TfSysMon.sys
We were not able to verify the hash of this driver successfully, it has not been confirmed.
Description
TfSysMon.sys is a vulnerable driver and more information will be added as found.
- UUID: bd9f084e-b235-4978-bf2a-5f1dc02937df
- Created: 2024-08-15
- Author: rahulwt
Download
This download link contains the vulnerable driver!
Block TfSysMon.sys across your endpoints
Add this driver to your block policy in minutes with MagicSword, threat-driven application control. Free for up to 100 endpoints.
Start Blocking for FreeCommands
sc.exe create TfSysMon.sys binPath=C:\windows\temp\TfSysMon.sys type=kernel && sc.exe start TfSysMon.sys
| Use Case | Privileges | Operating System |
|---|
| Elevate privileges | kernel | Windows 10 |
Detections
Sigma 🛡️
Expand
Names
detects loading using name only
Hashes
detects loading using hashes only
Resources
https://github.com/BlackSnufkin/BYOVD/tree/main/TfSysMon-KillerKnown Vulnerable Samples
Download
Certificates
Expand
Certificate 3825d7faf861af9ef490e726b5d65ad5
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | d6c7684e9aaa508cf268335f83afe040 |
| ToBeSigned (TBS) SHA1 | 18066d20ad92409c567cdfde745279ff71c75226 |
| ToBeSigned (TBS) SHA256 | a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff |
| Subject | C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2 |
| ValidFrom | 2007-06-15 00:00:00 |
| ValidTo | 2012-06-14 23:59:59 |
| Signature | 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 3825d7faf861af9ef490e726b5d65ad5 |
| Version | 3 |
Certificate 47bf1995df8d524643f7db6d480d31a4
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 518d2ea8a21e879c942d504824ac211c |
| ToBeSigned (TBS) SHA1 | 21ce87d827077e61abddf2beba69fde5432ea031 |
| ToBeSigned (TBS) SHA256 | 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7 |
| Subject | C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA |
| ValidFrom | 2003-12-04 00:00:00 |
| ValidTo | 2013-12-03 23:59:59 |
| Signature | 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 47bf1995df8d524643f7db6d480d31a4 |
| Version | 3 |
Certificate 4191a15a3978dfcf496566381d4c75c2
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 41011f8d0e7c7a6408334ca387914c61 |
| ToBeSigned (TBS) SHA1 | c7fc1727f5b75a6421a1f95c73bbdb23580c48e5 |
| ToBeSigned (TBS) SHA256 | 88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0 |
| Subject | C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA |
| ValidFrom | 2004-07-16 00:00:00 |
| ValidTo | 2014-07-15 23:59:59 |
| Signature | ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 4191a15a3978dfcf496566381d4c75c2 |
| Version | 3 |
Certificate 3942fe1de9b44298ffbec71ba408f092
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 9fd69d78f600dc8a17faa7b89a9ca51d |
| ToBeSigned (TBS) SHA1 | f086710273cc2bd48d97f3bd8be55cdd80042d9d |
| ToBeSigned (TBS) SHA256 | ed120b5be5d481a5ea7e3d8ae546185f6d5c9262a827b49faebcb3f0edfaeede |
| Subject | C=AU, ST=New South Wales, L=North Sydney, O=PC Tools, OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=PC Tools |
| ValidFrom | 2008-07-18 00:00:00 |
| ValidTo | 2011-08-06 23:59:59 |
| Signature | 247f30abadfba4d717be28260bc929394b837b4940a81c250cba8415892271ea306bc6c741112227dc8afd0419b93220a342d20987a085564886139a5f6ebf3f0b7c4a599e6419c5f9de6d58ff3fa620b4987e60d29a277d9d4a38cc7ed64487f94033bad2a92c49aa814b533332d9dae2e6f142f52163f407a43fd6a6ee0351fc40f0c1969584b0ed9aedfda8477b14febbccdcbd0d65645bc0cbf0b34a6cb52e7d6b9ca739d46b986d9e38bfced59b4fa952c916d67a0be9d6157e3d1f3f4023e64d4da93102eab9cfe63d2fc860501a60c8e786e9d446e9545b06178026b8390a3aae5e0d681499b468d6cb9b44afa0b5597dcb6ca920cfb01bae21208c7a |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 3942fe1de9b44298ffbec71ba408f092 |
