497f1ab1f9827a2ff19b3b784e48511a2af48c06c09610e337b18d9be9739267b2b45fae47daa2fd8f5b9dbbb85a080a12c025ecd637182df0661ec24020c0303cc7fe64d032590519f908d367c1d5ffa85948d7c1dda9f06fe09acc4e55a625fa3175f41d46ab5c9e35a86b9dfa1bb608e586a0ed95d9fe6ff59f4f26724567ba77449e",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=GeoTrust Inc., OU=GeoTrust TrustCenter Timestamp, CN=GeoTrust TrustCenter Authenticode Timestamp I",
"TBS": {
"MD5": "75ffae38758191312831922d8786a94e",
"SHA1": "d134a530fe0e79d599a54543644dd0f05020d64f",
"SHA256": "ff5857d0dbbcfcef23ec8aadc7cb4db858d427de94bf380629223fe6429ece19",
"SHA384": "c0fea314395e452e7cf6713c28ef5405859078ec210d9110f1f2455754eca38eb516b349731e0499ec74a06c09153924"
},
"ValidFrom": "2006-02-13 15:40:22",
"ValidTo": "2016-02-11 15:40:22",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610bdc8f00000000001a",
"Signature": "87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Equifax, OU=Equifax Secure Certificate Authority",
"TBS": {
"MD5": "6e11ed171e9a07e607b8ca65bf0e8858",
"SHA1": "6d329a72420f76868584957854cdc45172e9f902",
"SHA256": "75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b",
"SHA384": "c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093"
},
"ValidFrom": "2006-05-23 17:01:15",
"ValidTo": "2016-05-23 17:11:15",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust TrustCenter CodeSigning CA I",
"SerialNumber": "008da900010020ba965fe3dc471ba8",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 0a
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 6c239df74ade9185bb735cea2298c028 |
| ToBeSigned (TBS) SHA1 | f6297a00d3b2b4ce4750402b66e7ea018d54f683 |
| ToBeSigned (TBS) SHA256 | c5e3eebf1434d85e615b06e3c7a4d3c31d10a4fb0ff7a9b262bd41b43a6aaefe |
| Subject | C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte Code Signing CA |
| ValidFrom | 2003-08-06 00:00:00 |
| ValidTo | 2013-08-05 23:59:59 |
| Signature | 76b29cee139f1bf62d349294457334dc8e6b2e5cfc4c7d89ebc368f1d7990f2e1d17c8b5168bbecd8a0506f219493a035b05c9208e6d52e17681a0c3658a2267e41c53533746bfbcd72feb7b9ed014456c402108e25d757666301ef4df828a2fbdf3a20cbf1ddb9f14a29a72374db07748e84a3f09ce55192cefe60724e1afec |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 0a |
| Version | 3 |
Certificate 47bf1995df8d524643f7db6d480d31a4
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 518d2ea8a21e879c942d504824ac211c |
| ToBeSigned (TBS) SHA1 | 21ce87d827077e61abddf2beba69fde5432ea031 |
| ToBeSigned (TBS) SHA256 | 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7 |
| Subject | C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA |
| ValidFrom | 2003-12-04 00:00:00 |
| ValidTo | 2013-12-03 23:59:59 |
| Signature | 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 47bf1995df8d524643f7db6d480d31a4 |
| Version | 3 |
Certificate 3ea278
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | d1fe7af23616fed8bc3caa7652a5a797 |
| ToBeSigned (TBS) SHA1 | 2761ec21ac2de20b9341ae80bfb2d7fecbbc82f8 |
| ToBeSigned (TBS) SHA256 | e1b99e1290c46d85fea0a77eff3976c23b4f50950eea0ad74e69375b6a8d46e1 |
| Subject | CN=SiSoftware LTD, O=SiSoftware LTD, OU=Secure Application Development, C=UK, ST=London, L=London |
| ValidFrom | 2004-09-23 16:28:04 |
| ValidTo | 2005-09-23 16:28:04 |
| Signature | 2623e3d4f0ca2111695ee2c1493671d554de79106efd8d98928e0890eb65e7da15d2f4c8f739e5fd1ce3e2205327c540b29ad0a901b605a623b2de380e382e4b75b9b41c5b4deb75c974d02c1911fb58851e75b6fc20bb947fca991fc050dee03a914b69345c77aeba2fa02e1b22cd2b75ad2593d9f5caa24550a02db6a3506d |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.4 |
