c2e98102-2055-48f0-9449-3e7a7f2c0ffe

idmtdi.sys :inline :inline

Description

Sophos, from time to time, has observed a threat actor deploy variants of Poortry on different machines within a single estate during an attack. These variants contain the same payload, but signed with a different certificate than the driver first seen used during the attack.

  • UUID: c2e98102-2055-48f0-9449-3e7a7f2c0ffe
  • Created: 2024-08-28
  • Author: Michael Haag
  • Acknowledgement: |

DownloadBlock

This download link contains the malicious driver!

Commands

sc.exe create idmtdi.sys binPath=C:\windows\temp\idmtdi.sys type=kernel && sc.exe start idmtdi.sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/

  • Known Vulnerable Samples

    PropertyValue
    Filename
    Creation Timestamp2023-06-23 11:18:09
    MD544a0db8d9ea165b2ae5e84b72550a4e7
    SHA13dc2887dbb227d780bf05fd25235d7314a67e9ed
    SHA25644ebb0f534e7cdfec06d5234358d219798a313219b214d72aa23afc5a57d7ea9
    Authentihash MD5f706fa9c39f2ac707988e849963c5195
    Authentihash SHA16639afb03930b08009eb7e60d9557b2130cd0421
    Authentihash SHA256af5a2122b55ee9d8cd3dd49c4ac41bfc9b354912480f06fa7de19829c00c2720
    RichPEHeaderHash MD5ffdf660eb1ebf020a1d0a55a90712dfb
    RichPEHeaderHash SHA13e905e3d061d0d59de61fcf39c994fcb0ec1bab3
    RichPEHeaderHash SHA2562b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
    CompanyTonec Inc.
    DescriptionInternet Download Manager TDI Driver
    ProductInternet Download Manager
    OriginalFilenameidmtdi.sys

    Download

    Certificates

    Expand
    Certificate 7f67150fbb0d254e474284c7f7819c4f
    FieldValue
    ToBeSigned (TBS) MD537f3c75288f06dcd39025a0b2a947217
    ToBeSigned (TBS) SHA103f6b4f0c154fd95079939c2be18e9c1b4629ad6
    ToBeSigned (TBS) SHA256fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1
    SubjectC=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO
    ValidFrom2013-04-09 00:00:00
    ValidTo2014-04-09 23:59:59
    Signatureb5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber7f67150fbb0d254e474284c7f7819c4f
    Version3
    Certificate 47974d7873a5bcab0d2fb370192fce5e
    FieldValue
    ToBeSigned (TBS) MD5e3a93dc2a8a8a668fdbb286bfe9afab5
    ToBeSigned (TBS) SHA195795d2aa2a554a423bc8c6e5b0a016d14887d35
    ToBeSigned (TBS) SHA256d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
    SubjectC=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47974d7873a5bcab0d2fb370192fce5e
    Version3
    Certificate 611fb0a400000000001d
    FieldValue
    ToBeSigned (TBS) MD5a3f222107d4e1085e73b5b589c2f480b
    ToBeSigned (TBS) SHA1b94aa26cd77c48d91a53ac44506cbd255e1d362c
    ToBeSigned (TBS) SHA256a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
    SubjectC=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
    ValidFrom2011-02-22 19:31:57
    ValidTo2021-02-22 19:41:57
    Signature2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611fb0a400000000001d
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • KeInitializeEvent
    • HalReturnToFirmware
    • ExAllocatePool
    • NtQuerySystemInformation
    • ExFreePoolWithTag
    • IoAllocateMdl
    • MmProbeAndLockPages
    • MmMapLockedPagesSpecifyCache
    • MmUnlockPages
    • IoFreeMdl
    • KeQueryActiveProcessors
    • KeSetSystemAffinityThread
    • KeRevertToUserAffinityThread
    • DbgPrint
    • KeQueryPerformanceCounter

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .!0e
    • .Pc\
    • .qi'
    • .reloc
    • .rsrc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
          "Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
          "TBS": {
            "MD5": "37f3c75288f06dcd39025a0b2a947217",
            "SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
            "SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
            "SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
          },
          "ValidFrom": "2013-04-09 00:00:00",
          "ValidTo": "2014-04-09 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
          "Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
          "TBS": {
            "MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
            "SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
            "SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
            "SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611fb0a400000000001d",
          "Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
          "TBS": {
            "MD5": "a3f222107d4e1085e73b5b589c2f480b",
            "SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
            "SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
            "SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
          },
          "ValidFrom": "2011-02-22 19:31:57",
          "ValidTo": "2021-02-22 19:41:57",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
          "SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2024-08-09 07:59:20
    MD566d0f20927a7acc0f6821d73f468c647
    SHA1e179f62fb4f074284945f3ab90406d2d3f19ee73
    SHA25608c4b75a9b715647a60b946f3743c4e49a6f5c36c1bc889e741d658508dc50c0
    Authentihash MD5d7548fde7f3b5958b096876578154dbc
    Authentihash SHA15934b4583513046dbb5c5dd56e56dafaf2162af7
    Authentihash SHA2562e6b039e10d2b93fbce625ecb7bf04b38eac69b96385fc3b28541c8da78fd8ad
    RichPEHeaderHash MD50aa427f4ccc6e84d37c6e781da65e484
    RichPEHeaderHash SHA1080cd8a498eccf8478fc81dbb719a25464947eee
    RichPEHeaderHash SHA2569e1bc00124c20f1de4dcd2e06a2ca018d3e5732b6fedccac185afe5c90ed45a2

    Download

    Certificates

    Expand
    Certificate 7f67150fbb0d254e474284c7f7819c4f
    FieldValue
    ToBeSigned (TBS) MD537f3c75288f06dcd39025a0b2a947217
    ToBeSigned (TBS) SHA103f6b4f0c154fd95079939c2be18e9c1b4629ad6
    ToBeSigned (TBS) SHA256fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1
    SubjectC=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO
    ValidFrom2013-04-09 00:00:00
    ValidTo2014-04-09 23:59:59
    Signatureb5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber7f67150fbb0d254e474284c7f7819c4f
    Version3
    Certificate 47974d7873a5bcab0d2fb370192fce5e
    FieldValue
    ToBeSigned (TBS) MD5e3a93dc2a8a8a668fdbb286bfe9afab5
    ToBeSigned (TBS) SHA195795d2aa2a554a423bc8c6e5b0a016d14887d35
    ToBeSigned (TBS) SHA256d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
    SubjectC=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47974d7873a5bcab0d2fb370192fce5e
    Version3
    Certificate 611fb0a400000000001d
    FieldValue
    ToBeSigned (TBS) MD5a3f222107d4e1085e73b5b589c2f480b
    ToBeSigned (TBS) SHA1b94aa26cd77c48d91a53ac44506cbd255e1d362c
    ToBeSigned (TBS) SHA256a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
    SubjectC=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
    ValidFrom2011-02-22 19:31:57
    ValidTo2021-02-22 19:41:57
    Signature2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611fb0a400000000001d
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • ntoskrnl.exe
    • hal.dll

