Description
Bad access controls in Inspect Element Ltd.'s echo_driver.sys allows attacker to gain arbitrary memory read and write, which allows for easy Privilege Escalation via Token Theft.
- UUID: afb8bb46-1d13-407d-9866-1daa7c82ca63
- Created: 2023-07-14
- Author: Protocol & Zach
- Acknowledgement: protocol | @WindowsKernel
Download
This download link contains the vulnerable driver!
Commands
sc.exe create echo_driver.sys binPath=C:\windows\temp\echo_driver.sys type=kernel && sc.exe start echo_driver.sys
| Use Case | Privileges | Operating System |
|---|
| Elevate privileges, arbitrary memory read/write | kernel | Windows 10/11 |
Detections
Sigma 🛡️
Expand
Names
detects loading using name only
Hashes
detects loading using hashes only
Resources
https://ioctl.fail/echo-ac-writeup/https://github.com/kite03/echoac-poc/tree/main/PoChttps://github.com/pseuxide/kurKnown Vulnerable Samples
Download
Certificates
Expand
Certificate 33000000433a68189e33902987000000000043
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 3d790bd5602e84a4aa8560133ced0a41 |
| ToBeSigned (TBS) SHA1 | 909e31e3e3808ab55d508fc0ba47e0132a57d7ab |
| ToBeSigned (TBS) SHA256 | ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2020-12-15 22:25:28 |
| ValidTo | 2021-12-02 22:25:28 |
| Signature | 3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000000433a68189e33902987000000000043 |
| Version | 3 |
Certificate 330000000d690d5d7893d076df00000000000d
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 83f69422963f11c3c340b81712eef319 |
| ToBeSigned (TBS) SHA1 | 0c5e5f24590b53bc291e28583acb78e5adc95601 |
| ToBeSigned (TBS) SHA256 | d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014 |
| ValidFrom | 2014-10-15 20:31:27 |
| ValidTo | 2029-10-15 20:41:27 |
| Signature | 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 330000000d690d5d7893d076df00000000000d |
| Version | 3 |
Imports
Expand
- cng.sys
- ntoskrnl.exe
- WDFLDR.SYS
Imported Functions
Expand
- BCryptVerifySignature
- BCryptCreateHash
- BCryptDestroyKey
- BCryptFinishHash
- BCryptDestroyHash
- BCryptImportKeyPair
- BCryptCloseAlgorithmProvider
- BCryptGetProperty
- BCryptHashData
- BCryptOpenAlgorithmProvider
- IoGetCurrentProcess
- ObRegisterCallbacks
- ObUnRegisterCallbacks
- ObGetFilterVersion
- PsGetProcessId
- PsGetThreadProcessId
- PsProcessType
- PsThreadType
- DbgPrint
- ExAllocatePoolWithTag
- IoDeleteDevice
- ProbeForRead
- ZwCreateFile
- ZwQueryInformationFile
- ZwReadFile
- ZwClose
- SeLocateProcessImageName
- RtlGetVersion
- IofCompleteRequest
- ObReferenceObjectByHandle
- ObfDereferenceObject
- PsLookupProcessByProcessId
- ObOpenObjectByPointer
- ZwQueryVirtualMemory
- MmCopyVirtualMemory
- __C_specific_handler
- ZwOpenProcess
- ZwQuerySystemInformation
- ZwQueryInformationProcess
- IoDeleteSymbolicLink
- RtlCopyUnicodeString
- DbgPrintEx
- IoCreateSymbolicLink
- IoCreateDevice
- RtlInitUnicodeString
- ExFreePoolWithTag
- WdfVersionUnbind
- WdfVersionBindClass
- WdfVersionUnbindClass
- WdfVersionBind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000433a68189e33902987000000000043",
"Signature": "3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "3d790bd5602e84a4aa8560133ced0a41",
"SHA1": "909e31e3e3808ab55d508fc0ba47e0132a57d7ab",
"SHA256": "ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453",
"SHA384": "c548f472f381df2da149c036e2f47be20293838eb23adce5e1b0ad1ba1fe8c33f688528452146c87dcb26070a2a23ced"
},