| Version | 3 |
Certificate 610c120600000000001b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 53c41bc1164e09e0cd1617a5bf913efd |
| ToBeSigned (TBS) SHA1 | 93c03aac8951d494ecd5696b1c08658541b18727 |
| ToBeSigned (TBS) SHA256 | 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b |
| Subject | C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority |
| ValidFrom | 2006-05-23 17:01:29 |
| ValidTo | 2016-05-23 17:11:29 |
| Signature | 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 610c120600000000001b |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ExAllocatePoolWithTag
- ExFreePoolWithTag
- PsLookupProcessByProcessId
- RtlDowncaseUnicodeString
- RtlInitUnicodeString
- KeSetEvent
- MmGetSystemRoutineAddress
- KeInitializeEvent
- ZwQuerySystemInformation
- KeReleaseSpinLock
- KeUnstackDetachProcess
- KeInitializeTimer
- PsCreateSystemThread
- DbgBreakPoint
- ZwQueryValueKey
- ExAllocatePool
- ExInterlockedInsertTailList
- PsTerminateSystemThread
- KeQueryTimeIncrement
- ZwClose
- ObReferenceObjectByHandle
- KeWaitForSingleObject
- KeSetTimer
- PsGetVersion
- ExInterlockedRemoveHeadList
- ZwQueryInformationProcess
- PsGetCurrentProcessId
- ObfDereferenceObject
- KeCancelTimer
- ZwQueryInformationFile
- KeWaitForMultipleObjects
- RtlUpcaseUnicodeChar
- ObOpenObjectByPointer
- KeStackAttachProcess
- PsLookupThreadByThreadId
- ZwAllocateVirtualMemory
- ZwOpenKey
- KeAcquireSpinLockRaiseToDpc
- ExReleaseFastMutex
- RtlAnsiStringToUnicodeString
- ExAcquireFastMutex
- PsSetLoadImageNotifyRoutine
- IoFreeWorkItem
- RtlInitAnsiString
- PsSetCreateThreadNotifyRoutine
- RtlUnicodeStringToAnsiString
- PsSetCreateProcessNotifyRoutine
- RtlEqualUnicodeString
- RtlFreeUnicodeString
- IoAllocateWorkItem
- ZwOpenProcess
- RtlCompareMemory
- FsRtlDissectName
- PsGetCurrentThreadId
- IoQueueWorkItem
- ExAcquireResourceExclusiveLite
- KeLeaveCriticalRegion
- RtlAppendUnicodeToString
- ZwDeleteValueKey
- ZwSetValueKey
- RtlDeleteNoSplay
- KeEnterCriticalRegion
- ObQueryNameString
- ExReleaseResourceLite
- ZwEnumerateValueKey
- RtlAppendUnicodeStringToString
- RtlCompareUnicodeString
- RtlCopyUnicodeString
- ExInitializeResourceLite
- ZwDeleteKey
- RtlSplay
- ZwEnumerateKey
- ZwQueryKey
- IoBuildDeviceIoControlRequest
- IoDeleteDevice
- IoGetDeviceObjectPointer
- InitSafeBootMode
- IofCompleteRequest
- IoGetRequestorProcessId
- IoCreateSymbolicLink
- MmIsAddressValid
- IoCreateDevice
- ZwTerminateProcess
- IofCallDriver
- ZwOpenThread
- RtlDeleteElementGenericTableAvl
- RtlInsertElementGenericTableAvl
- ZwReadFile
- RtlGetElementGenericTableAvl
- IoCreateFile
- RtlIsGenericTableEmptyAvl
- ExAcquireResourceSharedLite
- RtlInitializeGenericTableAvl
- RtlUnicodeStringToInteger
- RtlLookupElementGenericTableAvl
- RtlEnumerateGenericTableWithoutSplayingAvl
- KeBugCheckEx
- __C_specific_handler
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "3825d7faf861af9ef490e726b5d65ad5",
"Signature": "50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2",
"TBS": {
"MD5": "d6c7684e9aaa508cf268335f83afe040",
"SHA1": "18066d20ad92409c567cdfde745279ff71c75226",
"SHA256": "a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff",
