Description Bad access controls in Inspect Element Ltd.'s echo_driver.sys allows attacker to gain arbitrary memory read and write, which allows for easy Privilege Escalation via Token Theft.
UUID : afb8bb46-1d13-407d-9866-1daa7c82ca63Created : 2023-07-14Author : Protocol & ZachAcknowledgement : protocol | @WindowsKernel Download
This download link contains the vulnerable driver!
Block echo_driver.sys across your endpoints Add this driver to your block policy in minutes with MagicSword, threat-driven application control. Free for up to 100 endpoints.
Start Blocking for Free Commands sc.exe create echo_driver.sys binPath=C:\windows\temp\echo_driver.sys type=kernel && sc.exe start echo_driver.sys
Use Case Privileges Operating System Elevate privileges, arbitrary memory read/write kernel Windows 10/11
Detections Sigma 🛡️ Expand Names
detects loading using name only
Hashes
detects loading using hashes only
Resources https://ioctl.fail/echo-ac-writeup/ https://github.com/kite03/echoac-poc/tree/main/PoC https://github.com/pseuxide/kur Known Vulnerable Samples Download
Certificates Expand Certificate 33000000433a68189e33902987000000000043 Field Value ToBeSigned (TBS) MD5 3d790bd5602e84a4aa8560133ced0a41 ToBeSigned (TBS) SHA1 909e31e3e3808ab55d508fc0ba47e0132a57d7ab ToBeSigned (TBS) SHA256 ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453 Subject C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher ValidFrom 2020-12-15 22:25:28 ValidTo 2021-12-02 22:25:28 Signature 3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a SignatureAlgorithmOID 1.2.840.113549.1.1.11 IsCertificateAuthority False SerialNumber 33000000433a68189e33902987000000000043 Version 3
Certificate 330000000d690d5d7893d076df00000000000d Field Value ToBeSigned (TBS) MD5 83f69422963f11c3c340b81712eef319 ToBeSigned (TBS) SHA1 0c5e5f24590b53bc291e28583acb78e5adc95601 ToBeSigned (TBS) SHA256 d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae Subject C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014 ValidFrom 2014-10-15 20:31:27 ValidTo 2029-10-15 20:41:27 Signature 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f SignatureAlgorithmOID 1.2.840.113549.1.1.11 IsCertificateAuthority True SerialNumber 330000000d690d5d7893d076df00000000000d Version 3
Imports Expand cng.sys ntoskrnl.exe WDFLDR.SYS Imported Functions Expand BCryptVerifySignature BCryptCreateHash BCryptDestroyKey BCryptFinishHash BCryptDestroyHash BCryptImportKeyPair BCryptCloseAlgorithmProvider BCryptGetProperty BCryptHashData BCryptOpenAlgorithmProvider IoGetCurrentProcess ObRegisterCallbacks ObUnRegisterCallbacks ObGetFilterVersion PsGetProcessId PsGetThreadProcessId PsProcessType PsThreadType DbgPrint ExAllocatePoolWithTag IoDeleteDevice ProbeForRead ZwCreateFile ZwQueryInformationFile ZwReadFile ZwClose SeLocateProcessImageName RtlGetVersion IofCompleteRequest ObReferenceObjectByHandle ObfDereferenceObject PsLookupProcessByProcessId ObOpenObjectByPointer ZwQueryVirtualMemory MmCopyVirtualMemory __C_specific_handler ZwOpenProcess ZwQuerySystemInformation ZwQueryInformationProcess IoDeleteSymbolicLink RtlCopyUnicodeString DbgPrintEx IoCreateSymbolicLink IoCreateDevice RtlInitUnicodeString ExFreePoolWithTag WdfVersionUnbind WdfVersionBindClass WdfVersionUnbindClass WdfVersionBind Exported Functions Expand Sections Expand .text .rdata .data .pdata INIT .reloc Signature Expand {
"Certificates": [
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "33000000433a68189e33902987000000000043",