"ValidFrom": "2020-12-15 22:25:28",
"ValidTo": "2021-12-02 22:25:28",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "330000000d690d5d7893d076df00000000000d",
"Signature": "96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"TBS": {
"MD5": "83f69422963f11c3c340b81712eef319",
"SHA1": "0c5e5f24590b53bc291e28583acb78e5adc95601",
"SHA256": "d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae",
"SHA384": "260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63"
},
"ValidFrom": "2014-10-15 20:31:27",
"ValidTo": "2029-10-15 20:41:27",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"SerialNumber": "33000000433a68189e33902987000000000043",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 330000003a6ae333708fda7a7b00000000003a
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 6f5d716e7151f1c173396adb7213359e |
| ToBeSigned (TBS) SHA1 | 100610baae90027e9844a8e9c4d489fe122ecd9c |
| ToBeSigned (TBS) SHA256 | 677d532777cee24be88442efec75e9640e80ef57d8e1246396459a1a04be733f |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2020-03-11 17:31:14 |
| ValidTo | 2021-03-05 17:31:14 |
| Signature | 7dfc7c353c4c04d9d06066e1ca8584637192eb15d1d6e7c5521b0d819d615fb56524985d30535b0573fb8e0d13173d51b27bd23b9a2052738891d67ed360766452b62c4566eb20c90f018229a8e951bf58df5a7d731c1e51217f471d470979f04e900920bfc8715122b331d82f68f73ebf3de36e09d18fbfed2f3c29190a41baafbca0025bf4e36310a04cb8e61c32fda677820aa693a7f5e69d3c3abdb495b12bb8b6d10f65d44fae945d9b0fcf695d4711fc9e1c0ddb1f569c13093e16c389f748d8fe60e8685f02357464564761db4cece391baa742f3ad3bcfa26e01975966ca41939c832bf1147bec870162ce042fd0cf10d048181ec573d317f2c5de21512f13b24de9bac9bb83fc2ceb4f6f766536fe38c03ede1f8b0a3b8828e8d914d73d0a17699ab20264a27a36e0f77c5144cf470bf44d2296290e345bd25c0bc6a08dd963ec39ce0e500599751c652dc20e9906c1ce76c1d86c09058ae8defb3d7b93b68a34ca83a981a30c2403723f7e5c664b1e951050002ad32e976db221c2d8c660047dc6acfe0da16d44c6372a5cd04b016a35193f841b903ba87e2d6e416a2c59469af9f16e249bb891f21ec22f2db0a84a48d7a9e43d2f7e3bdd016d600f57daf21829885ec035287ab332c32738f5e26c6d2502b2f044afb1e048c85c7c9baf76747de14ecdeca3c7481796a741672a047f89dafe2c12c01982a026c4 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 330000003a6ae333708fda7a7b00000000003a |
| Version | 3 |
Certificate 330000000d690d5d7893d076df00000000000d
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 83f69422963f11c3c340b81712eef319 |
| ToBeSigned (TBS) SHA1 | 0c5e5f24590b53bc291e28583acb78e5adc95601 |
| ToBeSigned (TBS) SHA256 | d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014 |
| ValidFrom | 2014-10-15 20:31:27 |
| ValidTo | 2029-10-15 20:41:27 |
| Signature | 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 330000000d690d5d7893d076df00000000000d |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- PsTerminateSystemThread
- IofCompleteRequest
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- IoGetCurrentProcess
- ObReferenceObjectByHandle
- ObfDereferenceObject
- ObRegisterCallbacks
- ObUnRegisterCallbacks
- ObGetFilterVersion
- PsCreateSystemThread
- ZwClose
- PsSetCreateThreadNotifyRoutine
- PsRemoveCreateThreadNotifyRoutine
- PsGetCurrentProcessId
- PsGetProcessId
- PsGetThreadProcessId
- ZwTerminateProcess
- RtlRandomEx
- PsLookupProcessByProcessId
- ObOpenObjectByPointer
- PsProcessType
- PsThreadType
- KeWaitForSingleObject
- RtlCopyUnicodeString
- KeDelayExecutionThread
- DbgPrintEx
- ZwUnloadDriver
- RtlInitUnicodeString
- WdfVersionUnbind