| IsCertificateAuthority | False |
| SerialNumber | 3ea278 |
| Version | 3 |
Certificate 0de92bf0d4d82988183205095e9a7688
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 45c204b8a20f6abb0188d2d38a3fb0c9 |
| ToBeSigned (TBS) SHA1 | cdf3a3c5c2eda4c29621f30fd3154f9f8c765739 |
| ToBeSigned (TBS) SHA256 | e32839dddc0f4ed2474efaf37f59d46db400c700fd19533cb0895a111124bc77 |
| Subject | C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer |
| ValidFrom | 2003-12-04 00:00:00 |
| ValidTo | 2008-12-03 23:59:59 |
| Signature | 877870da4e5201205be079c98230c4fdb91996bd9100c3bdcdcdc6f40ed8fff94dc033623011c5f5741bd492de5f9c2013b17c45be50cd83e7801783a72793671346fbcab8984103cc9b515b058b7fa86ff31b501b242ef2698d6c22f7bbca1695ed0c74c06877d9eb996287c17390f889747a23aba3987b97b1f78f29714d2e751b4841daf0b50d2054d677a097826369fd09cf8af075bb099bd9f91155269a6132be7a02b07b86bea2c38b222c78d13576bc92735cf9b9e64c150a23cce4d2d4342e4940153c0f607a24c6a566ef96cf70eb3ee7f40d7edcd17ca3767169c19c4f47303521b1a2af1a623c2bd98eaa2a077bd818b35c7be29da56ffe3c89ad |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0de92bf0d4d82988183205095e9a7688 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ZwSetValueKey
- ZwCreateKey
- RtlAppendUnicodeToString
- MmMapIoSpace
- MmUnmapIoSpace
- IoQueryDeviceDescription
- ZwSetInformationThread
- RtlUnicodeStringToAnsiString
- __C_specific_handler
- MmMapLockedPagesSpecifyCache
- MmBuildMdlForNonPagedPool
- IoAllocateMdl
- IoFreeMdl
- NtQueryInformationProcess
- IoReportResourceUsage
- IofCompleteRequest
- KeReleaseSpinLock
- KeAcquireSpinLockRaiseToDpc
- MmResetDriverPaging
- MmPageEntireDriver
- IoDeleteDevice
- IoDeleteSymbolicLink
- IoUnregisterShutdownNotification
- RtlQueryRegistryValues
- IoRegisterShutdownNotification
- IoCreateSymbolicLink
- IoCreateDevice
- KeBugCheckEx
- ZwClose
- MmUnmapLockedPages
- RtlInitUnicodeString
- HalSetBusDataByOffset
- HalGetBusDataByOffset
- HalTranslateBusAddress
- KeStallExecutionProcessor
Exported Functions
Expand
Sections
Expand
- .text
- init
- .rdata
- .data
- .pdata
- INIT
- .rsrc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "05ab96",
"Signature": "65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust TrustCenter CodeSigning CA I",
"TBS": {
"MD5": "861ac2a336eb5977ee1d342b79b3339a",
"SHA1": "172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd",
"SHA256": "4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1",
"SHA384": "99b4b343c5b223a1446551c3dd26e2a0dcafe214460c5fcc4f9f12eaca42695ae9adb04fc19eec33f17d1659a0730e95"
},
"ValidFrom": "2006-02-01 21:44:28",
"ValidTo": "2016-01-30 21:44:28",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "008da900010020ba965fe3dc471ba8",
"Signature": "4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development, OU=GeoTrust Code Signing, CN=SiSoftware Ltd",
"TBS": {
"MD5": "53874260ddccaab0a480923b0bdb9f87",
"SHA1": "918b8c4efb05da56f1d3d99f99a20eebaca51734",
"SHA256": "ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e",
"SHA384": "2c9c1ef0dce7e30a34e8873394e6142d705ae6eb8c2aa7cafb4ff600f56df44213ad4437ea6771b0d79b79fa31eeda60"
},
"ValidFrom": "2006-08-25 14:34:37",
"ValidTo": "2009-08-25 14:34:37",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "02358f",
