Description Sophos, from time to time, has observed a threat actor deploy variants of Poortry on different machines within a single estate during an attack. These variants contain the same payload, but signed with a different certificate than the driver first seen used during the attack.
UUID : c2e98102-2055-48f0-9449-3e7a7f2c0ffeCreated : 2024-08-28Author : Michael HaagDownload
This download link contains the malicious driver!
Block idmtdi.sys across your endpoints Add this driver to your block policy in minutes with MagicSword, threat-driven application control. Free for up to 100 endpoints.
Start Blocking for Free Commands sc.exe create idmtdi.sys binPath=C:\windows\temp\idmtdi.sys type=kernel && sc.exe start idmtdi.sys
Use Case Privileges Operating System Elevate privileges kernel Windows 10
Detections Sigma 🛡️ Expand Names
detects loading using name only
Hashes
detects loading using hashes only
Resources https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/ Known Vulnerable Samples Download
Certificates Expand Certificate 7f67150fbb0d254e474284c7f7819c4f Field Value ToBeSigned (TBS) MD5 37f3c75288f06dcd39025a0b2a947217 ToBeSigned (TBS) SHA1 03f6b4f0c154fd95079939c2be18e9c1b4629ad6 ToBeSigned (TBS) SHA256 fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1 Subject C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO ValidFrom 2013-04-09 00:00:00 ValidTo 2014-04-09 23:59:59 Signature b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 7f67150fbb0d254e474284c7f7819c4f Version 3
Certificate 47974d7873a5bcab0d2fb370192fce5e Field Value ToBeSigned (TBS) MD5 e3a93dc2a8a8a668fdbb286bfe9afab5 ToBeSigned (TBS) SHA1 95795d2aa2a554a423bc8c6e5b0a016d14887d35 ToBeSigned (TBS) SHA256 d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e Subject C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2 ValidFrom 2010-02-08 00:00:00 ValidTo 2020-02-07 23:59:59 Signature 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 47974d7873a5bcab0d2fb370192fce5e Version 3
Certificate 611fb0a400000000001d Field Value ToBeSigned (TBS) MD5 a3f222107d4e1085e73b5b589c2f480b ToBeSigned (TBS) SHA1 b94aa26cd77c48d91a53ac44506cbd255e1d362c ToBeSigned (TBS) SHA256 a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa Subject C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA ValidFrom 2011-02-22 19:31:57 ValidTo 2021-02-22 19:41:57 Signature 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 611fb0a400000000001d Version 3
Imports Expand ntoskrnl.exe HAL.dll ntoskrnl.exe HAL.dll Imported Functions Expand KeInitializeEvent HalReturnToFirmware ExAllocatePool NtQuerySystemInformation ExFreePoolWithTag IoAllocateMdl MmProbeAndLockPages MmMapLockedPagesSpecifyCache MmUnlockPages IoFreeMdl KeQueryActiveProcessors KeSetSystemAffinityThread KeRevertToUserAffinityThread DbgPrint KeQueryPerformanceCounter Exported Functions Expand Sections Expand .text .rdata .data .pdata INIT .!0e .Pc\ .qi' .reloc .rsrc Signature Expand {
"Certificates": [
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
"Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
"TBS": {
"MD5": "37f3c75288f06dcd39025a0b2a947217",
"SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
"SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
"SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
},
"ValidFrom": "2013-04-09 00:00:00",
"ValidTo": "2014-04-09 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
"Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
"TBS": {
"MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
"SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
"SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
"SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
},
"ValidFrom": "2010-02-08 00:00:00",
"ValidTo": "2020-02-07 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "611fb0a400000000001d",
"Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
"TBS": {
"MD5": "a3f222107d4e1085e73b5b589c2f480b",
"SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
"SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
"SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
},
"ValidFrom": "2011-02-22 19:31:57",
"ValidTo": "2021-02-22 19:41:57",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates Expand Certificate 7f67150fbb0d254e474284c7f7819c4f Field Value ToBeSigned (TBS) MD5 37f3c75288f06dcd39025a0b2a947217 ToBeSigned (TBS) SHA1 03f6b4f0c154fd95079939c2be18e9c1b4629ad6 ToBeSigned (TBS) SHA256 fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1 Subject C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO ValidFrom 2013-04-09 00:00:00 ValidTo 2014-04-09 23:59:59 Signature b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 7f67150fbb0d254e474284c7f7819c4f Version 3
Certificate 47974d7873a5bcab0d2fb370192fce5e Field Value ToBeSigned (TBS) MD5 e3a93dc2a8a8a668fdbb286bfe9afab5 ToBeSigned (TBS) SHA1 95795d2aa2a554a423bc8c6e5b0a016d14887d35 ToBeSigned (TBS) SHA256 d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e Subject C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2 ValidFrom 2010-02-08 00:00:00 ValidTo 2020-02-07 23:59:59 Signature 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 47974d7873a5bcab0d2fb370192fce5e Version 3
Certificate 611fb0a400000000001d Field Value ToBeSigned (TBS) MD5 a3f222107d4e1085e73b5b589c2f480b ToBeSigned (TBS) SHA1 b94aa26cd77c48d91a53ac44506cbd255e1d362c ToBeSigned (TBS) SHA256 a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa Subject C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA ValidFrom 2011-02-22 19:31:57 ValidTo 2021-02-22 19:41:57 Signature 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 611fb0a400000000001d Version 3