- WdfVersionBind
- WdfVersionUnbindClass
- WdfVersionBindClass
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000433a68189e33902987000000000043",
"Signature": "3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "3d790bd5602e84a4aa8560133ced0a41",
"SHA1": "909e31e3e3808ab55d508fc0ba47e0132a57d7ab",
"SHA256": "ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453",
"SHA384": "c548f472f381df2da149c036e2f47be20293838eb23adce5e1b0ad1ba1fe8c33f688528452146c87dcb26070a2a23ced"
},
"ValidFrom": "2020-12-15 22:25:28",
"ValidTo": "2021-12-02 22:25:28",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "330000000d690d5d7893d076df00000000000d",
"Signature": "96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"TBS": {
"MD5": "83f69422963f11c3c340b81712eef319",
"SHA1": "0c5e5f24590b53bc291e28583acb78e5adc95601",
"SHA256": "d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae",
"SHA384": "260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63"
},
"ValidFrom": "2014-10-15 20:31:27",
"ValidTo": "2029-10-15 20:41:27",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"SerialNumber": "33000000433a68189e33902987000000000043",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 33000000433a68189e33902987000000000043
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 3d790bd5602e84a4aa8560133ced0a41 |
| ToBeSigned (TBS) SHA1 | 909e31e3e3808ab55d508fc0ba47e0132a57d7ab |
| ToBeSigned (TBS) SHA256 | ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2020-12-15 22:25:28 |
| ValidTo | 2021-12-02 22:25:28 |
| Signature | 3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 33000000433a68189e33902987000000000043 |
| Version | 3 |
Certificate 330000000d690d5d7893d076df00000000000d
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 83f69422963f11c3c340b81712eef319 |
| ToBeSigned (TBS) SHA1 | 0c5e5f24590b53bc291e28583acb78e5adc95601 |
| ToBeSigned (TBS) SHA256 | d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014 |
| ValidFrom | 2014-10-15 20:31:27 |
| ValidTo | 2029-10-15 20:41:27 |
| Signature | 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 330000000d690d5d7893d076df00000000000d |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- BCryptVerifySignature
- BCryptCreateHash
- BCryptDestroyKey
- BCryptFinishHash
- BCryptDestroyHash
- BCryptImportKeyPair
- BCryptCloseAlgorithmProvider
- BCryptGetProperty
- BCryptHashData
- BCryptOpenAlgorithmProvider
- IoGetCurrentProcess
- ObRegisterCallbacks
- ObUnRegisterCallbacks
- ObGetFilterVersion
- PsGetProcessId
- PsGetThreadProcessId
- PsProcessType
- PsThreadType
- DbgPrint
- ExAllocatePoolWithTag
- ExFreePoolWithTag
- ProbeForRead
- ZwCreateFile
- ZwQueryInformationFile
- IoDeleteDevice
- ZwClose
- SeLocateProcessImageName
- RtlGetVersion
- KeIpiGenericCall
- IofCompleteRequest
- ObReferenceObjectByHandle
- ObfDereferenceObject
- ZwOpenKey
- ZwQueryValueKey
- MmCopyMemory
- MmGetVirtualForPhysical
- KeStackAttachProcess
- KeUnstackDetachProcess
- PsLookupProcessByProcessId
- ObOpenObjectByPointer
- ZwQueryVirtualMemory
- MmCopyVirtualMemory
- __C_specific_handler
- ZwOpenProcess
- ZwQuerySystemInformation
- ZwQueryInformationProcess
- IoDeleteSymbolicLink
- RtlCopyUnicodeString
- DbgPrintEx
- IoCreateSymbolicLink
- IoCreateDevice
- RtlInitUnicodeString
- ZwReadFile
- WdfVersionUnbind
- WdfVersionBindClass
- WdfVersionUnbindClass
- WdfVersionBind
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000433a68189e33902987000000000043",