"Signature": "bb64424e3d84a554ba24c4d75f1adbff39b1e0569823903b43d0d95dde4aacb2c13c40d61330b7ba52d48127399813f0c3754d556b0375bcc671348bf7e7e73916ed64ef034ef6a611ad21b3ecc0281f040d8c09aa32d72c99f16216d26e6f387e29504782ab56733ba9e75c53456699b30acfc19840d31d4228274c497f1ab1f9827a2ff19b3b784e48511a2af48c06c09610e337b18d9be9739267b2b45fae47daa2fd8f5b9dbbb85a080a12c025ecd637182df0661ec24020c0303cc7fe64d032590519f908d367c1d5ffa85948d7c1dda9f06fe09acc4e55a625fa3175f41d46ab5c9e35a86b9dfa1bb608e586a0ed95d9fe6ff59f4f26724567ba77449e",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=GeoTrust Inc., OU=GeoTrust TrustCenter Timestamp, CN=GeoTrust TrustCenter Authenticode Timestamp I",
"TBS": {
"MD5": "75ffae38758191312831922d8786a94e",
"SHA1": "d134a530fe0e79d599a54543644dd0f05020d64f",
"SHA256": "ff5857d0dbbcfcef23ec8aadc7cb4db858d427de94bf380629223fe6429ece19",
"SHA384": "c0fea314395e452e7cf6713c28ef5405859078ec210d9110f1f2455754eca38eb516b349731e0499ec74a06c09153924"
},
"ValidFrom": "2006-02-13 15:40:22",
"ValidTo": "2016-02-11 15:40:22",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610bdc8f00000000001a",
"Signature": "87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Equifax, OU=Equifax Secure Certificate Authority",
"TBS": {
"MD5": "6e11ed171e9a07e607b8ca65bf0e8858",
"SHA1": "6d329a72420f76868584957854cdc45172e9f902",
"SHA256": "75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b",
"SHA384": "c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093"
},
"ValidFrom": "2006-05-23 17:01:15",
"ValidTo": "2016-05-23 17:11:15",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust TrustCenter CodeSigning CA I",
"SerialNumber": "008da900010020ba965fe3dc471ba8",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 05ab96
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 861ac2a336eb5977ee1d342b79b3339a |
| ToBeSigned (TBS) SHA1 | 172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd |
| ToBeSigned (TBS) SHA256 | 4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1 |
| Subject | C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust TrustCenter CodeSigning CA I |
| ValidFrom | 2006-02-01 21:44:28 |
| ValidTo | 2016-01-30 21:44:28 |
| Signature | 65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 05ab96 |
| Version | 3 |
Certificate 008da900010020ba965fe3dc471ba8
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 53874260ddccaab0a480923b0bdb9f87 |
| ToBeSigned (TBS) SHA1 | 918b8c4efb05da56f1d3d99f99a20eebaca51734 |
| ToBeSigned (TBS) SHA256 | ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e |
| Subject | C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development, OU=GeoTrust Code Signing, CN=SiSoftware Ltd |
| ValidFrom | 2006-08-25 14:34:37 |
| ValidTo | 2009-08-25 14:34:37 |
| Signature | 4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 008da900010020ba965fe3dc471ba8 |
| Version | 3 |
Certificate 02358f
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 75ffae38758191312831922d8786a94e |
| ToBeSigned (TBS) SHA1 | d134a530fe0e79d599a54543644dd0f05020d64f |
| ToBeSigned (TBS) SHA256 | ff5857d0dbbcfcef23ec8aadc7cb4db858d427de94bf380629223fe6429ece19 |
| Subject | C=US, O=GeoTrust Inc., OU=GeoTrust TrustCenter Timestamp, CN=GeoTrust TrustCenter Authenticode Timestamp I |
| ValidFrom | 2006-02-13 15:40:22 |
| ValidTo | 2016-02-11 15:40:22 |