Imports Expand ntoskrnl.exe ntoskrnl.exe hal.dll Imported Functions Expand RtlInitUnicodeString RtlGetVersion ZwCreateFile ZwClose wcsncpy RtlQueryRegistryValues RtlCopyUnicodeString RtlAppendUnicodeStringToString DbgPrint KeInitializeEvent ExAllocatePool ExAllocatePoolWithTag ExFreePoolWithTag ExInitializeNPagedLookasideList PsCreateSystemThread IoCreateDevice IoCreateSymbolicLink IoDeleteDevice IoGetCurrentProcess IoRegisterShutdownNotification ZwOpenKey ZwEnumerateKey ZwQueryKey MmIsAddressValid PsSetLoadImageNotifyRoutine ZwQueryDirectoryFile wcscmp _strlwr RtlInitAnsiString RtlUnicodeStringToAnsiString RtlFreeAnsiString ZwQueryValueKey strstr _strupr wcsncat wcsncmp wcsrchr wcsstr _wcsicmp _wcslwr RtlAnsiStringToUnicodeString RtlEqualUnicodeString RtlFreeUnicodeString RtlTimeToTimeFields KeSetEvent KeDelayExecutionThread KeWaitForSingleObject KeAcquireSpinLockRaiseToDpc KeReleaseSpinLock KeQueryTimeIncrement ExSystemTimeToLocalTime MmProbeAndLockPages MmUnlockPages MmMapLockedPagesSpecifyCache MmUnmapLockedPages PsGetVersion IoAllocateMdl IofCompleteRequest IoFreeIrp IoFreeMdl IoGetDeviceObjectPointer ObfDereferenceObject ZwQueryInformationFile ZwSetInformationFile ZwReadFile ZwWriteFile ZwDeleteFile sprintf swprintf _snwprintf rand srand ObReferenceObjectByName __C_specific_handler IoDriverObjectType ProbeForRead PsTerminateSystemThread ExQueryDepthSList ExpInterlockedPopEntrySList ExpInterlockedPushEntrySList ExDeleteNPagedLookasideList strncpy _vsnprintf RtlInitString ZwOpenFile ZwCreateSection ZwMapViewOfSection RtlCompareString PsGetCurrentProcessId PsLookupProcessByProcessId RtlImageNtHeader PsGetProcessPeb strchr _wcsupr RtlWriteRegistryValue RtlDeleteRegistryValue ZwCreateKey ZwDeleteKey ZwEnumerateValueKey atoi mbstowcs __chkstk strncmp _strnicmp strrchr ExAcquireFastMutex ExReleaseFastMutex _snprintf ObfReferenceObject IoAllocateIrp IoBuildDeviceIoControlRequest IofCallDriver IoGetRelatedDeviceObject ObReferenceObjectByHandle RtlCompareUnicodeString MmGetSystemRoutineAddress IoCreateFile IoGetFileObjectGenericMapping ObQueryNameString ZwOpenDirectoryObject ObCreateObject SeCreateAccessState IoFileObjectType PsThreadType RtlAppendUnicodeToString RtlCompareMemory IoUnregisterShutdownNotification ZwOpenSymbolicLinkObject ZwQuerySymbolicLinkObject PsSetCreateProcessNotifyRoutine PsSetCreateProcessNotifyRoutineEx ZwOpenProcess ZwQuerySystemInformation RtlImageDirectoryEntryToData RtlCreateSecurityDescriptor RtlSetDaclSecurityDescriptor IoStopTimer PsRemoveLoadImageNotifyRoutine RtlLengthSid RtlCreateAcl RtlAddAccessAllowedAce IoGetDeviceAttachmentBaseRef ZwSetSecurityObject SeExports _stricmp NtOpenProcess ZwQueryObject ZwDuplicateObject PsLookupThreadByThreadId ZwOpenThread ZwUnloadKey ZwLoadKey ZwUnmapViewOfSection ZwSetValueKey ObSetHandleAttributes KeStackAttachProcess KeUnstackDetachProcess PsInitialSystemProcess ZwAllocateVirtualMemory PsIsThreadTerminating KeInitializeApc KeInsertQueueApc ExInitializePagedLookasideList ExDeletePagedLookasideList CmRegisterCallback CmUnRegisterCallback KeAcquireInStackQueuedSpinLock KeReleaseInStackQueuedSpinLock KeClearEvent KeBugCheckEx RtlUnicodeStringToInteger MmAllocatePagesForMdl MmFreePagesFromMdl MmAllocateContiguousMemory MmFreeContiguousMemory MmMapViewInSystemSpace MmUnmapViewInSystemSpace MmSectionObjectType RtlCaptureContext KeCapturePersistentThreadState MmSystemRangeStart IoDeviceObjectType KeRevertToUserAffinityThread KeSetSystemAffinityThread KeCancelTimer KeNumberProcessors IoAllocateMdl MmProbeAndLockPages MmMapLockedPagesSpecifyCache MmUnlockPages IoFreeMdl ExAllocatePool ExFreePool NtQuerySystemInformation HalMakeBeep Exported Functions Expand Sections Expand .text .rdata .data .pdata INIT .vvd0 .vvd1 .reloc Signature Expand {
"Certificates": [
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
"Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
"TBS": {
"MD5": "37f3c75288f06dcd39025a0b2a947217",
"SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
"SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
"SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
},
"ValidFrom": "2013-04-09 00:00:00",
"ValidTo": "2014-04-09 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
"Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
"TBS": {
"MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
"SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
"SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
"SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
},
"ValidFrom": "2010-02-08 00:00:00",
"ValidTo": "2020-02-07 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "611fb0a400000000001d",
"Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
"TBS": {
"MD5": "a3f222107d4e1085e73b5b589c2f480b",
"SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
"SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
"SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
},
"ValidFrom": "2011-02-22 19:31:57",
"ValidTo": "2021-02-22 19:41:57",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates Expand Certificate 7f67150fbb0d254e474284c7f7819c4f Field Value ToBeSigned (TBS) MD5 37f3c75288f06dcd39025a0b2a947217 ToBeSigned (TBS) SHA1 03f6b4f0c154fd95079939c2be18e9c1b4629ad6 ToBeSigned (TBS) SHA256 fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1 Subject C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO ValidFrom 2013-04-09 00:00:00 ValidTo 2014-04-09 23:59:59 Signature b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 7f67150fbb0d254e474284c7f7819c4f Version 3