"Signature": "3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "3d790bd5602e84a4aa8560133ced0a41",
"SHA1": "909e31e3e3808ab55d508fc0ba47e0132a57d7ab",
"SHA256": "ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453",
"SHA384": "c548f472f381df2da149c036e2f47be20293838eb23adce5e1b0ad1ba1fe8c33f688528452146c87dcb26070a2a23ced"
},
"ValidFrom": "2020-12-15 22:25:28",
"ValidTo": "2021-12-02 22:25:28",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "330000000d690d5d7893d076df00000000000d",
"Signature": "96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"TBS": {
"MD5": "83f69422963f11c3c340b81712eef319",
"SHA1": "0c5e5f24590b53bc291e28583acb78e5adc95601",
"SHA256": "d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae",
"SHA384": "260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63"
},
"ValidFrom": "2014-10-15 20:31:27",
"ValidTo": "2029-10-15 20:41:27",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"SerialNumber": "33000000433a68189e33902987000000000043",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 611cb28a000000000026
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 983a0c315a50542362f2bd6a5d71c8d0 |
| ToBeSigned (TBS) SHA1 | 8047f476001f5cb16a661d2a3fd0c3576168f5e2 |
| ToBeSigned (TBS) SHA256 | 5f6a519ed2e35cd0fa1cdfc90f4387162c36287bbf9e4d6648251d99542a9e83 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA |
| ValidFrom | 2011-04-15 19:41:37 |
| ValidTo | 2021-04-15 19:51:37 |
| Signature | 5cf5b22d02ceed01b53512d813f7aa4014c7a15ca08a55ed7e55ea6ac457176fd04722423658efc5ac61c5f62c52ce6ae6c80d85dab334420ea40225182672b92a4ea57e4b16f2a0e40c449ce24d9af474f0f927a6699031c244654348c74869d0fc8409f286140ac22996857f11eb8713176ed3ec6bff1d578ab17b1ea5a07ce9a27a68e5fac6b161d67263fa379163835599f81d614f0c6fa3f7bcb1152acc8d85e31417ef7e49443fb022c0f0acbe2fdbe10c86b0f4585c5a10a94bcdf3448a4652083e0a6210e9459504b78b8d4b074f500db7bbe7fb8ca27878c6c53b7663b2cfe521845a66fce04c79834ecfa8ee700586587cc29cd73ca3ad3c7e76625c87d0ed7cd5c55b1421f4be75a275d2e9e15ad020307841624d6b5e6e1b1710244ad8588775d015d762bbfd185665842561977faad49df4f35d6da031c2e19e02ac3e90c3327ee832903416d08b14cf95accee58c54a265b8bfed186a57073ed3e79a4a2f081a041c49871a8ae61b08a365d81c31c50d9cbab368ddf45076160675fec403e7d13edfdc862e10027e661296534e7af3365879b12042d8963f35be3f8ef2999743f5e40ce13c68728c8d49d75a52b573fb7a35943a61b08482c04885c19732d39b725fa0d2348f7ef0467cf28c7294c707b0d7b5b230b81965f09c8327b0a0abd0a2727e050fb3aeddb95b9b42bcc32663456b86f11d4643edc8 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611cb28a000000000026 |
| Version | 3 |
Certificate 0b1e1774fd8f4ea3d7ff1381fb73da92
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 7024d0a6b5e55936a7935914788421d5 |
| ToBeSigned (TBS) SHA1 | efab40dd88bfe8550db10f51a4cbcfc9cea76af0 |
| ToBeSigned (TBS) SHA256 | 4650e6e700bafb42b77d1928f425cc0f94bd24d59bbac383d3cc69a2900258d6 |
| Subject | C=CN, ST=Zhejiang, L=Hangzhou, O=Hangzhou Shunwang Technology Co.,Ltd, CN=Hangzhou Shunwang Technology Co.,Ltd |
| ValidFrom | 2019-12-27 00:00:00 |
| ValidTo | 2022-01-05 12:00:00 |
| Signature | 8147595b1b5b5c15cfd34eecc1af73a408dc6afb70b254cbe0654771d89947c98cc92708e61d9c5fdf3b6d13b1047bc00933dce01c24169068f5e02063f15d9ae5ae7c64e5baf373104c34fe57f2ac98410d6fc887fa42e20df6f4cd12f9ffd540eaa9111d6680e174c58f8a5f09b17c8f5b878f329c7c3b335484fb983cb2307a379dcfd4d4d5dac493f7f667491338b2213a761f7fa20376915597d6ae2015d69d43f4711356943cc08c7e5a4b1ce4bf0c69ea30d5154d59b08717b8330495a1e92383a12b96dce692aa2689d20ee3372e73b24049bc9c1d541f2227d4d411ba2f4785943ebb608bcafc8db1ffc1236b52ee833b3ede42535dc2d1710f62de |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0b1e1774fd8f4ea3d7ff1381fb73da92 |