"Signature": "3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "3d790bd5602e84a4aa8560133ced0a41",
"SHA1": "909e31e3e3808ab55d508fc0ba47e0132a57d7ab",
"SHA256": "ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453",
"SHA384": "c548f472f381df2da149c036e2f47be20293838eb23adce5e1b0ad1ba1fe8c33f688528452146c87dcb26070a2a23ced"
},
"ValidFrom": "2020-12-15 22:25:28",
"ValidTo": "2021-12-02 22:25:28",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "330000000d690d5d7893d076df00000000000d",
"Signature": "96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"TBS": {
"MD5": "83f69422963f11c3c340b81712eef319",
"SHA1": "0c5e5f24590b53bc291e28583acb78e5adc95601",
"SHA256": "d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae",
"SHA384": "260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63"
},
"ValidFrom": "2014-10-15 20:31:27",
"ValidTo": "2029-10-15 20:41:27",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"SerialNumber": "33000000433a68189e33902987000000000043",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates Expand Certificate 330000003a6ae333708fda7a7b00000000003a Field Value ToBeSigned (TBS) MD5 6f5d716e7151f1c173396adb7213359e ToBeSigned (TBS) SHA1 100610baae90027e9844a8e9c4d489fe122ecd9c ToBeSigned (TBS) SHA256 677d532777cee24be88442efec75e9640e80ef57d8e1246396459a1a04be733f Subject C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher ValidFrom 2020-03-11 17:31:14 ValidTo 2021-03-05 17:31:14 Signature 7dfc7c353c4c04d9d06066e1ca8584637192eb15d1d6e7c5521b0d819d615fb56524985d30535b0573fb8e0d13173d51b27bd23b9a2052738891d67ed360766452b62c4566eb20c90f018229a8e951bf58df5a7d731c1e51217f471d470979f04e900920bfc8715122b331d82f68f73ebf3de36e09d18fbfed2f3c29190a41baafbca0025bf4e36310a04cb8e61c32fda677820aa693a7f5e69d3c3abdb495b12bb8b6d10f65d44fae945d9b0fcf695d4711fc9e1c0ddb1f569c13093e16c389f748d8fe60e8685f02357464564761db4cece391baa742f3ad3bcfa26e01975966ca41939c832bf1147bec870162ce042fd0cf10d048181ec573d317f2c5de21512f13b24de9bac9bb83fc2ceb4f6f766536fe38c03ede1f8b0a3b8828e8d914d73d0a17699ab20264a27a36e0f77c5144cf470bf44d2296290e345bd25c0bc6a08dd963ec39ce0e500599751c652dc20e9906c1ce76c1d86c09058ae8defb3d7b93b68a34ca83a981a30c2403723f7e5c664b1e951050002ad32e976db221c2d8c660047dc6acfe0da16d44c6372a5cd04b016a35193f841b903ba87e2d6e416a2c59469af9f16e249bb891f21ec22f2db0a84a48d7a9e43d2f7e3bdd016d600f57daf21829885ec035287ab332c32738f5e26c6d2502b2f044afb1e048c85c7c9baf76747de14ecdeca3c7481796a741672a047f89dafe2c12c01982a026c4 SignatureAlgorithmOID 1.2.840.113549.1.1.11 IsCertificateAuthority False SerialNumber 330000003a6ae333708fda7a7b00000000003a Version 3
Certificate 330000000d690d5d7893d076df00000000000d Field Value ToBeSigned (TBS) MD5 83f69422963f11c3c340b81712eef319 ToBeSigned (TBS) SHA1 0c5e5f24590b53bc291e28583acb78e5adc95601 ToBeSigned (TBS) SHA256 d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae Subject C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014 ValidFrom 2014-10-15 20:31:27 ValidTo 2029-10-15 20:41:27 Signature 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f SignatureAlgorithmOID 1.2.840.113549.1.1.11 IsCertificateAuthority True SerialNumber 330000000d690d5d7893d076df00000000000d Version 3