"SHA384": "35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7"
},
"ValidFrom": "2007-06-15 00:00:00",
"ValidTo": "2012-06-14 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "47bf1995df8d524643f7db6d480d31a4",
"Signature": "4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA",
"TBS": {
"MD5": "518d2ea8a21e879c942d504824ac211c",
"SHA1": "21ce87d827077e61abddf2beba69fde5432ea031",
"SHA256": "1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7",
"SHA384": "53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f"
},
"ValidFrom": "2003-12-04 00:00:00",
"ValidTo": "2013-12-03 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "4191a15a3978dfcf496566381d4c75c2",
"Signature": "ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA",
"TBS": {
"MD5": "41011f8d0e7c7a6408334ca387914c61",
"SHA1": "c7fc1727f5b75a6421a1f95c73bbdb23580c48e5",
"SHA256": "88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0",
"SHA384": "a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459"
},
"ValidFrom": "2004-07-16 00:00:00",
"ValidTo": "2014-07-15 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "3942fe1de9b44298ffbec71ba408f092",
"Signature": "247f30abadfba4d717be28260bc929394b837b4940a81c250cba8415892271ea306bc6c741112227dc8afd0419b93220a342d20987a085564886139a5f6ebf3f0b7c4a599e6419c5f9de6d58ff3fa620b4987e60d29a277d9d4a38cc7ed64487f94033bad2a92c49aa814b533332d9dae2e6f142f52163f407a43fd6a6ee0351fc40f0c1969584b0ed9aedfda8477b14febbccdcbd0d65645bc0cbf0b34a6cb52e7d6b9ca739d46b986d9e38bfced59b4fa952c916d67a0be9d6157e3d1f3f4023e64d4da93102eab9cfe63d2fc860501a60c8e786e9d446e9545b06178026b8390a3aae5e0d681499b468d6cb9b44afa0b5597dcb6ca920cfb01bae21208c7a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=AU, ST=New South Wales, L=North Sydney, O=PC Tools, OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=PC Tools",
"TBS": {
"MD5": "9fd69d78f600dc8a17faa7b89a9ca51d",
"SHA1": "f086710273cc2bd48d97f3bd8be55cdd80042d9d",
"SHA256": "ed120b5be5d481a5ea7e3d8ae546185f6d5c9262a827b49faebcb3f0edfaeede",
"SHA384": "be5320882ee52f54c3797d7b6dc4ac5cb812543ce52fae65c1939ecd4aad8c5715dbd1fe2ecdf00d2e86cc04fb840b8b"
},
"ValidFrom": "2008-07-18 00:00:00",
"ValidTo": "2011-08-06 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610c120600000000001b",
"Signature": "01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority",
"TBS": {
"MD5": "53c41bc1164e09e0cd1617a5bf913efd",
"SHA1": "93c03aac8951d494ecd5696b1c08658541b18727",
"SHA256": "40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b",
"SHA384": "f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8"
},
"ValidFrom": "2006-05-23 17:01:29",
"ValidTo": "2016-05-23 17:11:29",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA",
"SerialNumber": "3942fe1de9b44298ffbec71ba408f092",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 330000006e1229856f0ade6cfc00000000006e
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 3066a9830894e57ce6e47f7a6b58b84f |
| ToBeSigned (TBS) SHA1 | ce441ecd2f11e400515a85d5a592da38f950f3dc |
| ToBeSigned (TBS) SHA256 | 3e30a731a3b620db0971ecd743ecd312bcdf14c82b9bdc9918102bacbf70520d |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2024-10-10 19:04:53 |
| ValidTo | 2025-10-08 19:04:53 |