Certificate 47974d7873a5bcab0d2fb370192fce5e Field Value ToBeSigned (TBS) MD5 e3a93dc2a8a8a668fdbb286bfe9afab5 ToBeSigned (TBS) SHA1 95795d2aa2a554a423bc8c6e5b0a016d14887d35 ToBeSigned (TBS) SHA256 d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e Subject C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2 ValidFrom 2010-02-08 00:00:00 ValidTo 2020-02-07 23:59:59 Signature 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 47974d7873a5bcab0d2fb370192fce5e Version 3
Certificate 611fb0a400000000001d Field Value ToBeSigned (TBS) MD5 a3f222107d4e1085e73b5b589c2f480b ToBeSigned (TBS) SHA1 b94aa26cd77c48d91a53ac44506cbd255e1d362c ToBeSigned (TBS) SHA256 a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa Subject C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA ValidFrom 2011-02-22 19:31:57 ValidTo 2021-02-22 19:41:57 Signature 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 611fb0a400000000001d Version 3
Imports Expand ntoskrnl.exe HAL.dll ntoskrnl.exe HAL.dll Imported Functions Expand RtlInitUnicodeString HalReturnToFirmware ExAllocatePool NtQuerySystemInformation ExFreePoolWithTag IoAllocateMdl MmProbeAndLockPages MmMapLockedPagesSpecifyCache MmUnlockPages IoFreeMdl KeQueryActiveProcessors KeSetSystemAffinityThread KeRevertToUserAffinityThread DbgPrint KeQueryPerformanceCounter Exported Functions Expand Sections Expand .text .rdata .data .pdata INIT .hSc .%\I .>F2 .reloc .rsrc Signature Expand {
"Certificates": [
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
"Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
"TBS": {
"MD5": "37f3c75288f06dcd39025a0b2a947217",
"SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
"SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
"SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
},
"ValidFrom": "2013-04-09 00:00:00",
"ValidTo": "2014-04-09 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
"Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
"TBS": {
"MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
"SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
"SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
"SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
},
"ValidFrom": "2010-02-08 00:00:00",
"ValidTo": "2020-02-07 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "611fb0a400000000001d",
"Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
"TBS": {
"MD5": "a3f222107d4e1085e73b5b589c2f480b",
"SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
"SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
"SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
},
"ValidFrom": "2011-02-22 19:31:57",
"ValidTo": "2021-02-22 19:41:57",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates Expand Certificate 7f67150fbb0d254e474284c7f7819c4f Field Value ToBeSigned (TBS) MD5 37f3c75288f06dcd39025a0b2a947217 ToBeSigned (TBS) SHA1 03f6b4f0c154fd95079939c2be18e9c1b4629ad6 ToBeSigned (TBS) SHA256 fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1 Subject C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO ValidFrom 2013-04-09 00:00:00 ValidTo 2014-04-09 23:59:59 Signature b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 7f67150fbb0d254e474284c7f7819c4f Version 3
Certificate 47974d7873a5bcab0d2fb370192fce5e Field Value ToBeSigned (TBS) MD5 e3a93dc2a8a8a668fdbb286bfe9afab5 ToBeSigned (TBS) SHA1 95795d2aa2a554a423bc8c6e5b0a016d14887d35 ToBeSigned (TBS) SHA256 d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e Subject C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2 ValidFrom 2010-02-08 00:00:00 ValidTo 2020-02-07 23:59:59 Signature 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 47974d7873a5bcab0d2fb370192fce5e Version 3
Certificate 611fb0a400000000001d Field Value ToBeSigned (TBS) MD5 a3f222107d4e1085e73b5b589c2f480b ToBeSigned (TBS) SHA1 b94aa26cd77c48d91a53ac44506cbd255e1d362c ToBeSigned (TBS) SHA256 a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa Subject C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA ValidFrom 2011-02-22 19:31:57 ValidTo 2021-02-22 19:41:57 Signature 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 611fb0a400000000001d Version 3
Imports Expand ntoskrnl.exe ntoskrnl.exe hal.dll Imported Functions Expand RtlInitUnicodeString RtlGetVersion ZwCreateFile ZwClose wcsncpy RtlQueryRegistryValues RtlCopyUnicodeString RtlAppendUnicodeStringToString DbgPrint KeInitializeEvent ExAllocatePool ExAllocatePoolWithTag ExFreePoolWithTag ExInitializeNPagedLookasideList PsCreateSystemThread IoCreateDevice IoCreateSymbolicLink IoDeleteDevice IoGetCurrentProcess IoRegisterShutdownNotification ZwOpenKey ZwEnumerateKey ZwQueryKey MmIsAddressValid PsSetLoadImageNotifyRoutine ZwQueryDirectoryFile _strlwr RtlInitAnsiString RtlUnicodeStringToAnsiString RtlFreeAnsiString ZwQueryValueKey strstr _strupr wcsncat wcsncmp wcsrchr wcsstr _wcslwr RtlAnsiStringToUnicodeString RtlFreeUnicodeString RtlTimeToTimeFields KeSetEvent KeDelayExecutionThread KeWaitForSingleObject KeAcquireSpinLockRaiseToDpc KeReleaseSpinLock KeQueryTimeIncrement ExSystemTimeToLocalTime MmProbeAndLockPages MmUnlockPages MmMapLockedPagesSpecifyCache MmUnmapLockedPages PsGetVersion IoAllocateMdl IofCompleteRequest IoFreeIrp IoFreeMdl IoGetDeviceObjectPointer ObfDereferenceObject ZwQueryInformationFile ZwSetInformationFile ZwReadFile ZwWriteFile ZwDeleteFile sprintf swprintf _snwprintf rand srand