Imports Expand Imported Functions Expand PsTerminateSystemThread IofCompleteRequest IoCreateDevice IoCreateSymbolicLink IoDeleteDevice IoDeleteSymbolicLink IoGetCurrentProcess ObReferenceObjectByHandle ObfDereferenceObject ObRegisterCallbacks ObUnRegisterCallbacks ObGetFilterVersion PsCreateSystemThread ZwClose PsSetCreateThreadNotifyRoutine PsRemoveCreateThreadNotifyRoutine PsGetCurrentProcessId PsGetProcessId PsGetThreadProcessId ZwTerminateProcess RtlRandomEx PsLookupProcessByProcessId ObOpenObjectByPointer PsProcessType PsThreadType KeWaitForSingleObject RtlCopyUnicodeString KeDelayExecutionThread DbgPrintEx ZwUnloadDriver RtlInitUnicodeString WdfVersionUnbind WdfVersionBind WdfVersionUnbindClass WdfVersionBindClass Exported Functions Expand Sections Expand .text .rdata .data .pdata INIT .reloc Signature Expand {
"Certificates": [
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "33000000433a68189e33902987000000000043",
"Signature": "3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "3d790bd5602e84a4aa8560133ced0a41",
"SHA1": "909e31e3e3808ab55d508fc0ba47e0132a57d7ab",
"SHA256": "ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453",
"SHA384": "c548f472f381df2da149c036e2f47be20293838eb23adce5e1b0ad1ba1fe8c33f688528452146c87dcb26070a2a23ced"
},
"ValidFrom": "2020-12-15 22:25:28",
"ValidTo": "2021-12-02 22:25:28",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "330000000d690d5d7893d076df00000000000d",
"Signature": "96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"TBS": {
"MD5": "83f69422963f11c3c340b81712eef319",
"SHA1": "0c5e5f24590b53bc291e28583acb78e5adc95601",
"SHA256": "d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae",
"SHA384": "260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63"
},
"ValidFrom": "2014-10-15 20:31:27",
"ValidTo": "2029-10-15 20:41:27",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"SerialNumber": "33000000433a68189e33902987000000000043",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates Expand Certificate 33000000433a68189e33902987000000000043 Field Value ToBeSigned (TBS) MD5 3d790bd5602e84a4aa8560133ced0a41 ToBeSigned (TBS) SHA1 909e31e3e3808ab55d508fc0ba47e0132a57d7ab ToBeSigned (TBS) SHA256 ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453 Subject C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher ValidFrom 2020-12-15 22:25:28 ValidTo 2021-12-02 22:25:28 Signature 3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a SignatureAlgorithmOID 1.2.840.113549.1.1.11 IsCertificateAuthority False SerialNumber 33000000433a68189e33902987000000000043 Version 3
Certificate 330000000d690d5d7893d076df00000000000d Field Value ToBeSigned (TBS) MD5 83f69422963f11c3c340b81712eef319 ToBeSigned (TBS) SHA1 0c5e5f24590b53bc291e28583acb78e5adc95601 ToBeSigned (TBS) SHA256 d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae Subject C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014 ValidFrom 2014-10-15 20:31:27 ValidTo 2029-10-15 20:41:27 Signature 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f SignatureAlgorithmOID 1.2.840.113549.1.1.11 IsCertificateAuthority True SerialNumber 330000000d690d5d7893d076df00000000000d Version 3
Imports Expand Imported Functions Expand BCryptVerifySignature BCryptCreateHash BCryptDestroyKey BCryptFinishHash BCryptDestroyHash BCryptImportKeyPair BCryptCloseAlgorithmProvider BCryptGetProperty BCryptHashData BCryptOpenAlgorithmProvider IoGetCurrentProcess ObRegisterCallbacks ObUnRegisterCallbacks ObGetFilterVersion PsGetProcessId PsGetThreadProcessId PsProcessType PsThreadType DbgPrint ExAllocatePoolWithTag ExFreePoolWithTag ProbeForRead ZwCreateFile ZwQueryInformationFile IoDeleteDevice ZwClose SeLocateProcessImageName RtlGetVersion KeIpiGenericCall IofCompleteRequest ObReferenceObjectByHandle ObfDereferenceObject ZwOpenKey ZwQueryValueKey MmCopyMemory MmGetVirtualForPhysical KeStackAttachProcess KeUnstackDetachProcess PsLookupProcessByProcessId ObOpenObjectByPointer ZwQueryVirtualMemory MmCopyVirtualMemory __C_specific_handler ZwOpenProcess ZwQuerySystemInformation ZwQueryInformationProcess IoDeleteSymbolicLink RtlCopyUnicodeString DbgPrintEx IoCreateSymbolicLink IoCreateDevice RtlInitUnicodeString ZwReadFile WdfVersionUnbind WdfVersionBindClass WdfVersionUnbindClass WdfVersionBind Exported Functions Expand Sections Expand .text .rdata .data .pdata INIT .reloc Signature Expand {