    Imported Functions

    Expand
    • RtlInitUnicodeString
    • RtlGetVersion
    • ZwCreateFile
    • ZwClose
    • wcsncpy
    • RtlQueryRegistryValues
    • RtlCopyUnicodeString
    • RtlAppendUnicodeStringToString
    • DbgPrint
    • KeInitializeEvent
    • ExAllocatePool
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExInitializeNPagedLookasideList
    • PsCreateSystemThread
    • IoCreateDevice
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoGetCurrentProcess
    • IoRegisterShutdownNotification
    • ZwOpenKey
    • ZwEnumerateKey
    • ZwQueryKey
    • MmIsAddressValid
    • PsSetLoadImageNotifyRoutine
    • ZwQueryDirectoryFile
    • wcscmp
    • _strlwr
    • RtlInitAnsiString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • ZwQueryValueKey
    • strstr
    • _strupr
    • wcsncat
    • wcsncmp
    • wcsrchr
    • wcsstr
    • _wcsicmp
    • _wcslwr
    • RtlAnsiStringToUnicodeString
    • RtlEqualUnicodeString
    • RtlFreeUnicodeString
    • RtlTimeToTimeFields
    • KeSetEvent
    • KeDelayExecutionThread
    • KeWaitForSingleObject
    • KeAcquireSpinLockRaiseToDpc
    • KeReleaseSpinLock
    • KeQueryTimeIncrement
    • ExSystemTimeToLocalTime
    • MmProbeAndLockPages
    • MmUnlockPages
    • MmMapLockedPagesSpecifyCache
    • MmUnmapLockedPages
    • PsGetVersion
    • IoAllocateMdl
    • IofCompleteRequest
    • IoFreeIrp
    • IoFreeMdl
    • IoGetDeviceObjectPointer
    • ObfDereferenceObject
    • ZwQueryInformationFile
    • ZwSetInformationFile
    • ZwReadFile
    • ZwWriteFile
    • ZwDeleteFile
    • sprintf
    • swprintf
    • _snwprintf
    • rand
    • srand
    • ObReferenceObjectByName
    • __C_specific_handler
    • IoDriverObjectType
    • ProbeForRead
    • PsTerminateSystemThread
    • ExQueryDepthSList
    • ExpInterlockedPopEntrySList
    • ExpInterlockedPushEntrySList
    • ExDeleteNPagedLookasideList
    • strncpy
    • _vsnprintf
    • RtlInitString
    • ZwOpenFile
    • ZwCreateSection
    • ZwMapViewOfSection
    • RtlCompareString
    • PsGetCurrentProcessId
    • PsLookupProcessByProcessId
    • RtlImageNtHeader
    • PsGetProcessPeb
    • strchr
    • _wcsupr
    • RtlWriteRegistryValue
    • RtlDeleteRegistryValue
    • ZwCreateKey
    • ZwDeleteKey
    • ZwEnumerateValueKey
    • atoi
    • mbstowcs
    • __chkstk
    • strncmp
    • _strnicmp
    • strrchr
    • ExAcquireFastMutex
    • ExReleaseFastMutex
    • _snprintf
    • ObfReferenceObject
    • IoAllocateIrp
    • IoBuildDeviceIoControlRequest
    • IofCallDriver
    • IoGetRelatedDeviceObject
    • ObReferenceObjectByHandle
    • RtlCompareUnicodeString
    • MmGetSystemRoutineAddress
    • IoCreateFile
    • IoGetFileObjectGenericMapping
    • ObQueryNameString
    • ZwOpenDirectoryObject
    • ObCreateObject
    • SeCreateAccessState
    • IoFileObjectType
    • PsThreadType
    • RtlAppendUnicodeToString
    • RtlCompareMemory
    • IoUnregisterShutdownNotification
    • ZwOpenSymbolicLinkObject
    • ZwQuerySymbolicLinkObject
    • PsSetCreateProcessNotifyRoutine
    • PsSetCreateProcessNotifyRoutineEx
    • ZwOpenProcess
    • ZwQuerySystemInformation
    • RtlImageDirectoryEntryToData
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • IoStopTimer
    • PsRemoveLoadImageNotifyRoutine
    • RtlLengthSid
    • RtlCreateAcl
    • RtlAddAccessAllowedAce
    • IoGetDeviceAttachmentBaseRef
    • ZwSetSecurityObject
    • SeExports
    • _stricmp
    • NtOpenProcess
    • ZwQueryObject
    • ZwDuplicateObject
    • PsLookupThreadByThreadId
    • ZwOpenThread
    • ZwUnloadKey
    • ZwLoadKey
    • ZwUnmapViewOfSection
    • ZwSetValueKey
    • ObSetHandleAttributes
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • PsInitialSystemProcess
    • ZwAllocateVirtualMemory
    • PsIsThreadTerminating
    • KeInitializeApc
    • KeInsertQueueApc
    • ExInitializePagedLookasideList
    • ExDeletePagedLookasideList
    • CmRegisterCallback
    • CmUnRegisterCallback
    • KeAcquireInStackQueuedSpinLock
    • KeReleaseInStackQueuedSpinLock
    • KeClearEvent
    • KeBugCheckEx
    • RtlUnicodeStringToInteger
    • MmAllocatePagesForMdl
    • MmFreePagesFromMdl
    • MmAllocateContiguousMemory
    • MmFreeContiguousMemory
    • MmMapViewInSystemSpace
    • MmUnmapViewInSystemSpace
    • MmSectionObjectType
    • RtlCaptureContext
    • KeCapturePersistentThreadState
    • MmSystemRangeStart
    • IoDeviceObjectType
    • KeRevertToUserAffinityThread
    • KeSetSystemAffinityThread
    • KeCancelTimer
    • KeNumberProcessors
    • IoAllocateMdl
    • MmProbeAndLockPages
    • MmMapLockedPagesSpecifyCache
    • MmUnlockPages
    • IoFreeMdl
    • ExAllocatePool
    • ExFreePool
    • NtQuerySystemInformation
    • HalMakeBeep

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .vvd0
    • .vvd1
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
          "Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
          "TBS": {
            "MD5": "37f3c75288f06dcd39025a0b2a947217",
            "SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
            "SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
            "SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
          },
          "ValidFrom": "2013-04-09 00:00:00",
          "ValidTo": "2014-04-09 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
          "Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
          "TBS": {
            "MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
            "SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
            "SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
            "SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611fb0a400000000001d",
          "Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
          "TBS": {
            "MD5": "a3f222107d4e1085e73b5b589c2f480b",
            "SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
            "SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
            "SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
          },
          "ValidFrom": "2011-02-22 19:31:57",
          "ValidTo": "2021-02-22 19:41:57",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
          "SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2011-01-06 11:22:51
    MD5cf1bc2fb73f82c43e05541100808a217
    SHA1c99b1093d11469729796ab5743c4bb1d16e3b975
    SHA25694b87b1cdaf1d86c2bc4eacef45608d0f16fdd3b981b88cdddc16b6bc64fe25d
    Authentihash MD5458a279f1f8d6f5d687e2a2a9e31bad2
    Authentihash SHA1a183c6b212bca915e6deb0d4dfae3fe4b970cd52
    Authentihash SHA256289761eef2976b001879181b97324408e849729dbf41403fb73ee85565667012
    RichPEHeaderHash MD5ffdf660eb1ebf020a1d0a55a90712dfb
    RichPEHeaderHash SHA13e905e3d061d0d59de61fcf39c994fcb0ec1bab3
    RichPEHeaderHash SHA2562b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
    CompanyCrowdStrike, Inc.
    DescriptionCrowdStrike Falcon Sensor Driver
    ProductCrowdStrike Falcon Sensor
    OriginalFilenameCSAgent.sys