ObReferenceObjectByName __C_specific_handler IoDriverObjectType ProbeForRead PsTerminateSystemThread ExQueryDepthSList ExpInterlockedPopEntrySList ExpInterlockedPushEntrySList ExDeleteNPagedLookasideList strncpy _vsnprintf RtlInitString ZwOpenFile ZwCreateSection ZwMapViewOfSection RtlCompareString PsGetCurrentProcessId PsLookupProcessByProcessId RtlImageNtHeader PsGetProcessPeb strchr _wcsupr RtlWriteRegistryValue RtlDeleteRegistryValue ZwCreateKey ZwDeleteKey ZwEnumerateValueKey atoi mbstowcs __chkstk strncmp _strnicmp strrchr ExAcquireFastMutex ExReleaseFastMutex _snprintf ObfReferenceObject IoAllocateIrp IoBuildDeviceIoControlRequest IofCallDriver IoGetRelatedDeviceObject ObReferenceObjectByHandle RtlCompareUnicodeString MmGetSystemRoutineAddress IoCreateFile IoGetFileObjectGenericMapping ObQueryNameString ZwOpenDirectoryObject ObCreateObject SeCreateAccessState wcscmp IoFileObjectType PsThreadType RtlAppendUnicodeToString RtlCompareMemory IoUnregisterShutdownNotification ZwOpenSymbolicLinkObject ZwQuerySymbolicLinkObject PsSetCreateProcessNotifyRoutine PsSetCreateProcessNotifyRoutineEx ZwOpenProcess ZwQuerySystemInformation RtlImageDirectoryEntryToData _wcsicmp IoStopTimer PsRemoveLoadImageNotifyRoutine IoGetDeviceAttachmentBaseRef _stricmp NtOpenProcess ZwQueryObject ZwDuplicateObject PsLookupThreadByThreadId ZwOpenThread ZwUnloadKey ZwLoadKey ZwUnmapViewOfSection ZwSetValueKey ObSetHandleAttributes KeStackAttachProcess KeUnstackDetachProcess PsInitialSystemProcess ZwAllocateVirtualMemory PsIsThreadTerminating KeInitializeApc KeInsertQueueApc ExInitializePagedLookasideList ExDeletePagedLookasideList CmRegisterCallback CmUnRegisterCallback KeAcquireInStackQueuedSpinLock KeReleaseInStackQueuedSpinLock KeClearEvent KeBugCheckEx RtlUnicodeStringToInteger MmAllocatePagesForMdl MmFreePagesFromMdl MmAllocateContiguousMemory MmFreeContiguousMemory MmMapViewInSystemSpace MmUnmapViewInSystemSpace MmSectionObjectType RtlCaptureContext KeCapturePersistentThreadState MmSystemRangeStart IoDeviceObjectType KeRevertToUserAffinityThread KeSetSystemAffinityThread KeCancelTimer KeNumberProcessors IoAllocateMdl MmProbeAndLockPages MmMapLockedPagesSpecifyCache MmUnlockPages IoFreeMdl ExAllocatePool ExFreePool NtQuerySystemInformation HalMakeBeep Exported Functions Expand Sections Expand .text .rdata .data .pdata INIT .vvd0 .vvd1 .reloc Signature Expand {
"Certificates": [
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
"Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
"TBS": {
"MD5": "37f3c75288f06dcd39025a0b2a947217",
"SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
"SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
"SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
},
"ValidFrom": "2013-04-09 00:00:00",
"ValidTo": "2014-04-09 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
"Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
"TBS": {
"MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
"SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
"SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
"SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
},
"ValidFrom": "2010-02-08 00:00:00",
"ValidTo": "2020-02-07 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "611fb0a400000000001d",
"Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
"TBS": {
"MD5": "a3f222107d4e1085e73b5b589c2f480b",
"SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
"SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
"SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
},
"ValidFrom": "2011-02-22 19:31:57",
"ValidTo": "2021-02-22 19:41:57",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates Expand Certificate 7f67150fbb0d254e474284c7f7819c4f Field Value ToBeSigned (TBS) MD5 37f3c75288f06dcd39025a0b2a947217 ToBeSigned (TBS) SHA1 03f6b4f0c154fd95079939c2be18e9c1b4629ad6 ToBeSigned (TBS) SHA256 fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1 Subject C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO ValidFrom 2013-04-09 00:00:00 ValidTo 2014-04-09 23:59:59 Signature b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 7f67150fbb0d254e474284c7f7819c4f Version 3
Certificate 47974d7873a5bcab0d2fb370192fce5e Field Value ToBeSigned (TBS) MD5 e3a93dc2a8a8a668fdbb286bfe9afab5 ToBeSigned (TBS) SHA1 95795d2aa2a554a423bc8c6e5b0a016d14887d35 ToBeSigned (TBS) SHA256 d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e Subject C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2 ValidFrom 2010-02-08 00:00:00 ValidTo 2020-02-07 23:59:59 Signature 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 47974d7873a5bcab0d2fb370192fce5e Version 3
Certificate 611fb0a400000000001d Field Value ToBeSigned (TBS) MD5 a3f222107d4e1085e73b5b589c2f480b ToBeSigned (TBS) SHA1 b94aa26cd77c48d91a53ac44506cbd255e1d362c ToBeSigned (TBS) SHA256 a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa Subject C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA ValidFrom 2011-02-22 19:31:57 ValidTo 2021-02-22 19:41:57 Signature 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 611fb0a400000000001d Version 3