"Certificates": [
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "33000000433a68189e33902987000000000043",
"Signature": "3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "3d790bd5602e84a4aa8560133ced0a41",
"SHA1": "909e31e3e3808ab55d508fc0ba47e0132a57d7ab",
"SHA256": "ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453",
"SHA384": "c548f472f381df2da149c036e2f47be20293838eb23adce5e1b0ad1ba1fe8c33f688528452146c87dcb26070a2a23ced"
},
"ValidFrom": "2020-12-15 22:25:28",
"ValidTo": "2021-12-02 22:25:28",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "330000000d690d5d7893d076df00000000000d",
"Signature": "96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"TBS": {
"MD5": "83f69422963f11c3c340b81712eef319",
"SHA1": "0c5e5f24590b53bc291e28583acb78e5adc95601",
"SHA256": "d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae",
"SHA384": "260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63"
},
"ValidFrom": "2014-10-15 20:31:27",
"ValidTo": "2029-10-15 20:41:27",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"SerialNumber": "33000000433a68189e33902987000000000043",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates Expand Certificate 611cb28a000000000026 Field Value ToBeSigned (TBS) MD5 983a0c315a50542362f2bd6a5d71c8d0 ToBeSigned (TBS) SHA1 8047f476001f5cb16a661d2a3fd0c3576168f5e2 ToBeSigned (TBS) SHA256 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83 Subject C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA ValidFrom 2011-04-15 19:41:37 ValidTo 2021-04-15 19:51:37 Signature 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 611cb28a000000000026 Version 3
Certificate 0b1e1774fd8f4ea3d7ff1381fb73da92 Field Value ToBeSigned (TBS) MD5 7024d0a6b5e55936a7935914788421d5 ToBeSigned (TBS) SHA1 efab40dd88bfe8550db10f51a4cbcfc9cea76af0 ToBeSigned (TBS) SHA256 4650e6e700bafb42b77d1928f425cc0f94bd24d59bbac383d3cc69a2900258d6 Subject C=CN, ST=Zhejiang, L=Hangzhou, O=Hangzhou Shunwang Technology Co.,Ltd, CN=Hangzhou Shunwang Technology Co.,Ltd ValidFrom 2019-12-27 00:00:00 ValidTo 2022-01-05 12:00:00 Signature 8147595b1b5b5c15cfd34eecc1af73a408dc6afb70b254cbe0654771d89947c98cc92708e61d9c5fdf3b6d13b1047bc00933dce01c24169068f5e02063f15d9ae5ae7c64e5baf373104c34fe57f2ac98410d6fc887fa42e20df6f4cd12f9ffd540eaa9111d6680e174c58f8a5f09b17c8f5b878f329c7c3b335484fb983cb2307a379dcfd4d4d5dac493f7f667491338b2213a761f7fa20376915597d6ae2015d69d43f4711356943cc08c7e5a4b1ce4bf0c69ea30d5154d59b08717b8330495a1e92383a12b96dce692aa2689d20ee3372e73b24049bc9c1d541f2227d4d411ba2f4785943ebb608bcafc8db1ffc1236b52ee833b3ede42535dc2d1710f62de SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 0b1e1774fd8f4ea3d7ff1381fb73da92 Version 3
Certificate 03019a023aff58b16bd6d5eae617f066 Field Value ToBeSigned (TBS) MD5 a752afee44f017e8d74e3f3eb7914ae3 ToBeSigned (TBS) SHA1 8eca80a6b80e9c69dcef7745748524afb8019e2d ToBeSigned (TBS) SHA256 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1 Subject C=US, O=DigiCert, CN=DigiCert Timestamp Responder ValidFrom 2014-10-22 00:00:00 ValidTo 2024-10-22 00:00:00 Signature 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 03019a023aff58b16bd6d5eae617f066 Version 3