    Download

    Certificates

    Expand
    Certificate 7f67150fbb0d254e474284c7f7819c4f
    FieldValue
    ToBeSigned (TBS) MD537f3c75288f06dcd39025a0b2a947217
    ToBeSigned (TBS) SHA103f6b4f0c154fd95079939c2be18e9c1b4629ad6
    ToBeSigned (TBS) SHA256fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1
    SubjectC=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO
    ValidFrom2013-04-09 00:00:00
    ValidTo2014-04-09 23:59:59
    Signatureb5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber7f67150fbb0d254e474284c7f7819c4f
    Version3
    Certificate 47974d7873a5bcab0d2fb370192fce5e
    FieldValue
    ToBeSigned (TBS) MD5e3a93dc2a8a8a668fdbb286bfe9afab5
    ToBeSigned (TBS) SHA195795d2aa2a554a423bc8c6e5b0a016d14887d35
    ToBeSigned (TBS) SHA256d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
    SubjectC=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47974d7873a5bcab0d2fb370192fce5e
    Version3
    Certificate 611fb0a400000000001d
    FieldValue
    ToBeSigned (TBS) MD5a3f222107d4e1085e73b5b589c2f480b
    ToBeSigned (TBS) SHA1b94aa26cd77c48d91a53ac44506cbd255e1d362c
    ToBeSigned (TBS) SHA256a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
    SubjectC=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
    ValidFrom2011-02-22 19:31:57
    ValidTo2021-02-22 19:41:57
    Signature2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611fb0a400000000001d
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • RtlInitUnicodeString
    • HalReturnToFirmware
    • ExAllocatePool
    • NtQuerySystemInformation
    • ExFreePoolWithTag
    • IoAllocateMdl
    • MmProbeAndLockPages
    • MmMapLockedPagesSpecifyCache
    • MmUnlockPages
    • IoFreeMdl
    • KeQueryActiveProcessors
    • KeSetSystemAffinityThread
    • KeRevertToUserAffinityThread
    • DbgPrint
    • KeQueryPerformanceCounter

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .hSc
    • .%\I
    • .>F2
    • .reloc
    • .rsrc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
          "Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
          "TBS": {
            "MD5": "37f3c75288f06dcd39025a0b2a947217",
            "SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
            "SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
            "SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
          },
          "ValidFrom": "2013-04-09 00:00:00",
          "ValidTo": "2014-04-09 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
          "Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
          "TBS": {
            "MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
            "SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
            "SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
            "SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611fb0a400000000001d",
          "Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
          "TBS": {
            "MD5": "a3f222107d4e1085e73b5b589c2f480b",
            "SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
            "SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
            "SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
          },
          "ValidFrom": "2011-02-22 19:31:57",
          "ValidTo": "2021-02-22 19:41:57",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
          "SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2024-04-09 00:59:14
    MD58cf9ec579ba36fc4a4edbc4788b5f209
    SHA12e96749e78704b8ca13ec84bd047dd271eb12122
    SHA2567af2ff5d405cf9cd1aee2410a969ba22d6df78d98e9d4e60cbe624d8a3bc64a6
    Authentihash MD5fc2fd705cecd3993671d50fb4cec1117
    Authentihash SHA1841992de018af75bb70c878146359c19c0753f04
    Authentihash SHA256d40f6a680914df8c6cf8dda62332ad829a91815ad94439b920af986f93939a7d
    RichPEHeaderHash MD5e7bb28fb62abfc8c1c684963ebbc34bc
    RichPEHeaderHash SHA1180285ea1dfdd472ba7bceeac8d02da69e1af4ff
    RichPEHeaderHash SHA25644f8146727b7e2106d1ac99346d8e7454d95e010db3df3b588290a8d36be4836

    Download

    Certificates

    Expand
    Certificate 7f67150fbb0d254e474284c7f7819c4f
    FieldValue
    ToBeSigned (TBS) MD537f3c75288f06dcd39025a0b2a947217
    ToBeSigned (TBS) SHA103f6b4f0c154fd95079939c2be18e9c1b4629ad6
    ToBeSigned (TBS) SHA256fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1
    SubjectC=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO
    ValidFrom2013-04-09 00:00:00
    ValidTo2014-04-09 23:59:59
    Signatureb5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber7f67150fbb0d254e474284c7f7819c4f
    Version3
    Certificate 47974d7873a5bcab0d2fb370192fce5e
    FieldValue
    ToBeSigned (TBS) MD5e3a93dc2a8a8a668fdbb286bfe9afab5
    ToBeSigned (TBS) SHA195795d2aa2a554a423bc8c6e5b0a016d14887d35
    ToBeSigned (TBS) SHA256d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
    SubjectC=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47974d7873a5bcab0d2fb370192fce5e
    Version3
    Certificate 611fb0a400000000001d
    FieldValue
    ToBeSigned (TBS) MD5a3f222107d4e1085e73b5b589c2f480b
    ToBeSigned (TBS) SHA1b94aa26cd77c48d91a53ac44506cbd255e1d362c
    ToBeSigned (TBS) SHA256a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
    SubjectC=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
    ValidFrom2011-02-22 19:31:57
    ValidTo2021-02-22 19:41:57
    Signature2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611fb0a400000000001d
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • ntoskrnl.exe
    • hal.dll