Imports Expand ntoskrnl.exe ntoskrnl.exe hal.dll Imported Functions Expand RtlInitUnicodeString RtlGetVersion ZwCreateFile ZwClose wcsncpy RtlQueryRegistryValues RtlCopyUnicodeString RtlAppendUnicodeStringToString DbgPrint KeInitializeEvent ExAllocatePool ExAllocatePoolWithTag ExFreePoolWithTag ExInitializeNPagedLookasideList PsCreateSystemThread IoCreateDevice IoCreateSymbolicLink IoDeleteDevice IoGetCurrentProcess IoRegisterShutdownNotification ZwOpenKey ZwEnumerateKey ZwQueryKey MmIsAddressValid PsSetLoadImageNotifyRoutine ZwQueryDirectoryFile _strlwr RtlInitAnsiString RtlUnicodeStringToAnsiString RtlFreeAnsiString ZwQueryValueKey strstr _strupr wcsncat wcsncmp wcsrchr wcsstr _wcslwr RtlAnsiStringToUnicodeString RtlFreeUnicodeString RtlTimeToTimeFields KeSetEvent KeDelayExecutionThread KeWaitForSingleObject KeAcquireSpinLockRaiseToDpc KeReleaseSpinLock KeQueryTimeIncrement ExSystemTimeToLocalTime MmProbeAndLockPages MmUnlockPages MmMapLockedPagesSpecifyCache MmUnmapLockedPages PsGetVersion IoAllocateMdl IofCompleteRequest IoFreeIrp IoFreeMdl IoGetDeviceObjectPointer ObfDereferenceObject ZwQueryInformationFile ZwSetInformationFile ZwReadFile ZwWriteFile ZwDeleteFile sprintf swprintf _snwprintf rand srand ObReferenceObjectByName __C_specific_handler IoDriverObjectType ProbeForRead PsTerminateSystemThread ExQueryDepthSList ExpInterlockedPopEntrySList ExpInterlockedPushEntrySList ExDeleteNPagedLookasideList strncpy _vsnprintf RtlInitString ZwOpenFile ZwCreateSection ZwMapViewOfSection RtlCompareString PsGetCurrentProcessId PsLookupProcessByProcessId RtlImageNtHeader PsGetProcessPeb strchr _wcsupr RtlWriteRegistryValue RtlDeleteRegistryValue ZwCreateKey ZwDeleteKey ZwEnumerateValueKey atoi mbstowcs __chkstk strncmp _strnicmp strrchr ExAcquireFastMutex ExReleaseFastMutex _snprintf ObfReferenceObject IoAllocateIrp IoBuildDeviceIoControlRequest IofCallDriver IoGetRelatedDeviceObject ObReferenceObjectByHandle RtlCompareUnicodeString MmGetSystemRoutineAddress IoCreateFile IoGetFileObjectGenericMapping ObQueryNameString ZwOpenDirectoryObject ObCreateObject SeCreateAccessState wcscmp IoFileObjectType PsThreadType RtlAppendUnicodeToString RtlCompareMemory IoUnregisterShutdownNotification ZwOpenSymbolicLinkObject ZwQuerySymbolicLinkObject PsSetCreateProcessNotifyRoutine PsSetCreateProcessNotifyRoutineEx ZwOpenProcess ZwQuerySystemInformation RtlImageDirectoryEntryToData _wcsicmp IoStopTimer PsRemoveLoadImageNotifyRoutine IoGetDeviceAttachmentBaseRef _stricmp NtOpenProcess ZwQueryObject ZwDuplicateObject PsLookupThreadByThreadId ZwOpenThread ZwUnloadKey ZwLoadKey ZwUnmapViewOfSection ZwSetValueKey ObSetHandleAttributes KeStackAttachProcess KeUnstackDetachProcess PsInitialSystemProcess ZwAllocateVirtualMemory PsIsThreadTerminating KeInitializeApc KeInsertQueueApc ExInitializePagedLookasideList ExDeletePagedLookasideList CmRegisterCallback CmUnRegisterCallback KeAcquireInStackQueuedSpinLock KeReleaseInStackQueuedSpinLock KeClearEvent KeBugCheckEx RtlUnicodeStringToInteger MmAllocatePagesForMdl MmFreePagesFromMdl MmAllocateContiguousMemory MmFreeContiguousMemory MmMapViewInSystemSpace MmUnmapViewInSystemSpace MmSectionObjectType RtlCaptureContext KeCapturePersistentThreadState MmSystemRangeStart IoDeviceObjectType KeRevertToUserAffinityThread KeSetSystemAffinityThread KeCancelTimer KeNumberProcessors IoAllocateMdl MmProbeAndLockPages MmMapLockedPagesSpecifyCache MmUnlockPages IoFreeMdl ExAllocatePool ExFreePool NtQuerySystemInformation HalMakeBeep Exported Functions Expand Sections Expand .text .rdata .data .pdata INIT .vvd0 .vvd1 .reloc Signature Expand {
"Certificates": [
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
"Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
"TBS": {
"MD5": "37f3c75288f06dcd39025a0b2a947217",
"SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
"SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
"SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
},
"ValidFrom": "2013-04-09 00:00:00",
"ValidTo": "2014-04-09 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
"Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
"TBS": {
"MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
"SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
"SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
"SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
},
"ValidFrom": "2010-02-08 00:00:00",
"ValidTo": "2020-02-07 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "611fb0a400000000001d",
"Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
"TBS": {
"MD5": "a3f222107d4e1085e73b5b589c2f480b",
"SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
"SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
"SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
},
"ValidFrom": "2011-02-22 19:31:57",
"ValidTo": "2021-02-22 19:41:57",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates Expand Certificate 7f67150fbb0d254e474284c7f7819c4f Field Value ToBeSigned (TBS) MD5 37f3c75288f06dcd39025a0b2a947217 ToBeSigned (TBS) SHA1 03f6b4f0c154fd95079939c2be18e9c1b4629ad6 ToBeSigned (TBS) SHA256 fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1 Subject C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO ValidFrom 2013-04-09 00:00:00 ValidTo 2014-04-09 23:59:59 Signature b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 7f67150fbb0d254e474284c7f7819c4f Version 3
Certificate 47974d7873a5bcab0d2fb370192fce5e Field Value ToBeSigned (TBS) MD5 e3a93dc2a8a8a668fdbb286bfe9afab5 ToBeSigned (TBS) SHA1 95795d2aa2a554a423bc8c6e5b0a016d14887d35 ToBeSigned (TBS) SHA256 d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e Subject C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2 ValidFrom 2010-02-08 00:00:00 ValidTo 2020-02-07 23:59:59 Signature 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 47974d7873a5bcab0d2fb370192fce5e Version 3