Certificate 0fa8490615d700a0be2176fdc5ec6dbd Field Value ToBeSigned (TBS) MD5 a9a31555bbc92b6033975c5428fb3679 ToBeSigned (TBS) SHA1 47f4b9898631773231b32844ec0d49990ac4eb1e ToBeSigned (TBS) SHA256 c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1 Subject C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1 ValidFrom 2011-02-11 12:00:00 ValidTo 2026-02-10 12:00:00 Signature 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 0fa8490615d700a0be2176fdc5ec6dbd Version 3
Certificate 06fdf9039603adea000aeb3f27bbba1b Field Value ToBeSigned (TBS) MD5 4e5ad189638cf52ba9cd881d4d44668c ToBeSigned (TBS) SHA1 cdc115e98d798b33904c820d63cc1e1afc19251d ToBeSigned (TBS) SHA256 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd Subject C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1 ValidFrom 2006-11-10 00:00:00 ValidTo 2021-11-10 00:00:00 Signature 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 06fdf9039603adea000aeb3f27bbba1b Version 3
Imports Expand Imported Functions Expand KeSetEvent KeInitializeEvent ZwCreateFile ExAllocatePool KeGetCurrentThread ZwClose ObReferenceObjectByHandle KeWaitForSingleObject ObfDereferenceObject ZwWriteFile DbgPrint KeInitializeDpc InterlockedPopEntrySList KeQuerySystemTime ZwWaitForSingleObject KeFlushQueuedDpcs PsCreateSystemThread ExSystemTimeToLocalTime _vsnprintf KeInsertQueueDpc RtlTimeToTimeFields PsThreadType PsGetCurrentThreadId InterlockedPushEntrySList PsProcessType PsLookupProcessByProcessId _wcsnicmp PsGetProcessInheritedFromUniqueProcessId ZwOpenProcess RtlInitUnicodeString RtlCopyUnicodeString MmIsAddressValid ZwTerminateProcess ObOpenObjectByPointer PsGetProcessId RtlAppendUnicodeToString ZwQuerySymbolicLinkObject ZwOpenSymbolicLinkObject KeClearEvent IoDeleteSymbolicLink KeResetEvent IoCreateNotificationEvent KeSetPriorityThread IoDeleteDevice KeSetTimerEx PsTerminateSystemThread IofCompleteRequest IoCreateSymbolicLink IoCreateDevice KeInitializeTimerEx KeCancelTimer ExFreePoolWithTag ZwQueryInformationProcess ExAllocatePoolWithTag memcpy _except_handler3 memset _alldiv KeGetCurrentIrql KfReleaseSpinLock KfAcquireSpinLock Exported Functions Expand Sections Expand .text .rdata .data INIT .reloc Signature Expand {
"Certificates": [
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "33000000433a68189e33902987000000000043",
"Signature": "3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "3d790bd5602e84a4aa8560133ced0a41",
"SHA1": "909e31e3e3808ab55d508fc0ba47e0132a57d7ab",
"SHA256": "ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453",
"SHA384": "c548f472f381df2da149c036e2f47be20293838eb23adce5e1b0ad1ba1fe8c33f688528452146c87dcb26070a2a23ced"
},
"ValidFrom": "2020-12-15 22:25:28",
"ValidTo": "2021-12-02 22:25:28",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "330000000d690d5d7893d076df00000000000d",
"Signature": "96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"TBS": {
"MD5": "83f69422963f11c3c340b81712eef319",
"SHA1": "0c5e5f24590b53bc291e28583acb78e5adc95601",
"SHA256": "d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae",
"SHA384": "260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63"
},
"ValidFrom": "2014-10-15 20:31:27",