| Signature | 3870e583035a72db64856d80e17833cd3badd24f19abf9a3d7c7485743dd875f69102820df4992d74f8fba0529be4e16f4234910064a3a1863299a29b82d3fac869915a368ec0e5d0127282221bce84db444d2e9974dc2761a2080a7bc7508d7064f32b2d97b0263d0d937527a8af95f18bcb54ec21a453ba35e55869791416a2a8813fcf95e889e65158dbb5b4cba653c989179947d286051ef6b0d56f41da479db08c6b93c44fa5c8399e126594cc53dfa756180607a1dd29559061d828b0ce2c5a462245ed0995a196ad96223b6eb1a787b4d10b5a7d4e3a130750103bc9c713fc8f32015273bb238b15aae25e4765d7ab81c5d3df82ef6a7d3c2e7a61dab024ff02df6876a86ec7198aa6e28c8e69a015129a717b1036113911f0aeefa8d05081974d026196f24bc1e4ef942599fafbd1b2c316bda73237f1822296888df2344c92b08c363976beb7020242b3069e6691f19e715e1d1a19ddc03235263c9bb7b8390145af57603105ced358f394547e3be96718835917234eb7fd7134d9fb605656717ed6b15f0583068c84c6c01abf31cc1df1fe7c4d2935590e6017cf8cc5635e1cd7054240fd0059f168e90ec1a49f24e0f050034d99e4aa6599a64d280d00ea8af57d3125caddb342a0b2c160a2f95d97e6045e69dc1c1b3fa56dfd40380ce60536a59750edf0069dc7c27f8ccc8f073b46d169b8fed1fd40ac6f00c |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 330000006e1229856f0ade6cfc00000000006e |
| Version | 3 |
Certificate 330000000d690d5d7893d076df00000000000d
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 83f69422963f11c3c340b81712eef319 |
| ToBeSigned (TBS) SHA1 | 0c5e5f24590b53bc291e28583acb78e5adc95601 |
| ToBeSigned (TBS) SHA256 | d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014 |
| ValidFrom | 2014-10-15 20:31:27 |
| ValidTo | 2029-10-15 20:41:27 |
| Signature | 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 330000000d690d5d7893d076df00000000000d |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ExAllocatePoolWithTag
- ExFreePoolWithTag
- PsLookupProcessByProcessId
- RtlDowncaseUnicodeString
- RtlInitUnicodeString
- KeSetEvent
- MmGetSystemRoutineAddress
- KeInitializeEvent
- ZwQuerySystemInformation
- KeReleaseSpinLock
- KeUnstackDetachProcess
- KeInitializeTimer
- PsCreateSystemThread
- DbgBreakPoint
- ZwQueryValueKey
- ExAllocatePool
- ExInterlockedInsertTailList
- PsTerminateSystemThread
- KeQueryTimeIncrement
- ZwClose
- ObReferenceObjectByHandle
- KeWaitForSingleObject
- KeSetTimer
- PsGetVersion
- ExInterlockedRemoveHeadList
- ZwQueryInformationProcess
- PsGetCurrentProcessId
- ObfDereferenceObject
- KeCancelTimer
- ZwQueryInformationFile
- KeWaitForMultipleObjects
- RtlUpcaseUnicodeChar
- ObOpenObjectByPointer
- KeStackAttachProcess
- PsLookupThreadByThreadId
- ZwAllocateVirtualMemory
- ZwOpenKey
- KeAcquireSpinLockRaiseToDpc
- ExReleaseFastMutex
- RtlAnsiStringToUnicodeString
- ExAcquireFastMutex
- PsSetLoadImageNotifyRoutine
- IoFreeWorkItem
- RtlInitAnsiString
- PsSetCreateThreadNotifyRoutine
- RtlUnicodeStringToAnsiString
- PsSetCreateProcessNotifyRoutine
- RtlEqualUnicodeString
- RtlFreeUnicodeString
- IoAllocateWorkItem
- ZwOpenProcess
- RtlCompareMemory
- FsRtlDissectName
- PsGetCurrentThreadId
- IoQueueWorkItem
- ExAcquireResourceExclusiveLite
- KeLeaveCriticalRegion
- RtlAppendUnicodeToString
- ZwDeleteValueKey
- ZwSetValueKey
- RtlDeleteNoSplay
- KeEnterCriticalRegion
- ObQueryNameString
- ExReleaseResourceLite
- ZwEnumerateValueKey
- RtlAppendUnicodeStringToString
- RtlCompareUnicodeString
- RtlCopyUnicodeString
- ExInitializeResourceLite
- ZwDeleteKey
- RtlSplay
- ZwEnumerateKey
- ZwQueryKey
- IoBuildDeviceIoControlRequest
- IoDeleteDevice
- IoGetDeviceObjectPointer
- InitSafeBootMode
- IofCompleteRequest
- IoGetRequestorProcessId
- IoCreateSymbolicLink
- MmIsAddressValid
- IoCreateDevice
- ZwTerminateProcess
- IofCallDriver
- ZwOpenThread
- RtlDeleteElementGenericTableAvl
- RtlInsertElementGenericTableAvl
- ZwReadFile
- RtlGetElementGenericTableAvl