Certificate 611fb0a400000000001d Field Value ToBeSigned (TBS) MD5 a3f222107d4e1085e73b5b589c2f480b ToBeSigned (TBS) SHA1 b94aa26cd77c48d91a53ac44506cbd255e1d362c ToBeSigned (TBS) SHA256 a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa Subject C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA ValidFrom 2011-02-22 19:31:57 ValidTo 2021-02-22 19:41:57 Signature 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 611fb0a400000000001d Version 3
Imports Expand ntoskrnl.exe HAL.dll ntoskrnl.exe HAL.dll Imported Functions Expand KeInitializeEvent HalReturnToFirmware ExAllocatePool NtQuerySystemInformation ExFreePoolWithTag IoAllocateMdl MmProbeAndLockPages MmMapLockedPagesSpecifyCache MmUnlockPages IoFreeMdl KeQueryActiveProcessors KeSetSystemAffinityThread KeRevertToUserAffinityThread DbgPrint KeQueryPerformanceCounter Exported Functions Expand Sections Expand .text .rdata .data .pdata INIT .0X] .y^C .e&b .reloc .rsrc Signature Expand {
"Certificates": [
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
"Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
"TBS": {
"MD5": "37f3c75288f06dcd39025a0b2a947217",
"SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
"SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
"SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
},
"ValidFrom": "2013-04-09 00:00:00",
"ValidTo": "2014-04-09 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
"Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
"TBS": {
"MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
"SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
"SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
"SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
},
"ValidFrom": "2010-02-08 00:00:00",
"ValidTo": "2020-02-07 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "611fb0a400000000001d",
"Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
"TBS": {
"MD5": "a3f222107d4e1085e73b5b589c2f480b",
"SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
"SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
"SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
},
"ValidFrom": "2011-02-22 19:31:57",
"ValidTo": "2021-02-22 19:41:57",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates Expand Certificate 7f67150fbb0d254e474284c7f7819c4f Field Value ToBeSigned (TBS) MD5 37f3c75288f06dcd39025a0b2a947217 ToBeSigned (TBS) SHA1 03f6b4f0c154fd95079939c2be18e9c1b4629ad6 ToBeSigned (TBS) SHA256 fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1 Subject C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO ValidFrom 2013-04-09 00:00:00 ValidTo 2014-04-09 23:59:59 Signature b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 7f67150fbb0d254e474284c7f7819c4f Version 3
Certificate 47974d7873a5bcab0d2fb370192fce5e Field Value ToBeSigned (TBS) MD5 e3a93dc2a8a8a668fdbb286bfe9afab5 ToBeSigned (TBS) SHA1 95795d2aa2a554a423bc8c6e5b0a016d14887d35 ToBeSigned (TBS) SHA256 d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e Subject C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2 ValidFrom 2010-02-08 00:00:00 ValidTo 2020-02-07 23:59:59 Signature 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 47974d7873a5bcab0d2fb370192fce5e Version 3
Certificate 611fb0a400000000001d Field Value ToBeSigned (TBS) MD5 a3f222107d4e1085e73b5b589c2f480b ToBeSigned (TBS) SHA1 b94aa26cd77c48d91a53ac44506cbd255e1d362c ToBeSigned (TBS) SHA256 a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa Subject C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA ValidFrom 2011-02-22 19:31:57 ValidTo 2021-02-22 19:41:57 Signature 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 611fb0a400000000001d Version 3
Imports Expand fwpkclnt.sys NDIS.SYS ntoskrnl.exe ntoskrnl.exe HAL.dll Imported Functions Expand FwpsFreeNetBufferList0 FwpmFilterDeleteById0 NdisAllocateGenericObject NdisFreeNetBufferListPool NdisAllocateNetBufferListPool NdisRetreatNetBufferDataStart NdisAdvanceNetBufferDataStart NdisGetDataBuffer NdisInitializeEvent NdisFreeGenericObject NdisWaitEvent RtlInitUnicodeString ObfDereferenceObject PsLookupProcessByProcessId RtlCompareMemory KeAcquireInStackQueuedSpinLock KeReleaseInStackQueuedSpinLock ExAllocatePoolWithTag ExUuidCreate swprintf_s __C_specific_handler MmGetSystemRoutineAddress RtlAppendUnicodeToString RtlCreateSecurityDescriptor RtlSetDaclSecurityDescriptor KeInitializeEvent KeSetEvent KeWaitForSingleObject ExFreePoolWithTag ExQueryDepthSList ExpInterlockedPopEntrySList ExpInterlockedPushEntrySList ExInitializeNPagedLookasideList ExDeleteNPagedLookasideList MmBuildMdlForNonPagedPool MmMapLockedPagesSpecifyCache MmUnmapLockedPages MmAllocatePagesForMdl MmFreePagesFromMdl PsCreateSystemThread PsTerminateSystemThread IoAllocateMdl IofCompleteRequest IoCreateDevice IoCreateSymbolicLink IoDeleteDevice IoDeleteSymbolicLink IoFreeMdl IoReleaseCancelSpinLock ObReferenceObjectByHandle ZwClose ZwOpenKey ZwQueryValueKey PsGetCurrentProcessId ZwSetInformationThread RtlLengthSid RtlCreateAcl RtlAddAccessAllowedAce ObOpenObjectByPointer ZwSetSecurityObject SeExports RtlGetVersion ZwCreateFile IoCreateFileSpecifyDeviceObjectHint IoGetBaseFileSystemDeviceObject ZwDeleteFile IoFileObjectType _stricmp ZwQuerySystemInformation RtlValidSid KeBugCheckEx ExAllocatePool NtQuerySystemInformation ExFreePoolWithTag IoAllocateMdl MmProbeAndLockPages MmMapLockedPagesSpecifyCache MmUnlockPages IoFreeMdl KeQueryActiveProcessors KeSetSystemAffinityThread KeRevertToUserAffinityThread DbgPrint KeQueryPerformanceCounter Exported Functions Expand Sections Expand .text .rdata .data .pdata INIT .wEI .xpk .hCC .reloc Signature Expand {
"Certificates": [