    Imported Functions

    Expand
    • RtlInitUnicodeString
    • RtlGetVersion
    • ZwCreateFile
    • ZwClose
    • wcsncpy
    • RtlQueryRegistryValues
    • RtlCopyUnicodeString
    • RtlAppendUnicodeStringToString
    • DbgPrint
    • KeInitializeEvent
    • ExAllocatePool
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExInitializeNPagedLookasideList
    • PsCreateSystemThread
    • IoCreateDevice
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoGetCurrentProcess
    • IoRegisterShutdownNotification
    • ZwOpenKey
    • ZwEnumerateKey
    • ZwQueryKey
    • MmIsAddressValid
    • PsSetLoadImageNotifyRoutine
    • ZwQueryDirectoryFile
    • _strlwr
    • RtlInitAnsiString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • ZwQueryValueKey
    • strstr
    • _strupr
    • wcsncat
    • wcsncmp
    • wcsrchr
    • wcsstr
    • _wcslwr
    • RtlAnsiStringToUnicodeString
    • RtlFreeUnicodeString
    • RtlTimeToTimeFields
    • KeSetEvent
    • KeDelayExecutionThread
    • KeWaitForSingleObject
    • KeAcquireSpinLockRaiseToDpc
    • KeReleaseSpinLock
    • KeQueryTimeIncrement
    • ExSystemTimeToLocalTime
    • MmProbeAndLockPages
    • MmUnlockPages
    • MmMapLockedPagesSpecifyCache
    • MmUnmapLockedPages
    • PsGetVersion
    • IoAllocateMdl
    • IofCompleteRequest
    • IoFreeIrp
    • IoFreeMdl
    • IoGetDeviceObjectPointer
    • ObfDereferenceObject
    • ZwQueryInformationFile
    • ZwSetInformationFile
    • ZwReadFile
    • ZwWriteFile
    • ZwDeleteFile
    • sprintf
    • swprintf
    • _snwprintf
    • rand
    • srand
    • ObReferenceObjectByName
    • __C_specific_handler
    • IoDriverObjectType
    • ProbeForRead
    • PsTerminateSystemThread
    • ExQueryDepthSList
    • ExpInterlockedPopEntrySList
    • ExpInterlockedPushEntrySList
    • ExDeleteNPagedLookasideList
    • strncpy
    • _vsnprintf
    • RtlInitString
    • ZwOpenFile
    • ZwCreateSection
    • ZwMapViewOfSection
    • RtlCompareString
    • PsGetCurrentProcessId
    • PsLookupProcessByProcessId
    • RtlImageNtHeader
    • PsGetProcessPeb
    • strchr
    • _wcsupr
    • RtlWriteRegistryValue
    • RtlDeleteRegistryValue
    • ZwCreateKey
    • ZwDeleteKey
    • ZwEnumerateValueKey
    • atoi
    • mbstowcs
    • __chkstk
    • strncmp
    • _strnicmp
    • strrchr
    • ExAcquireFastMutex
    • ExReleaseFastMutex
    • _snprintf
    • ObfReferenceObject
    • IoAllocateIrp
    • IoBuildDeviceIoControlRequest
    • IofCallDriver
    • IoGetRelatedDeviceObject
    • ObReferenceObjectByHandle
    • RtlCompareUnicodeString
    • MmGetSystemRoutineAddress
    • IoCreateFile
    • IoGetFileObjectGenericMapping
    • ObQueryNameString
    • ZwOpenDirectoryObject
    • ObCreateObject
    • SeCreateAccessState
    • wcscmp
    • IoFileObjectType
    • PsThreadType
    • RtlAppendUnicodeToString
    • RtlCompareMemory
    • IoUnregisterShutdownNotification
    • ZwOpenSymbolicLinkObject
    • ZwQuerySymbolicLinkObject
    • PsSetCreateProcessNotifyRoutine
    • PsSetCreateProcessNotifyRoutineEx
    • ZwOpenProcess
    • ZwQuerySystemInformation
    • RtlImageDirectoryEntryToData
    • _wcsicmp
    • IoStopTimer
    • PsRemoveLoadImageNotifyRoutine
    • IoGetDeviceAttachmentBaseRef
    • _stricmp
    • NtOpenProcess
    • ZwQueryObject
    • ZwDuplicateObject
    • PsLookupThreadByThreadId
    • ZwOpenThread
    • ZwUnloadKey
    • ZwLoadKey
    • ZwUnmapViewOfSection
    • ZwSetValueKey
    • ObSetHandleAttributes
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • PsInitialSystemProcess
    • ZwAllocateVirtualMemory
    • PsIsThreadTerminating
    • KeInitializeApc
    • KeInsertQueueApc
    • ExInitializePagedLookasideList
    • ExDeletePagedLookasideList
    • CmRegisterCallback
    • CmUnRegisterCallback
    • KeAcquireInStackQueuedSpinLock
    • KeReleaseInStackQueuedSpinLock
    • KeClearEvent
    • KeBugCheckEx
    • RtlUnicodeStringToInteger
    • MmAllocatePagesForMdl
    • MmFreePagesFromMdl
    • MmAllocateContiguousMemory
    • MmFreeContiguousMemory
    • MmMapViewInSystemSpace
    • MmUnmapViewInSystemSpace
    • MmSectionObjectType
    • RtlCaptureContext
    • KeCapturePersistentThreadState
    • MmSystemRangeStart
    • IoDeviceObjectType
    • KeRevertToUserAffinityThread
    • KeSetSystemAffinityThread
    • KeCancelTimer
    • KeNumberProcessors
    • IoAllocateMdl
    • MmProbeAndLockPages
    • MmMapLockedPagesSpecifyCache
    • MmUnlockPages
    • IoFreeMdl
    • ExAllocatePool
    • ExFreePool
    • NtQuerySystemInformation
    • HalMakeBeep

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .vvd0
    • .vvd1
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
          "Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
          "TBS": {
            "MD5": "37f3c75288f06dcd39025a0b2a947217",
            "SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
            "SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
            "SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
          },
          "ValidFrom": "2013-04-09 00:00:00",
          "ValidTo": "2014-04-09 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
          "Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
          "TBS": {
            "MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
            "SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
            "SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
            "SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611fb0a400000000001d",
          "Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
          "TBS": {
            "MD5": "a3f222107d4e1085e73b5b589c2f480b",
            "SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
            "SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
            "SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
          },
          "ValidFrom": "2011-02-22 19:31:57",
          "ValidTo": "2021-02-22 19:41:57",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
          "SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2024-04-09 00:59:14
    MD5fe499663cd2bf11e0fa3aaead28b05c9
    SHA12d0d89e275d2ea7a0b40af6bf5f284a9f61bcafe
    SHA2564421ff85aacbcc36695a018c5c47e884d56d62d7d5b8172bb70384ffc4d6a2e4
    Authentihash MD59dfb66394b42acb5709c76bedfd13bd7
    Authentihash SHA1450a9f2f2e8f485f6bef404334b6e52f1c02050a
    Authentihash SHA256e8c5227d8827405e0e13a16bbacc6959edd3de95bc167566f742a6c221a0fe75
    RichPEHeaderHash MD5e7bb28fb62abfc8c1c684963ebbc34bc
    RichPEHeaderHash SHA1180285ea1dfdd472ba7bceeac8d02da69e1af4ff
    RichPEHeaderHash SHA25644f8146727b7e2106d1ac99346d8e7454d95e010db3df3b588290a8d36be4836

    Download

    Certificates

    Expand
    Certificate 7f67150fbb0d254e474284c7f7819c4f
    FieldValue
    ToBeSigned (TBS) MD537f3c75288f06dcd39025a0b2a947217
    ToBeSigned (TBS) SHA103f6b4f0c154fd95079939c2be18e9c1b4629ad6
    ToBeSigned (TBS) SHA256fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1
    SubjectC=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO
    ValidFrom2013-04-09 00:00:00
    ValidTo2014-04-09 23:59:59
    Signatureb5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber7f67150fbb0d254e474284c7f7819c4f
    Version3
    Certificate 47974d7873a5bcab0d2fb370192fce5e
    FieldValue
    ToBeSigned (TBS) MD5e3a93dc2a8a8a668fdbb286bfe9afab5
    ToBeSigned (TBS) SHA195795d2aa2a554a423bc8c6e5b0a016d14887d35
    ToBeSigned (TBS) SHA256d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
    SubjectC=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47974d7873a5bcab0d2fb370192fce5e
    Version3
    Certificate 611fb0a400000000001d
    FieldValue
    ToBeSigned (TBS) MD5a3f222107d4e1085e73b5b589c2f480b
    ToBeSigned (TBS) SHA1b94aa26cd77c48d91a53ac44506cbd255e1d362c
    ToBeSigned (TBS) SHA256a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
    SubjectC=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
    ValidFrom2011-02-22 19:31:57
    ValidTo2021-02-22 19:41:57
    Signature2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611fb0a400000000001d
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • ntoskrnl.exe
    • hal.dll