| Signature | bb64424e3d84a554ba24c4d75f1adbff39b1e0569823903b43d0d95dde4aacb2c13c40d61330b7ba52d48127399813f0c3754d556b0375bcc671348bf7e7e73916ed64ef034ef6a611ad21b3ecc0281f040d8c09aa32d72c99f16216d26e6f387e29504782ab56733ba9e75c53456699b30acfc19840d31d4228274c497f1ab1f9827a2ff19b3b784e48511a2af48c06c09610e337b18d9be9739267b2b45fae47daa2fd8f5b9dbbb85a080a12c025ecd637182df0661ec24020c0303cc7fe64d032590519f908d367c1d5ffa85948d7c1dda9f06fe09acc4e55a625fa3175f41d46ab5c9e35a86b9dfa1bb608e586a0ed95d9fe6ff59f4f26724567ba77449e |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 02358f |
| Version | 3 |
Certificate 610bdc8f00000000001a
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 6e11ed171e9a07e607b8ca65bf0e8858 |
| ToBeSigned (TBS) SHA1 | 6d329a72420f76868584957854cdc45172e9f902 |
| ToBeSigned (TBS) SHA256 | 75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b |
| Subject | C=US, O=Equifax, OU=Equifax Secure Certificate Authority |
| ValidFrom | 2006-05-23 17:01:15 |
| ValidTo | 2016-05-23 17:11:15 |
| Signature | 87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 610bdc8f00000000001a |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- READ_REGISTER_USHORT
- READ_REGISTER_ULONG
- IoQueryDeviceDescription
- ZwSetInformationThread
- RtlUnicodeStringToAnsiString
- MmMapLockedPagesSpecifyCache
- MmBuildMdlForNonPagedPool
- IoAllocateMdl
- IoFreeMdl
- MmUnmapLockedPages
- IoReportResourceUsage
- READ_REGISTER_UCHAR
- MmResetDriverPaging
- MmPageEntireDriver
- IoDeleteDevice
- IoDeleteSymbolicLink
- IoUnregisterShutdownNotification
- RtlQueryRegistryValues
- IoRegisterShutdownNotification
- IoCreateSymbolicLink
- IoCreateDevice
- KeTickCount
- KeBugCheckEx
- RtlUnwind
- WRITE_REGISTER_ULONG
- WRITE_REGISTER_USHORT
- WRITE_REGISTER_UCHAR
- memset
- MmUnmapIoSpace
- MmMapIoSpace
- RtlAppendUnicodeToString
- ZwCreateKey
- ZwSetValueKey
- NtQueryInformationProcess
- ZwClose
- IofCompleteRequest
- RtlInitUnicodeString
- KfReleaseSpinLock
- HalGetInterruptVector
- KeStallExecutionProcessor
- KeRaiseIrqlToDpcLevel
- KfLowerIrql
- HalSetBusDataByOffset
- HalGetBusDataByOffset
- WRITE_PORT_ULONG
- WRITE_PORT_USHORT
- WRITE_PORT_UCHAR
- READ_PORT_ULONG
- READ_PORT_USHORT
- READ_PORT_UCHAR
- HalTranslateBusAddress
- KfAcquireSpinLock
Exported Functions
Expand
Sections
Expand
- .text
- init
- .rdata
- .data
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "05ab96",
"Signature": "65c62c9e0fc5dec5639b6e8341e0d9137104dcd9813151f57eb9930d2ef80ae8c329c0e15e02c935bb2d936ff620702b7af688c0a60133696035618235da87d374289fa4b7c023012a763198473d2bd618173691b6203e8c00876f603252123d15d2a49c00def933f55e980a433ab6af40d8924b85b25701b2c9b09174f7b754",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust TrustCenter CodeSigning CA I",
"TBS": {
"MD5": "861ac2a336eb5977ee1d342b79b3339a",
"SHA1": "172f39bca3dda7c6d5169c96b34a5fe7e96ff0bd",
"SHA256": "4e5f8008413b8bd1daacea968d79051fc84d2fcd76ded06c65fd8d2cf3b4e2e1",
"SHA384": "99b4b343c5b223a1446551c3dd26e2a0dcafe214460c5fcc4f9f12eaca42695ae9adb04fc19eec33f17d1659a0730e95"
},
"ValidFrom": "2006-02-01 21:44:28",
"ValidTo": "2016-01-30 21:44:28",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "008da900010020ba965fe3dc471ba8",
"Signature": "4c99f17e9f0b78f896f63b6e8169341c47002763232639c5a84b1ca9ce9af913f4fb60a7a35671b1eedbdd3a6f8e25f1976ec8ca8cd430e26df8872f17e846280193959d43d627fe7e1ec7090b0b5d556a343835712f2a89963601f1ada68ec83c674d1314800ccef6cb90950d53488917e8ad20a291bedbe8bdf439d2d7e511510ed93e25efc0c96d47dcebada3c4343a3572e8c54b73d5d9945278129d735147ca201016dd7ae28429501b4fcf0ec713e6a1399dcc6050e3f7ced3c3d470beed59c912a287014097a3cd1b30fed67c26e21a78b1e32f3dc2ddfb118a9208cd030d936f380cecd2c20046f6ce477d1a303a4ff6666b1294702a2d5d0cf3cbc7",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=GB, ST=London, L=London, O=SiSoftware Ltd, OU=Development, OU=GeoTrust Code Signing, CN=SiSoftware Ltd",