| Version | 3 |
Certificate 03019a023aff58b16bd6d5eae617f066
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a752afee44f017e8d74e3f3eb7914ae3 |
| ToBeSigned (TBS) SHA1 | 8eca80a6b80e9c69dcef7745748524afb8019e2d |
| ToBeSigned (TBS) SHA256 | 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1 |
| Subject | C=US, O=DigiCert, CN=DigiCert Timestamp Responder |
| ValidFrom | 2014-10-22 00:00:00 |
| ValidTo | 2024-10-22 00:00:00 |
| Signature | 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 03019a023aff58b16bd6d5eae617f066 |
| Version | 3 |
Certificate 0fa8490615d700a0be2176fdc5ec6dbd
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a9a31555bbc92b6033975c5428fb3679 |
| ToBeSigned (TBS) SHA1 | 47f4b9898631773231b32844ec0d49990ac4eb1e |
| ToBeSigned (TBS) SHA256 | c826846e4b1d73edb7561ab1b41c949354e237a91e82fe1be5b7e2e1701f52d1 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Code Signing CA,1 |
| ValidFrom | 2011-02-11 12:00:00 |
| ValidTo | 2026-02-10 12:00:00 |
| Signature | 7b721d64ff88c83ac1b7e9e7a9c487bbdb9492d7905933fa2b87dea85b80253f138f9b831b7c43c4e68cdf393ec315ecb0da3b21257b24c1725db84791811346fa9c3f6a5138deb425cbf0abdfc528015479104624d1380f26a161904dbabd28e63ff1c4aa9bf6da35534fc9f23dd36cdc23edaaa04d6709f33a803d3cfb364c90e776a4ddf23abf56352fa24c65e8e0d4dad1c7c8916a2d234f373b199418d4d59c103cd5b11c19ff8fc86b9b9ef8ae9c999678d1cd9c51155b4226725a8d0a4a239240e886de22c2933ad49b68a6df297f06b93c0ebd9fc4869c82474271328609997209794b9d7169f541ff7f397764f1848dbe8b1eb27d68a3a590b10cff |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 0fa8490615d700a0be2176fdc5ec6dbd |
| Version | 3 |
Certificate 06fdf9039603adea000aeb3f27bbba1b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 4e5ad189638cf52ba9cd881d4d44668c |
| ToBeSigned (TBS) SHA1 | cdc115e98d798b33904c820d63cc1e1afc19251d |
| ToBeSigned (TBS) SHA256 | 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1 |
| ValidFrom | 2006-11-10 00:00:00 |
| ValidTo | 2021-11-10 00:00:00 |
| Signature | 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 06fdf9039603adea000aeb3f27bbba1b |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- KeSetEvent
- KeInitializeEvent
- ZwCreateFile
- ExAllocatePool
- KeGetCurrentThread
- ZwClose
- ObReferenceObjectByHandle
- KeWaitForSingleObject
- ObfDereferenceObject
- ZwWriteFile
- DbgPrint
- KeInitializeDpc
- InterlockedPopEntrySList
- KeQuerySystemTime
- ZwWaitForSingleObject
- KeFlushQueuedDpcs
- PsCreateSystemThread
- ExSystemTimeToLocalTime
- _vsnprintf
- KeInsertQueueDpc
- RtlTimeToTimeFields
- PsThreadType
- PsGetCurrentThreadId
- InterlockedPushEntrySList
- PsProcessType
- PsLookupProcessByProcessId
- _wcsnicmp
- PsGetProcessInheritedFromUniqueProcessId
- ZwOpenProcess
- RtlInitUnicodeString
- RtlCopyUnicodeString
- MmIsAddressValid
- ZwTerminateProcess
- ObOpenObjectByPointer
- PsGetProcessId
- RtlAppendUnicodeToString
- ZwQuerySymbolicLinkObject
- ZwOpenSymbolicLinkObject
- KeClearEvent
- IoDeleteSymbolicLink
- KeResetEvent
- IoCreateNotificationEvent
- KeSetPriorityThread
- IoDeleteDevice
- KeSetTimerEx
- PsTerminateSystemThread
- IofCompleteRequest
- IoCreateSymbolicLink
- IoCreateDevice
- KeInitializeTimerEx
- KeCancelTimer