    Imported Functions

    Expand
    • RtlInitUnicodeString
    • RtlGetVersion
    • ZwCreateFile
    • ZwClose
    • wcsncpy
    • RtlQueryRegistryValues
    • RtlCopyUnicodeString
    • RtlAppendUnicodeStringToString
    • DbgPrint
    • KeInitializeEvent
    • ExAllocatePool
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExInitializeNPagedLookasideList
    • PsCreateSystemThread
    • IoCreateDevice
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoGetCurrentProcess
    • IoRegisterShutdownNotification
    • ZwOpenKey
    • ZwEnumerateKey
    • ZwQueryKey
    • MmIsAddressValid
    • PsSetLoadImageNotifyRoutine
    • ZwQueryDirectoryFile
    • _strlwr
    • RtlInitAnsiString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • ZwQueryValueKey
    • strstr
    • _strupr
    • wcsncat
    • wcsncmp
    • wcsrchr
    • wcsstr
    • _wcslwr
    • RtlAnsiStringToUnicodeString
    • RtlFreeUnicodeString
    • RtlTimeToTimeFields
    • KeSetEvent
    • KeDelayExecutionThread
    • KeWaitForSingleObject
    • KeAcquireSpinLockRaiseToDpc
    • KeReleaseSpinLock
    • KeQueryTimeIncrement
    • ExSystemTimeToLocalTime
    • MmProbeAndLockPages
    • MmUnlockPages
    • MmMapLockedPagesSpecifyCache
    • MmUnmapLockedPages
    • PsGetVersion
    • IoAllocateMdl
    • IofCompleteRequest
    • IoFreeIrp
    • IoFreeMdl
    • IoGetDeviceObjectPointer
    • ObfDereferenceObject
    • ZwQueryInformationFile
    • ZwSetInformationFile
    • ZwReadFile
    • ZwWriteFile
    • ZwDeleteFile
    • sprintf
    • swprintf
    • _snwprintf
    • rand
    • srand
    • ObReferenceObjectByName
    • __C_specific_handler
    • IoDriverObjectType
    • ProbeForRead
    • PsTerminateSystemThread
    • ExQueryDepthSList
    • ExpInterlockedPopEntrySList
    • ExpInterlockedPushEntrySList
    • ExDeleteNPagedLookasideList
    • strncpy
    • _vsnprintf
    • RtlInitString
    • ZwOpenFile
    • ZwCreateSection
    • ZwMapViewOfSection
    • RtlCompareString
    • PsGetCurrentProcessId
    • PsLookupProcessByProcessId
    • RtlImageNtHeader
    • PsGetProcessPeb
    • strchr
    • _wcsupr
    • RtlWriteRegistryValue
    • RtlDeleteRegistryValue
    • ZwCreateKey
    • ZwDeleteKey
    • ZwEnumerateValueKey
    • atoi
    • mbstowcs
    • __chkstk
    • strncmp
    • _strnicmp
    • strrchr
    • ExAcquireFastMutex
    • ExReleaseFastMutex
    • _snprintf
    • ObfReferenceObject
    • IoAllocateIrp
    • IoBuildDeviceIoControlRequest
    • IofCallDriver
    • IoGetRelatedDeviceObject
    • ObReferenceObjectByHandle
    • RtlCompareUnicodeString
    • MmGetSystemRoutineAddress
    • IoCreateFile
    • IoGetFileObjectGenericMapping
    • ObQueryNameString
    • ZwOpenDirectoryObject
    • ObCreateObject
    • SeCreateAccessState
    • wcscmp
    • IoFileObjectType
    • PsThreadType
    • RtlAppendUnicodeToString
    • RtlCompareMemory
    • IoUnregisterShutdownNotification
    • ZwOpenSymbolicLinkObject
    • ZwQuerySymbolicLinkObject
    • PsSetCreateProcessNotifyRoutine
    • PsSetCreateProcessNotifyRoutineEx
    • ZwOpenProcess
    • ZwQuerySystemInformation
    • RtlImageDirectoryEntryToData
    • _wcsicmp
    • IoStopTimer
    • PsRemoveLoadImageNotifyRoutine
    • IoGetDeviceAttachmentBaseRef
    • _stricmp
    • NtOpenProcess
    • ZwQueryObject
    • ZwDuplicateObject
    • PsLookupThreadByThreadId
    • ZwOpenThread
    • ZwUnloadKey
    • ZwLoadKey
    • ZwUnmapViewOfSection
    • ZwSetValueKey
    • ObSetHandleAttributes
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • PsInitialSystemProcess
    • ZwAllocateVirtualMemory
    • PsIsThreadTerminating
    • KeInitializeApc
    • KeInsertQueueApc
    • ExInitializePagedLookasideList
    • ExDeletePagedLookasideList
    • CmRegisterCallback
    • CmUnRegisterCallback
    • KeAcquireInStackQueuedSpinLock
    • KeReleaseInStackQueuedSpinLock
    • KeClearEvent
    • KeBugCheckEx
    • RtlUnicodeStringToInteger
    • MmAllocatePagesForMdl
    • MmFreePagesFromMdl
    • MmAllocateContiguousMemory
    • MmFreeContiguousMemory
    • MmMapViewInSystemSpace
    • MmUnmapViewInSystemSpace
    • MmSectionObjectType
    • RtlCaptureContext
    • KeCapturePersistentThreadState
    • MmSystemRangeStart
    • IoDeviceObjectType
    • KeRevertToUserAffinityThread
    • KeSetSystemAffinityThread
    • KeCancelTimer
    • KeNumberProcessors
    • IoAllocateMdl
    • MmProbeAndLockPages
    • MmMapLockedPagesSpecifyCache
    • MmUnlockPages
    • IoFreeMdl
    • ExAllocatePool
    • ExFreePool
    • NtQuerySystemInformation
    • HalMakeBeep

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .vvd0
    • .vvd1
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
          "Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
          "TBS": {
            "MD5": "37f3c75288f06dcd39025a0b2a947217",
            "SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
            "SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
            "SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
          },
          "ValidFrom": "2013-04-09 00:00:00",
          "ValidTo": "2014-04-09 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
          "Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
          "TBS": {
            "MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
            "SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
            "SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
            "SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611fb0a400000000001d",
          "Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
          "TBS": {
            "MD5": "a3f222107d4e1085e73b5b589c2f480b",
            "SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
            "SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
            "SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
          },
          "ValidFrom": "2011-02-22 19:31:57",
          "ValidTo": "2021-02-22 19:41:57",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
          "SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2023-06-23 11:18:09
    MD55200ecb17fb554f13723c9c63145da64
    SHA1dc8211cb76ed434f2f627a440604f7c3f8e04a41
    SHA2562c1b65c2988b337182f1ba57b404793454e30a7fd328d34bc2e79857dc437a4a
    Authentihash MD5754246fcf3f7184f331bbaf89ceab696
    Authentihash SHA184b404763fd1610970186736c311c61574c2c10e
    Authentihash SHA256fa96eca78a57b779fd398294ae2519b7c4fe9e4369e6e7fa5167aebbe6e0c09a
    RichPEHeaderHash MD5ffdf660eb1ebf020a1d0a55a90712dfb
    RichPEHeaderHash SHA13e905e3d061d0d59de61fcf39c994fcb0ec1bab3
    RichPEHeaderHash SHA2562b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
    CompanyTonec Inc.
    DescriptionInternet Download Manager TDI Driver
    ProductInternet Download Manager
    OriginalFilenameidmtdi.sys

    Download

    Certificates

    Expand
    Certificate 7f67150fbb0d254e474284c7f7819c4f
    FieldValue
    ToBeSigned (TBS) MD537f3c75288f06dcd39025a0b2a947217
    ToBeSigned (TBS) SHA103f6b4f0c154fd95079939c2be18e9c1b4629ad6
    ToBeSigned (TBS) SHA256fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1
    SubjectC=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO
    ValidFrom2013-04-09 00:00:00
    ValidTo2014-04-09 23:59:59
    Signatureb5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber7f67150fbb0d254e474284c7f7819c4f
    Version3
    Certificate 47974d7873a5bcab0d2fb370192fce5e
    FieldValue
    ToBeSigned (TBS) MD5e3a93dc2a8a8a668fdbb286bfe9afab5
    ToBeSigned (TBS) SHA195795d2aa2a554a423bc8c6e5b0a016d14887d35
    ToBeSigned (TBS) SHA256d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
    SubjectC=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47974d7873a5bcab0d2fb370192fce5e
    Version3
    Certificate 611fb0a400000000001d
    FieldValue
    ToBeSigned (TBS) MD5a3f222107d4e1085e73b5b589c2f480b
    ToBeSigned (TBS) SHA1b94aa26cd77c48d91a53ac44506cbd255e1d362c
    ToBeSigned (TBS) SHA256a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
    SubjectC=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
    ValidFrom2011-02-22 19:31:57
    ValidTo2021-02-22 19:41:57
    Signature2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611fb0a400000000001d
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • KeInitializeEvent
    • HalReturnToFirmware
    • ExAllocatePool
    • NtQuerySystemInformation
    • ExFreePoolWithTag
    • IoAllocateMdl
    • MmProbeAndLockPages
    • MmMapLockedPagesSpecifyCache
    • MmUnlockPages
    • IoFreeMdl
    • KeQueryActiveProcessors
    • KeSetSystemAffinityThread
    • KeRevertToUserAffinityThread
    • DbgPrint
    • KeQueryPerformanceCounter