- IoCreateFile
- RtlIsGenericTableEmptyAvl
- ExAcquireResourceSharedLite
- RtlInitializeGenericTableAvl
- RtlUnicodeStringToInteger
- RtlLookupElementGenericTableAvl
- RtlEnumerateGenericTableWithoutSplayingAvl
- KeBugCheckEx
- __C_specific_handler
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": false,
"SerialNumber": "3825d7faf861af9ef490e726b5d65ad5",
"Signature": "50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2",
"TBS": {
"MD5": "d6c7684e9aaa508cf268335f83afe040",
"SHA1": "18066d20ad92409c567cdfde745279ff71c75226",
"SHA256": "a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff",
"SHA384": "35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7"
},
"ValidFrom": "2007-06-15 00:00:00",
"ValidTo": "2012-06-14 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "47bf1995df8d524643f7db6d480d31a4",
"Signature": "4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA",
"TBS": {
"MD5": "518d2ea8a21e879c942d504824ac211c",
"SHA1": "21ce87d827077e61abddf2beba69fde5432ea031",
"SHA256": "1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7",
"SHA384": "53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f"
},
"ValidFrom": "2003-12-04 00:00:00",
"ValidTo": "2013-12-03 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "4191a15a3978dfcf496566381d4c75c2",
"Signature": "ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA",
"TBS": {
"MD5": "41011f8d0e7c7a6408334ca387914c61",
"SHA1": "c7fc1727f5b75a6421a1f95c73bbdb23580c48e5",
"SHA256": "88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0",
"SHA384": "a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459"
},
"ValidFrom": "2004-07-16 00:00:00",
"ValidTo": "2014-07-15 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "3942fe1de9b44298ffbec71ba408f092",
"Signature": "247f30abadfba4d717be28260bc929394b837b4940a81c250cba8415892271ea306bc6c741112227dc8afd0419b93220a342d20987a085564886139a5f6ebf3f0b7c4a599e6419c5f9de6d58ff3fa620b4987e60d29a277d9d4a38cc7ed64487f94033bad2a92c49aa814b533332d9dae2e6f142f52163f407a43fd6a6ee0351fc40f0c1969584b0ed9aedfda8477b14febbccdcbd0d65645bc0cbf0b34a6cb52e7d6b9ca739d46b986d9e38bfced59b4fa952c916d67a0be9d6157e3d1f3f4023e64d4da93102eab9cfe63d2fc860501a60c8e786e9d446e9545b06178026b8390a3aae5e0d681499b468d6cb9b44afa0b5597dcb6ca920cfb01bae21208c7a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=AU, ST=New South Wales, L=North Sydney, O=PC Tools, OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=PC Tools",
"TBS": {
"MD5": "9fd69d78f600dc8a17faa7b89a9ca51d",
"SHA1": "f086710273cc2bd48d97f3bd8be55cdd80042d9d",
"SHA256": "ed120b5be5d481a5ea7e3d8ae546185f6d5c9262a827b49faebcb3f0edfaeede",
"SHA384": "be5320882ee52f54c3797d7b6dc4ac5cb812543ce52fae65c1939ecd4aad8c5715dbd1fe2ecdf00d2e86cc04fb840b8b"
},
"ValidFrom": "2008-07-18 00:00:00",
"ValidTo": "2011-08-06 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610c120600000000001b",
"Signature": "01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority",
"TBS": {
"MD5": "53c41bc1164e09e0cd1617a5bf913efd",
"SHA1": "93c03aac8951d494ecd5696b1c08658541b18727",
"SHA256": "40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b",
"SHA384": "f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8"
},
"ValidFrom": "2006-05-23 17:01:29",
"ValidTo": "2016-05-23 17:11:29",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA",
"SerialNumber": "3942fe1de9b44298ffbec71ba408f092",
"Version": 1
}
],
"SignerInfo": ""
}
source
last_updated: 2026-04-06