- ExFreePoolWithTag
- ZwQueryInformationProcess
- ExAllocatePoolWithTag
- memcpy
- _except_handler3
- memset
- _alldiv
- KeGetCurrentIrql
- KfReleaseSpinLock
- KfAcquireSpinLock
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- INIT
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000433a68189e33902987000000000043",
"Signature": "3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "3d790bd5602e84a4aa8560133ced0a41",
"SHA1": "909e31e3e3808ab55d508fc0ba47e0132a57d7ab",
"SHA256": "ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453",
"SHA384": "c548f472f381df2da149c036e2f47be20293838eb23adce5e1b0ad1ba1fe8c33f688528452146c87dcb26070a2a23ced"
},
"ValidFrom": "2020-12-15 22:25:28",
"ValidTo": "2021-12-02 22:25:28",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "330000000d690d5d7893d076df00000000000d",
"Signature": "96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"TBS": {
"MD5": "83f69422963f11c3c340b81712eef319",
"SHA1": "0c5e5f24590b53bc291e28583acb78e5adc95601",
"SHA256": "d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae",
"SHA384": "260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63"
},
"ValidFrom": "2014-10-15 20:31:27",
"ValidTo": "2029-10-15 20:41:27",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"SerialNumber": "33000000433a68189e33902987000000000043",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 3300000057ee4d659a923e7c10000000000057
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | fdc11a5676aed4e9cc0c09eeb7450dfb |
| ToBeSigned (TBS) SHA1 | 4902077d9a05d4231b791d3b05bafa4a79132f03 |
| ToBeSigned (TBS) SHA256 | 5db56c23d83bf67c7152e28ad4a684a7372b4ae4f52afe7a81ce91eef94caec3 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2022-06-07 18:08:06 |
| ValidTo | 2023-06-01 18:08:06 |
| Signature | 0a835e40cdb627d4f0a0d3dbbf64a46a05c132d0b5df9d11cd9c195d7037737057d57a342732ae68d67de47f460e7211c7c40dc29b0a079caff871c4834a9a2fc85e759de9b78659ad6fd79b7320e538e9ba5d52227ad67cc00b0a770ef662af3d743a558643ad89cfb015591709a69b6271a9b65db71898e7cb9964c6376dc474898301a6133198b486b518fdd9d7b9723dcffc441e026833f7c72e27986026c97b9184a0048b10d1fe6847ae467f02173f7a69120be780e5b6b9e6399402cc58735a31b537cc33578fbea443135a4a612359150bcf9ab316f6a9248bc71ef3f3480b9b3fa2341692bc3a121d80214688f7bd87d5ec56dcbd0ea61abf2c7ed2b739a07590adb596d401735d955f5f94c591d69ab4363a42f9fca549d439495711ff7990448c03724792ed4acf31f2b35b136c1b2f37aa82b1aabf7daf059dcb2e976e95311ec6e9cc53876dd09632cf512d39c801849a7c1088a565691953e07c7ff17b22518e982dd2dcc0feda8c834ca1f5e247aef1c3af5f13cd4b8cc1b6c0179bc876db88d677047c34366533e349796dbdea86389ad640710b7742ae8cc4ec88f10fa80ede4b1c93f81b55480fc8228216d54813df0327e74b3db9f3512a40c0568e4215827f9b7a2613deea72a7ec4df2def05e5559015049fe83edc83300526045cb128119e131b7d3573b268e24b0a25b9ad59f6301c8fc8f409322 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 3300000057ee4d659a923e7c10000000000057 |
| Version | 3 |
Certificate 330000000d690d5d7893d076df00000000000d
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 83f69422963f11c3c340b81712eef319 |
| ToBeSigned (TBS) SHA1 | 0c5e5f24590b53bc291e28583acb78e5adc95601 |
| ToBeSigned (TBS) SHA256 | d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014 |
| ValidFrom | 2014-10-15 20:31:27 |
| ValidTo | 2029-10-15 20:41:27 |
| Signature | 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 330000000d690d5d7893d076df00000000000d |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- RtlInitUnicodeString