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .0X]
    • .y^C
    • .e&b
    • .reloc
    • .rsrc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
          "Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
          "TBS": {
            "MD5": "37f3c75288f06dcd39025a0b2a947217",
            "SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
            "SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
            "SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
          },
          "ValidFrom": "2013-04-09 00:00:00",
          "ValidTo": "2014-04-09 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
          "Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
          "TBS": {
            "MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
            "SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
            "SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
            "SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611fb0a400000000001d",
          "Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
          "TBS": {
            "MD5": "a3f222107d4e1085e73b5b589c2f480b",
            "SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
            "SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
            "SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
          },
          "ValidFrom": "2011-02-22 19:31:57",
          "ValidTo": "2021-02-22 19:41:57",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
          "SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2023-12-20 00:26:03
    MD511cf20a428b8fb81ff20dfe4dc3e28bd
    SHA155a139fe44e836a1886774d7c89c70796060f1c4
    SHA256ce106afd6a9996ac0150709a30d61ece7d7bfe1f27492c00f4fabab9ec40575d
    Authentihash MD5fca829a587deffab1fa11f2274f6b5d2
    Authentihash SHA1d31ee4f8934f4a9508a39a02905edca5cdc1faca
    Authentihash SHA256dd41e9a82e7be92a5d77624054a0b9e5e725492bae527f31e878140482ce802f
    RichPEHeaderHash MD5ffdf660eb1ebf020a1d0a55a90712dfb
    RichPEHeaderHash SHA13e905e3d061d0d59de61fcf39c994fcb0ec1bab3
    RichPEHeaderHash SHA2562b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6

    Download

    Certificates

    Expand
    Certificate 7f67150fbb0d254e474284c7f7819c4f
    FieldValue
    ToBeSigned (TBS) MD537f3c75288f06dcd39025a0b2a947217
    ToBeSigned (TBS) SHA103f6b4f0c154fd95079939c2be18e9c1b4629ad6
    ToBeSigned (TBS) SHA256fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1
    SubjectC=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO
    ValidFrom2013-04-09 00:00:00
    ValidTo2014-04-09 23:59:59
    Signatureb5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber7f67150fbb0d254e474284c7f7819c4f
    Version3
    Certificate 47974d7873a5bcab0d2fb370192fce5e
    FieldValue
    ToBeSigned (TBS) MD5e3a93dc2a8a8a668fdbb286bfe9afab5
    ToBeSigned (TBS) SHA195795d2aa2a554a423bc8c6e5b0a016d14887d35
    ToBeSigned (TBS) SHA256d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
    SubjectC=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47974d7873a5bcab0d2fb370192fce5e
    Version3
    Certificate 611fb0a400000000001d
    FieldValue
    ToBeSigned (TBS) MD5a3f222107d4e1085e73b5b589c2f480b
    ToBeSigned (TBS) SHA1b94aa26cd77c48d91a53ac44506cbd255e1d362c
    ToBeSigned (TBS) SHA256a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
    SubjectC=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
    ValidFrom2011-02-22 19:31:57
    ValidTo2021-02-22 19:41:57
    Signature2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611fb0a400000000001d
    Version3

    Imports

    Expand
    • fwpkclnt.sys
    • NDIS.SYS
    • ntoskrnl.exe
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • FwpsFreeNetBufferList0
    • FwpmFilterDeleteById0
    • NdisAllocateGenericObject
    • NdisFreeNetBufferListPool
    • NdisAllocateNetBufferListPool
    • NdisRetreatNetBufferDataStart
    • NdisAdvanceNetBufferDataStart
    • NdisGetDataBuffer
    • NdisInitializeEvent
    • NdisFreeGenericObject
    • NdisWaitEvent
    • RtlInitUnicodeString
    • ObfDereferenceObject
    • PsLookupProcessByProcessId
    • RtlCompareMemory
    • KeAcquireInStackQueuedSpinLock
    • KeReleaseInStackQueuedSpinLock
    • ExAllocatePoolWithTag
    • ExUuidCreate
    • swprintf_s
    • __C_specific_handler
    • MmGetSystemRoutineAddress
    • RtlAppendUnicodeToString
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • KeInitializeEvent
    • KeSetEvent
    • KeWaitForSingleObject
    • ExFreePoolWithTag
    • ExQueryDepthSList
    • ExpInterlockedPopEntrySList
    • ExpInterlockedPushEntrySList
    • ExInitializeNPagedLookasideList
    • ExDeleteNPagedLookasideList
    • MmBuildMdlForNonPagedPool
    • MmMapLockedPagesSpecifyCache
    • MmUnmapLockedPages
    • MmAllocatePagesForMdl
    • MmFreePagesFromMdl
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • IoAllocateMdl
    • IofCompleteRequest
    • IoCreateDevice
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • IoFreeMdl
    • IoReleaseCancelSpinLock
    • ObReferenceObjectByHandle
    • ZwClose
    • ZwOpenKey
    • ZwQueryValueKey
    • PsGetCurrentProcessId
    • ZwSetInformationThread
    • RtlLengthSid
    • RtlCreateAcl
    • RtlAddAccessAllowedAce
    • ObOpenObjectByPointer
    • ZwSetSecurityObject
    • SeExports
    • RtlGetVersion
    • ZwCreateFile
    • IoCreateFileSpecifyDeviceObjectHint
    • IoGetBaseFileSystemDeviceObject
    • ZwDeleteFile
    • IoFileObjectType
    • _stricmp
    • ZwQuerySystemInformation
    • RtlValidSid
    • KeBugCheckEx
    • ExAllocatePool
    • NtQuerySystemInformation
    • ExFreePoolWithTag
    • IoAllocateMdl
    • MmProbeAndLockPages
    • MmMapLockedPagesSpecifyCache
    • MmUnlockPages
    • IoFreeMdl
    • KeQueryActiveProcessors
    • KeSetSystemAffinityThread
    • KeRevertToUserAffinityThread
    • DbgPrint
    • KeQueryPerformanceCounter

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .wEI
    • .xpk
    • .hCC
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
          "Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
          "TBS": {
            "MD5": "37f3c75288f06dcd39025a0b2a947217",
            "SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
            "SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
            "SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
          },
          "ValidFrom": "2013-04-09 00:00:00",
          "ValidTo": "2014-04-09 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
          "Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
          "TBS": {
            "MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
            "SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
            "SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
            "SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611fb0a400000000001d",
          "Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
          "TBS": {
            "MD5": "a3f222107d4e1085e73b5b589c2f480b",
            "SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
            "SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
            "SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
          },
          "ValidFrom": "2011-02-22 19:31:57",
          "ValidTo": "2021-02-22 19:41:57",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
          "SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2023-06-23 11:18:09
    MD5b503cd460a61d303107aa459956781fd
    SHA1a264b74f8ff47ae4fac9d3361508adac82e15c0b
    SHA2562cd7a0c4e8d24404c92e4ed8539b2136028a8ca663f3432e417b00665493e13f
    Authentihash MD5ce05ebdd0c7be7429cb4fb2e963f9181
    Authentihash SHA1699eb6eb826496693a69d479023271bcb29651ba
    Authentihash SHA256dee8dbe00a809e5ecdbea898393dd9ecd32fa0a0de80463cc2b903dcdec2cffe
    RichPEHeaderHash MD5ffdf660eb1ebf020a1d0a55a90712dfb
    RichPEHeaderHash SHA13e905e3d061d0d59de61fcf39c994fcb0ec1bab3
    RichPEHeaderHash SHA2562b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
    CompanyPalo Alto Networks, Inc.
    DescriptionCortex XDR LPC Driver
    ProductCortex XDR™ Advanced Endpoint Protection
    OriginalFilenamecyvrlpc.sys