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
"Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
"TBS": {
"MD5": "37f3c75288f06dcd39025a0b2a947217",
"SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
"SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
"SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
},
"ValidFrom": "2013-04-09 00:00:00",
"ValidTo": "2014-04-09 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
"Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
"TBS": {
"MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
"SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
"SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
"SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
},
"ValidFrom": "2010-02-08 00:00:00",
"ValidTo": "2020-02-07 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "611fb0a400000000001d",
"Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
"TBS": {
"MD5": "a3f222107d4e1085e73b5b589c2f480b",
"SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
"SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
"SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
},
"ValidFrom": "2011-02-22 19:31:57",
"ValidTo": "2021-02-22 19:41:57",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates Expand Certificate 7f67150fbb0d254e474284c7f7819c4f Field Value ToBeSigned (TBS) MD5 37f3c75288f06dcd39025a0b2a947217 ToBeSigned (TBS) SHA1 03f6b4f0c154fd95079939c2be18e9c1b4629ad6 ToBeSigned (TBS) SHA256 fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1 Subject C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO ValidFrom 2013-04-09 00:00:00 ValidTo 2014-04-09 23:59:59 Signature b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 7f67150fbb0d254e474284c7f7819c4f Version 3
Certificate 47974d7873a5bcab0d2fb370192fce5e Field Value ToBeSigned (TBS) MD5 e3a93dc2a8a8a668fdbb286bfe9afab5 ToBeSigned (TBS) SHA1 95795d2aa2a554a423bc8c6e5b0a016d14887d35 ToBeSigned (TBS) SHA256 d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e Subject C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2 ValidFrom 2010-02-08 00:00:00 ValidTo 2020-02-07 23:59:59 Signature 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 47974d7873a5bcab0d2fb370192fce5e Version 3
Certificate 611fb0a400000000001d Field Value ToBeSigned (TBS) MD5 a3f222107d4e1085e73b5b589c2f480b ToBeSigned (TBS) SHA1 b94aa26cd77c48d91a53ac44506cbd255e1d362c ToBeSigned (TBS) SHA256 a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa Subject C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA ValidFrom 2011-02-22 19:31:57 ValidTo 2021-02-22 19:41:57 Signature 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 611fb0a400000000001d Version 3
Imports Expand ntoskrnl.exe HAL.dll ntoskrnl.exe HAL.dll Imported Functions Expand KeInitializeEvent HalReturnToFirmware ExAllocatePool NtQuerySystemInformation ExFreePoolWithTag IoAllocateMdl MmProbeAndLockPages MmMapLockedPagesSpecifyCache MmUnlockPages IoFreeMdl KeQueryActiveProcessors KeSetSystemAffinityThread KeRevertToUserAffinityThread DbgPrint KeQueryPerformanceCounter Exported Functions Expand Sections Expand .text .rdata .data .pdata INIT .%>Z .NNo .qH} .reloc .rsrc Signature Expand {
"Certificates": [
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
"Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
"TBS": {
"MD5": "37f3c75288f06dcd39025a0b2a947217",
"SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
"SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
"SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
},
"ValidFrom": "2013-04-09 00:00:00",
"ValidTo": "2014-04-09 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
"Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
"TBS": {
"MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
"SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
"SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
"SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
},
"ValidFrom": "2010-02-08 00:00:00",
"ValidTo": "2020-02-07 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "611fb0a400000000001d",
"Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
"TBS": {
"MD5": "a3f222107d4e1085e73b5b589c2f480b",
"SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
"SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
"SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
},
"ValidFrom": "2011-02-22 19:31:57",
"ValidTo": "2021-02-22 19:41:57",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates Expand Certificate 7f67150fbb0d254e474284c7f7819c4f Field Value ToBeSigned (TBS) MD5 37f3c75288f06dcd39025a0b2a947217 ToBeSigned (TBS) SHA1 03f6b4f0c154fd95079939c2be18e9c1b4629ad6 ToBeSigned (TBS) SHA256 fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1 Subject C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO ValidFrom 2013-04-09 00:00:00 ValidTo 2014-04-09 23:59:59 Signature b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 7f67150fbb0d254e474284c7f7819c4f Version 3
Certificate 47974d7873a5bcab0d2fb370192fce5e Field Value ToBeSigned (TBS) MD5 e3a93dc2a8a8a668fdbb286bfe9afab5 ToBeSigned (TBS) SHA1 95795d2aa2a554a423bc8c6e5b0a016d14887d35 ToBeSigned (TBS) SHA256 d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e Subject C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2 ValidFrom 2010-02-08 00:00:00 ValidTo 2020-02-07 23:59:59 Signature 56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 47974d7873a5bcab0d2fb370192fce5e Version 3