- KeSetEvent
- KeInitializeEvent
- ZwCreateFile
- ExAllocatePool
- ZwClose
- ObReferenceObjectByHandle
- KeWaitForSingleObject
- ObfDereferenceObject
- ZwWriteFile
- DbgPrint
- InitializeSListHead
- ExpInterlockedPushEntrySList
- KeInitializeDpc
- KeReleaseSpinLock
- ExpInterlockedPopEntrySList
- ZwWaitForSingleObject
- KeFlushQueuedDpcs
- PsCreateSystemThread
- ExSystemTimeToLocalTime
- _vsnprintf
- KeInsertQueueDpc
- RtlTimeToTimeFields
- PsThreadType
- PsGetCurrentThreadId
- KeAcquireSpinLockRaiseToDpc
- PsProcessType
- PsLookupProcessByProcessId
- _wcsnicmp
- ExFreePoolWithTag
- ZwOpenProcess
- ZwQueryInformationProcess
- RtlCopyUnicodeString
- MmIsAddressValid
- ZwTerminateProcess
- ObOpenObjectByPointer
- PsGetProcessId
- RtlAppendUnicodeToString
- ZwQuerySymbolicLinkObject
- ZwOpenSymbolicLinkObject
- KeDelayExecutionThread
- ZwQuerySystemInformation
- KeBugCheckEx
- KeClearEvent
- IoDeleteSymbolicLink
- KeResetEvent
- IoCreateNotificationEvent
- KeSetPriorityThread
- IoDeleteDevice
- KeSetTimerEx
- PsTerminateSystemThread
- IofCompleteRequest
- IoCreateSymbolicLink
- IoCreateDevice
- KeInitializeTimerEx
- KeCancelTimer
- PsGetProcessInheritedFromUniqueProcessId
- ExAllocatePoolWithTag
- __C_specific_handler
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "33000000433a68189e33902987000000000043",
"Signature": "3a8e15af3660c47a1def4303906af38b6ca69186409b4f44ebe8106ece701f6e00e734fe1d0bb290d1496c3f17859e1f9ff1f31080dd8bfd2bb5013956c2f49ffe73916654f04c35b9df2fb27c55a71df3d8e1f25185d398abed244b42e27741c0b1c953c139c011b801f00e80ea992005a1305dd65bcb2032790b0d87636b75d2fb8f431546cd906ab0a55083a26d2649d822871b6aacd1b4d8c74ea2366903eeb318e7826db64e3a858d6377cf2f9a628f21d6ef65279603c18d25d365dd370cef1a45527deec589a331a221c909a8b0d2010d078970678c648d62168056e3b775233eac20e50cc039a85900749f627a419e8959fcf21efc89da76426107e43261ccdcaebad659b89abfdd5d1a78e9d438868b9ff58cac5176bddff8c8dd11008ed72ed249bb7d78af559b04561e6b44aae7846b103d2db8c0e31a5f661851f97acba0757b474c1caa49cf8eed86de15a4118743a418b6b415e7770265801ba51061b5d32125ed5ba1e27fe83ac795f9cc868949b14d59eb4f596763da9102f9e6ae8fe92de61d68af67a906e0be424f5c81dcecd4d190953a66384c3b5fe33f7b402a0934c2befd4a51b2f2850ef05e156fc4e1460eab2f67e3cbc999db761f57970ccafbc49040e999965f5306c1f5c90ce172d889a3aa63ec502a60020b2a7b4fff562b9dc5c50a8e06bc52f04ff0fe535591e2e6b7325239666152819a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "3d790bd5602e84a4aa8560133ced0a41",
"SHA1": "909e31e3e3808ab55d508fc0ba47e0132a57d7ab",
"SHA256": "ac1acbcba260f10270527c3762457c1b96818466df9da51dfec3b147c90db453",
"SHA384": "c548f472f381df2da149c036e2f47be20293838eb23adce5e1b0ad1ba1fe8c33f688528452146c87dcb26070a2a23ced"
},
"ValidFrom": "2020-12-15 22:25:28",
"ValidTo": "2021-12-02 22:25:28",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "330000000d690d5d7893d076df00000000000d",
"Signature": "96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"TBS": {
"MD5": "83f69422963f11c3c340b81712eef319",
"SHA1": "0c5e5f24590b53bc291e28583acb78e5adc95601",
"SHA256": "d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae",
"SHA384": "260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63"
},
"ValidFrom": "2014-10-15 20:31:27",
"ValidTo": "2029-10-15 20:41:27",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"SerialNumber": "33000000433a68189e33902987000000000043",
"Version": 1
}
],
"SignerInfo": ""
}
source
last_updated: 2024-04-09