    Download

    Certificates

    Expand
    Certificate 7f67150fbb0d254e474284c7f7819c4f
    FieldValue
    ToBeSigned (TBS) MD537f3c75288f06dcd39025a0b2a947217
    ToBeSigned (TBS) SHA103f6b4f0c154fd95079939c2be18e9c1b4629ad6
    ToBeSigned (TBS) SHA256fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1
    SubjectC=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO
    ValidFrom2013-04-09 00:00:00
    ValidTo2014-04-09 23:59:59
    Signatureb5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber7f67150fbb0d254e474284c7f7819c4f
    Version3
    Certificate 47974d7873a5bcab0d2fb370192fce5e
    FieldValue
    ToBeSigned (TBS) MD5e3a93dc2a8a8a668fdbb286bfe9afab5
    ToBeSigned (TBS) SHA195795d2aa2a554a423bc8c6e5b0a016d14887d35
    ToBeSigned (TBS) SHA256d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
    SubjectC=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47974d7873a5bcab0d2fb370192fce5e
    Version3
    Certificate 611fb0a400000000001d
    FieldValue
    ToBeSigned (TBS) MD5a3f222107d4e1085e73b5b589c2f480b
    ToBeSigned (TBS) SHA1b94aa26cd77c48d91a53ac44506cbd255e1d362c
    ToBeSigned (TBS) SHA256a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
    SubjectC=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
    ValidFrom2011-02-22 19:31:57
    ValidTo2021-02-22 19:41:57
    Signature2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611fb0a400000000001d
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • KeInitializeEvent
    • HalReturnToFirmware
    • ExAllocatePool
    • NtQuerySystemInformation
    • ExFreePoolWithTag
    • IoAllocateMdl
    • MmProbeAndLockPages
    • MmMapLockedPagesSpecifyCache
    • MmUnlockPages
    • IoFreeMdl
    • KeQueryActiveProcessors
    • KeSetSystemAffinityThread
    • KeRevertToUserAffinityThread
    • DbgPrint
    • KeQueryPerformanceCounter

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .%>Z
    • .NNo
    • .qH}
    • .reloc
    • .rsrc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
          "Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
          "TBS": {
            "MD5": "37f3c75288f06dcd39025a0b2a947217",
            "SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
            "SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
            "SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
          },
          "ValidFrom": "2013-04-09 00:00:00",
          "ValidTo": "2014-04-09 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
          "Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
          "TBS": {
            "MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
            "SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
            "SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
            "SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611fb0a400000000001d",
          "Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
          "TBS": {
            "MD5": "a3f222107d4e1085e73b5b589c2f480b",
            "SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
            "SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
            "SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
          },
          "ValidFrom": "2011-02-22 19:31:57",
          "ValidTo": "2021-02-22 19:41:57",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
          "SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filename
    Creation Timestamp2024-08-09 07:59:20
    MD5a06880ad1efe6b57ca1d59d878dea82a
    SHA1668b0274d350a6d895d140a9700a88156c0db06f
    SHA2563855b2df32e0eedec454b25e6e2da6b3df19c4b0f575e45bc06482d4ebce7551
    Authentihash MD59d646db70c57fe3f4be5d62c52fc32a4
    Authentihash SHA1cdf4607b40c6c886368a50f060f10538d93e8719
    Authentihash SHA2564a61add64bbb08af8576aac592fdafe7114b940878babb3ae90bfde26f315187
    RichPEHeaderHash MD50aa427f4ccc6e84d37c6e781da65e484
    RichPEHeaderHash SHA1080cd8a498eccf8478fc81dbb719a25464947eee
    RichPEHeaderHash SHA2569e1bc00124c20f1de4dcd2e06a2ca018d3e5732b6fedccac185afe5c90ed45a2

    Download

    Certificates

    Expand
    Certificate 7f67150fbb0d254e474284c7f7819c4f
    FieldValue
    ToBeSigned (TBS) MD537f3c75288f06dcd39025a0b2a947217
    ToBeSigned (TBS) SHA103f6b4f0c154fd95079939c2be18e9c1b4629ad6
    ToBeSigned (TBS) SHA256fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1
    SubjectC=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO
    ValidFrom2013-04-09 00:00:00
    ValidTo2014-04-09 23:59:59
    Signatureb5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber7f67150fbb0d254e474284c7f7819c4f
    Version3
    Certificate 47974d7873a5bcab0d2fb370192fce5e
    FieldValue
    ToBeSigned (TBS) MD5e3a93dc2a8a8a668fdbb286bfe9afab5
    ToBeSigned (TBS) SHA195795d2aa2a554a423bc8c6e5b0a016d14887d35
    ToBeSigned (TBS) SHA256d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
    SubjectC=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47974d7873a5bcab0d2fb370192fce5e
    Version3
    Certificate 611fb0a400000000001d
    FieldValue
    ToBeSigned (TBS) MD5a3f222107d4e1085e73b5b589c2f480b
    ToBeSigned (TBS) SHA1b94aa26cd77c48d91a53ac44506cbd255e1d362c
    ToBeSigned (TBS) SHA256a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
    SubjectC=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
    ValidFrom2011-02-22 19:31:57
    ValidTo2021-02-22 19:41:57
    Signature2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611fb0a400000000001d
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • ntoskrnl.exe
    • hal.dll