Certificate 611fb0a400000000001d Field Value ToBeSigned (TBS) MD5 a3f222107d4e1085e73b5b589c2f480b ToBeSigned (TBS) SHA1 b94aa26cd77c48d91a53ac44506cbd255e1d362c ToBeSigned (TBS) SHA256 a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa Subject C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA ValidFrom 2011-02-22 19:31:57 ValidTo 2021-02-22 19:41:57 Signature 2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 611fb0a400000000001d Version 3
Imports Expand ntoskrnl.exe ntoskrnl.exe hal.dll Imported Functions Expand RtlInitUnicodeString RtlGetVersion ZwCreateFile ZwClose wcsncpy RtlQueryRegistryValues RtlCopyUnicodeString RtlAppendUnicodeStringToString DbgPrint KeInitializeEvent ExAllocatePool ExAllocatePoolWithTag ExFreePoolWithTag ExInitializeNPagedLookasideList PsCreateSystemThread IoCreateDevice IoCreateSymbolicLink IoDeleteDevice IoGetCurrentProcess IoRegisterShutdownNotification ZwOpenKey ZwEnumerateKey ZwQueryKey MmIsAddressValid PsSetLoadImageNotifyRoutine ZwQueryDirectoryFile wcscmp _strlwr RtlInitAnsiString RtlUnicodeStringToAnsiString RtlFreeAnsiString ZwQueryValueKey strstr _strupr wcsncat wcsncmp wcsrchr wcsstr _wcsicmp _wcslwr RtlAnsiStringToUnicodeString RtlEqualUnicodeString RtlFreeUnicodeString RtlTimeToTimeFields KeSetEvent KeDelayExecutionThread KeWaitForSingleObject KeAcquireSpinLockRaiseToDpc KeReleaseSpinLock KeQueryTimeIncrement ExSystemTimeToLocalTime MmProbeAndLockPages MmUnlockPages MmMapLockedPagesSpecifyCache MmUnmapLockedPages PsGetVersion IoAllocateMdl IofCompleteRequest IoFreeIrp IoFreeMdl IoGetDeviceObjectPointer ObfDereferenceObject ZwQueryInformationFile ZwSetInformationFile ZwReadFile ZwWriteFile ZwDeleteFile sprintf swprintf _snwprintf rand srand ObReferenceObjectByName __C_specific_handler IoDriverObjectType ProbeForRead PsTerminateSystemThread ExQueryDepthSList ExpInterlockedPopEntrySList ExpInterlockedPushEntrySList ExDeleteNPagedLookasideList strncpy _vsnprintf RtlInitString ZwOpenFile ZwCreateSection ZwMapViewOfSection RtlCompareString PsGetCurrentProcessId PsLookupProcessByProcessId RtlImageNtHeader PsGetProcessPeb strchr _wcsupr RtlWriteRegistryValue RtlDeleteRegistryValue ZwCreateKey ZwDeleteKey ZwEnumerateValueKey atoi mbstowcs __chkstk strncmp _strnicmp strrchr ExAcquireFastMutex ExReleaseFastMutex _snprintf ObfReferenceObject IoAllocateIrp IoBuildDeviceIoControlRequest IofCallDriver IoGetRelatedDeviceObject ObReferenceObjectByHandle RtlCompareUnicodeString MmGetSystemRoutineAddress IoCreateFile IoGetFileObjectGenericMapping ObQueryNameString ZwOpenDirectoryObject ObCreateObject SeCreateAccessState IoFileObjectType PsThreadType RtlAppendUnicodeToString RtlCompareMemory IoUnregisterShutdownNotification ZwOpenSymbolicLinkObject ZwQuerySymbolicLinkObject PsSetCreateProcessNotifyRoutine PsSetCreateProcessNotifyRoutineEx ZwOpenProcess ZwQuerySystemInformation RtlImageDirectoryEntryToData RtlCreateSecurityDescriptor RtlSetDaclSecurityDescriptor IoStopTimer PsRemoveLoadImageNotifyRoutine RtlLengthSid RtlCreateAcl RtlAddAccessAllowedAce IoGetDeviceAttachmentBaseRef ZwSetSecurityObject SeExports _stricmp NtOpenProcess ZwQueryObject ZwDuplicateObject PsLookupThreadByThreadId ZwOpenThread ZwUnloadKey ZwLoadKey ZwUnmapViewOfSection ZwSetValueKey ObSetHandleAttributes KeStackAttachProcess KeUnstackDetachProcess PsInitialSystemProcess ZwAllocateVirtualMemory PsIsThreadTerminating KeInitializeApc KeInsertQueueApc ExInitializePagedLookasideList ExDeletePagedLookasideList CmRegisterCallback CmUnRegisterCallback KeAcquireInStackQueuedSpinLock KeReleaseInStackQueuedSpinLock KeClearEvent KeBugCheckEx RtlUnicodeStringToInteger MmAllocatePagesForMdl MmFreePagesFromMdl MmAllocateContiguousMemory MmFreeContiguousMemory MmMapViewInSystemSpace MmUnmapViewInSystemSpace MmSectionObjectType RtlCaptureContext KeCapturePersistentThreadState MmSystemRangeStart IoDeviceObjectType KeRevertToUserAffinityThread KeSetSystemAffinityThread KeCancelTimer KeNumberProcessors IoAllocateMdl MmProbeAndLockPages MmMapLockedPagesSpecifyCache MmUnlockPages IoFreeMdl ExAllocatePool ExFreePool NtQuerySystemInformation HalMakeBeep Exported Functions Expand Sections Expand .text .rdata .data .pdata INIT .vvd0 .vvd1 .reloc Signature Expand {
"Certificates": [
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
"Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
"TBS": {
"MD5": "37f3c75288f06dcd39025a0b2a947217",
"SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
"SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
"SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
},
"ValidFrom": "2013-04-09 00:00:00",
"ValidTo": "2014-04-09 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
"Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
"TBS": {
"MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
"SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
"SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
"SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
},
"ValidFrom": "2010-02-08 00:00:00",
"ValidTo": "2020-02-07 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "611fb0a400000000001d",
"Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
"TBS": {
"MD5": "a3f222107d4e1085e73b5b589c2f480b",
"SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
"SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
"SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
},
"ValidFrom": "2011-02-22 19:31:57",
"ValidTo": "2021-02-22 19:41:57",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
"SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
"Version": 1
}
],
"SignerInfo": ""
}
source
last_updated: 2026-04-14