"ValidTo": "2029-10-15 20:41:27",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"SerialNumber": "33000000433a68189e33902987000000000043",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates Expand Certificate 3300000057ee4d659a923e7c10000000000057 Field Value ToBeSigned (TBS) MD5 fdc11a5676aed4e9cc0c09eeb7450dfb ToBeSigned (TBS) SHA1 4902077d9a05d4231b791d3b05bafa4a79132f03 ToBeSigned (TBS) SHA256 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3 Subject C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher ValidFrom 2022-06-07 18:08:06 ValidTo 2023-06-01 18:08:06 Signature 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322 SignatureAlgorithmOID 1.2.840.113549.1.1.11 IsCertificateAuthority False SerialNumber 3300000057ee4d659a923e7c10000000000057 Version 3
Certificate 330000000d690d5d7893d076df00000000000d Field Value ToBeSigned (TBS) MD5 83f69422963f11c3c340b81712eef319 ToBeSigned (TBS) SHA1 0c5e5f24590b53bc291e28583acb78e5adc95601 ToBeSigned (TBS) SHA256 d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae Subject C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014 ValidFrom 2014-10-15 20:31:27 ValidTo 2029-10-15 20:41:27 Signature 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f SignatureAlgorithmOID 1.2.840.113549.1.1.11 IsCertificateAuthority True SerialNumber 330000000d690d5d7893d076df00000000000d Version 3
Imports Expand Imported Functions Expand RtlInitUnicodeString KeSetEvent KeInitializeEvent ZwCreateFile ExAllocatePool ZwClose ObReferenceObjectByHandle KeWaitForSingleObject ObfDereferenceObject ZwWriteFile DbgPrint InitializeSListHead ExpInterlockedPushEntrySList KeInitializeDpc KeReleaseSpinLock ExpInterlockedPopEntrySList ZwWaitForSingleObject KeFlushQueuedDpcs PsCreateSystemThread ExSystemTimeToLocalTime _vsnprintf KeInsertQueueDpc RtlTimeToTimeFields PsThreadType PsGetCurrentThreadId KeAcquireSpinLockRaiseToDpc PsProcessType PsLookupProcessByProcessId _wcsnicmp ExFreePoolWithTag ZwOpenProcess ZwQueryInformationProcess RtlCopyUnicodeString MmIsAddressValid ZwTerminateProcess ObOpenObjectByPointer PsGetProcessId RtlAppendUnicodeToString ZwQuerySymbolicLinkObject ZwOpenSymbolicLinkObject KeDelayExecutionThread ZwQuerySystemInformation KeBugCheckEx KeClearEvent IoDeleteSymbolicLink KeResetEvent IoCreateNotificationEvent KeSetPriorityThread IoDeleteDevice KeSetTimerEx PsTerminateSystemThread IofCompleteRequest IoCreateSymbolicLink IoCreateDevice KeInitializeTimerEx KeCancelTimer PsGetProcessInheritedFromUniqueProcessId ExAllocatePoolWithTag __C_specific_handler Exported Functions Expand Sections Expand .text .rdata .data .pdata INIT Signature Expand {
"Certificates": [
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "33000000433a68189e33902987000000000043",
"Signature": "3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "3d790bd5602e84a4aa8560133ced0a41",
"SHA1": "909e31e3e3808ab55d508fc0ba47e0132a57d7ab",
"SHA256": "ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453",
"SHA384": "c548f472f381df2da149c036e2f47be20293838eb23adce5e1b0ad1ba1fe8c33f688528452146c87dcb26070a2a23ced"
},
"ValidFrom": "2020-12-15 22:25:28",
"ValidTo": "2021-12-02 22:25:28",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "330000000d690d5d7893d076df00000000000d",
"Signature": "96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"TBS": {
"MD5": "83f69422963f11c3c340b81712eef319",
"SHA1": "0c5e5f24590b53bc291e28583acb78e5adc95601",
"SHA256": "d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae",
"SHA384": "260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63"
},
"ValidFrom": "2014-10-15 20:31:27",
"ValidTo": "2029-10-15 20:41:27",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"SerialNumber": "33000000433a68189e33902987000000000043",
"Version": 1
}
],
"SignerInfo": ""
}
source
last_updated: 2026-05-20