    Imported Functions

    Expand
    • RtlInitUnicodeString
    • RtlGetVersion
    • ZwCreateFile
    • ZwClose
    • wcsncpy
    • RtlQueryRegistryValues
    • RtlCopyUnicodeString
    • RtlAppendUnicodeStringToString
    • DbgPrint
    • KeInitializeEvent
    • ExAllocatePool
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExInitializeNPagedLookasideList
    • PsCreateSystemThread
    • IoCreateDevice
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoGetCurrentProcess
    • IoRegisterShutdownNotification
    • ZwOpenKey
    • ZwEnumerateKey
    • ZwQueryKey
    • MmIsAddressValid
    • PsSetLoadImageNotifyRoutine
    • ZwQueryDirectoryFile
    • wcscmp
    • _strlwr
    • RtlInitAnsiString
    • RtlUnicodeStringToAnsiString
    • RtlFreeAnsiString
    • ZwQueryValueKey
    • strstr
    • _strupr
    • wcsncat
    • wcsncmp
    • wcsrchr
    • wcsstr
    • _wcsicmp
    • _wcslwr
    • RtlAnsiStringToUnicodeString
    • RtlEqualUnicodeString
    • RtlFreeUnicodeString
    • RtlTimeToTimeFields
    • KeSetEvent
    • KeDelayExecutionThread
    • KeWaitForSingleObject
    • KeAcquireSpinLockRaiseToDpc
    • KeReleaseSpinLock
    • KeQueryTimeIncrement
    • ExSystemTimeToLocalTime
    • MmProbeAndLockPages
    • MmUnlockPages
    • MmMapLockedPagesSpecifyCache
    • MmUnmapLockedPages
    • PsGetVersion
    • IoAllocateMdl
    • IofCompleteRequest
    • IoFreeIrp
    • IoFreeMdl
    • IoGetDeviceObjectPointer
    • ObfDereferenceObject
    • ZwQueryInformationFile
    • ZwSetInformationFile
    • ZwReadFile
    • ZwWriteFile
    • ZwDeleteFile
    • sprintf
    • swprintf
    • _snwprintf
    • rand
    • srand
    • ObReferenceObjectByName
    • __C_specific_handler
    • IoDriverObjectType
    • ProbeForRead
    • PsTerminateSystemThread
    • ExQueryDepthSList
    • ExpInterlockedPopEntrySList
    • ExpInterlockedPushEntrySList
    • ExDeleteNPagedLookasideList
    • strncpy
    • _vsnprintf
    • RtlInitString
    • ZwOpenFile
    • ZwCreateSection
    • ZwMapViewOfSection
    • RtlCompareString
    • PsGetCurrentProcessId
    • PsLookupProcessByProcessId
    • RtlImageNtHeader
    • PsGetProcessPeb
    • strchr
    • _wcsupr
    • RtlWriteRegistryValue
    • RtlDeleteRegistryValue
    • ZwCreateKey
    • ZwDeleteKey
    • ZwEnumerateValueKey
    • atoi
    • mbstowcs
    • __chkstk
    • strncmp
    • _strnicmp
    • strrchr
    • ExAcquireFastMutex
    • ExReleaseFastMutex
    • _snprintf
    • ObfReferenceObject
    • IoAllocateIrp
    • IoBuildDeviceIoControlRequest
    • IofCallDriver
    • IoGetRelatedDeviceObject
    • ObReferenceObjectByHandle
    • RtlCompareUnicodeString
    • MmGetSystemRoutineAddress
    • IoCreateFile
    • IoGetFileObjectGenericMapping
    • ObQueryNameString
    • ZwOpenDirectoryObject
    • ObCreateObject
    • SeCreateAccessState
    • IoFileObjectType
    • PsThreadType
    • RtlAppendUnicodeToString
    • RtlCompareMemory
    • IoUnregisterShutdownNotification
    • ZwOpenSymbolicLinkObject
    • ZwQuerySymbolicLinkObject
    • PsSetCreateProcessNotifyRoutine
    • PsSetCreateProcessNotifyRoutineEx
    • ZwOpenProcess
    • ZwQuerySystemInformation
    • RtlImageDirectoryEntryToData
    • RtlCreateSecurityDescriptor
    • RtlSetDaclSecurityDescriptor
    • IoStopTimer
    • PsRemoveLoadImageNotifyRoutine
    • RtlLengthSid
    • RtlCreateAcl
    • RtlAddAccessAllowedAce
    • IoGetDeviceAttachmentBaseRef
    • ZwSetSecurityObject
    • SeExports
    • _stricmp
    • NtOpenProcess
    • ZwQueryObject
    • ZwDuplicateObject
    • PsLookupThreadByThreadId
    • ZwOpenThread
    • ZwUnloadKey
    • ZwLoadKey
    • ZwUnmapViewOfSection
    • ZwSetValueKey
    • ObSetHandleAttributes
    • KeStackAttachProcess
    • KeUnstackDetachProcess
    • PsInitialSystemProcess
    • ZwAllocateVirtualMemory
    • PsIsThreadTerminating
    • KeInitializeApc
    • KeInsertQueueApc
    • ExInitializePagedLookasideList
    • ExDeletePagedLookasideList
    • CmRegisterCallback
    • CmUnRegisterCallback
    • KeAcquireInStackQueuedSpinLock
    • KeReleaseInStackQueuedSpinLock
    • KeClearEvent
    • KeBugCheckEx
    • RtlUnicodeStringToInteger
    • MmAllocatePagesForMdl
    • MmFreePagesFromMdl
    • MmAllocateContiguousMemory
    • MmFreeContiguousMemory
    • MmMapViewInSystemSpace
    • MmUnmapViewInSystemSpace
    • MmSectionObjectType
    • RtlCaptureContext
    • KeCapturePersistentThreadState
    • MmSystemRangeStart
    • IoDeviceObjectType
    • KeRevertToUserAffinityThread
    • KeSetSystemAffinityThread
    • KeCancelTimer
    • KeNumberProcessors
    • IoAllocateMdl
    • MmProbeAndLockPages
    • MmMapLockedPagesSpecifyCache
    • MmUnlockPages
    • IoFreeMdl
    • ExAllocatePool
    • ExFreePool
    • NtQuerySystemInformation
    • HalMakeBeep

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .vvd0
    • .vvd1
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
          "Signature": "b5b7c561721afb2d9309e5d841a18f9bbf7099e9f5b91c949dc4527c998204ccaac2824ec8a00ffedb51f4113001531b4715ddf89ad4379f5b3521bb1fba0b432ea35ca930e3869ec27ece21f2415ac9add420f3fa3be8bc64657002134f5d2f7b534d9341548eab7773b4ba53dd441eae8a2418624b66fa6c4a4744e4439c6604ebfe0a7a0892392955697213c3b75e7082af156fcb3169da196161b7c6f588a01909b076d26ef7344ae33ab9e461575f690f5407d05385962baaa8850b3af5fe1e14456c990e656327010b12bda0f8be86a4bdd55c296e13e9895fd91df1bb3beb96719d9b9f53432034f9a6462e993c16fe71374c8ae229c8c642379686dd",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=CN, ST=Shandong, L=Jiaonan, O=No Organization Affiliation, OU=Individual Developer, CN=FEI XIAO",
          "TBS": {
            "MD5": "37f3c75288f06dcd39025a0b2a947217",
            "SHA1": "03f6b4f0c154fd95079939c2be18e9c1b4629ad6",
            "SHA256": "fc3c47fa96efad0037b5bba251953c084e5dd0959408b55367ed37bf5cf418d1",
            "SHA384": "5c5a2a0e3ee8a01b814dee1d9db8d03dd0c9bcd14649c8b87c6f1139d31e80cffcb8d9bfed219ba592dd19141aacd990"
          },
          "ValidFrom": "2013-04-09 00:00:00",
          "ValidTo": "2014-04-09 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "47974d7873a5bcab0d2fb370192fce5e",
          "Signature": "56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
          "TBS": {
            "MD5": "e3a93dc2a8a8a668fdbb286bfe9afab5",
            "SHA1": "95795d2aa2a554a423bc8c6e5b0a016d14887d35",
            "SHA256": "d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e",
            "SHA384": "78d972495720b43a6470b18ae1226bcca20707628087717a9364c14ca053ba264e6d149718b103542d9942200138a69d"
          },
          "ValidFrom": "2010-02-08 00:00:00",
          "ValidTo": "2020-02-07 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "611fb0a400000000001d",
          "Signature": "2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA",
          "TBS": {
            "MD5": "a3f222107d4e1085e73b5b589c2f480b",
            "SHA1": "b94aa26cd77c48d91a53ac44506cbd255e1d362c",
            "SHA256": "a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa",
            "SHA384": "64b7643e4146016cbf83c911eb67e4601b6bb8d66f8ee8dcee67b815f91770d86ab23678b984430f22a963e5484881b7"
          },
          "ValidFrom": "2011-02-22 19:31:57",
          "ValidTo": "2021-02-22 19:41:57",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2",
          "SerialNumber": "7f67150fbb0d254e474284c7f7819c4f",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    source

    last_updated: 2025-01-13