"TBS": {
"MD5": "53874260ddccaab0a480923b0bdb9f87",
"SHA1": "918b8c4efb05da56f1d3d99f99a20eebaca51734",
"SHA256": "ba08cbcbf581a6f105512e5ce808655aeb91406ae3565ab1cdee935f19d9c86e",
"SHA384": "2c9c1ef0dce7e30a34e8873394e6142d705ae6eb8c2aa7cafb4ff600f56df44213ad4437ea6771b0d79b79fa31eeda60"
},
"ValidFrom": "2006-08-25 14:34:37",
"ValidTo": "2009-08-25 14:34:37",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "02358f",
"Signature": "bb64424e3d84a554ba24c4d75f1adbff39b1e0569823903b43d0d95dde4aacb2c13c40d61330b7ba52d48127399813f0c3754d556b0375bcc671348bf7e7e73916ed64ef034ef6a611ad21b3ecc0281f040d8c09aa32d72c99f16216d26e6f387e29504782ab56733ba9e75c53456699b30acfc19840d31d4228274c497f1ab1f9827a2ff19b3b784e48511a2af48c06c09610e337b18d9be9739267b2b45fae47daa2fd8f5b9dbbb85a080a12c025ecd637182df0661ec24020c0303cc7fe64d032590519f908d367c1d5ffa85948d7c1dda9f06fe09acc4e55a625fa3175f41d46ab5c9e35a86b9dfa1bb608e586a0ed95d9fe6ff59f4f26724567ba77449e",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=GeoTrust Inc., OU=GeoTrust TrustCenter Timestamp, CN=GeoTrust TrustCenter Authenticode Timestamp I",
"TBS": {
"MD5": "75ffae38758191312831922d8786a94e",
"SHA1": "d134a530fe0e79d599a54543644dd0f05020d64f",
"SHA256": "ff5857d0dbbcfcef23ec8aadc7cb4db858d427de94bf380629223fe6429ece19",
"SHA384": "c0fea314395e452e7cf6713c28ef5405859078ec210d9110f1f2455754eca38eb516b349731e0499ec74a06c09153924"
},
"ValidFrom": "2006-02-13 15:40:22",
"ValidTo": "2016-02-11 15:40:22",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610bdc8f00000000001a",
"Signature": "87a40f6b55916248ff54811ccf5db6c5a514aa671df485f6860d38b31c8d22ce7c867946fb71e16114d0ed4e46a48bca64654094f92ad7870ca9b7bedcc40bbd09c106eb9530841b9d8de7bc70c6f86539c4e5c4e65c8fcda130baef065e555290edd8587f15142ecc21a593dab8508d805e6e22a70fde8093add71d24b02aa2f4f20b98750131cc69bc359b3d13662f21bde54ec3639cc8518d59f5b600937ef10c35b0f4180dbfa7bdb2aae16b9f3ce6bb41b5d904e7c8a63abf8a5bdcaa9a3cd2c8dfcb1774163d78470b4c108e406616a0f300ede034998af0f9460ff27fbf202c972616d59e81da94a6dc61c8f18e092d4e32d03df682267d91d7a6c67bc1311d210ed4a342c1b4dfc0446b4f2aeebb29d62787b0a450ae1a9ab5f996f4ccabe52b3df166e2d5e1c3f0c687b659536638026e6194df1563aa415052f9bb64dc95e05b6c2aacfed6e603c21ff65557fe7e813fcb5a0bc1029cac84e47cd3f4c25a17c312706009ec82e5eccdd0b2106d69868c8da60e0416c57164ebd95bb8b08cfc32427e60846f655b7244272b846181f461d50fd51dbc05a27a5f937f26d1c8b3afa0190723e43e225d32d14a0fcee7b72a5c7b6e1c57126864e8337e8c501340a487b0d3a69b1eacbd3d7812bc52af09e0bab0508e5c81f98383af1482f50a6d035721bb9ac32e66fb04215b0a120fc1c907d63cecabf9a52f90883a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Equifax, OU=Equifax Secure Certificate Authority",
"TBS": {
"MD5": "6e11ed171e9a07e607b8ca65bf0e8858",
"SHA1": "6d329a72420f76868584957854cdc45172e9f902",
"SHA256": "75efb8656a18ba5dacc596757bfb0fa11f0d3d81fd5f8cf9bb8975ced87e7b1b",
"SHA384": "c41060ed797c77588692c0b3e36e19cca2d48c354863437f3df76009e25c916e8d2c7e17b297fbc59da085e98d070093"
},
"ValidFrom": "2006-05-23 17:01:15",
"ValidTo": "2016-05-23 17:11:15",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, OU=GeoTrust TrustCenter CodeSigning CA, O=GeoTrust Inc, CN=GeoTrust TrustCenter CodeSigning CA I",
"SerialNumber": "008da900010020ba965fe3dc471ba8",
"Version": 1
}
],
"SignerInfo": ""
}
source
last_updated: 2024-04-09