Description NCHGBIOS2x64.SYS is a vulnerable driver and more information will be added as found.
UUID : d2806397-9ceb-47c8-b5f3-3aabec182ff5Created : 2023-01-09Author : Michael HaagDownload
This download link contains the vulnerable driver!
Block NCHGBIOS2x64.SYS across your endpoints Add this driver to your block policy in minutes with MagicSword, threat-driven application control. Free for up to 100 endpoints.
Start Blocking for Free Commands sc.exe create NCHGBIOS2x64.SYS binPath=C:\windows\temp\NCHGBIOS2x64.SYS type=kernel && sc.exe start NCHGBIOS2x64.SYS
Use Case Privileges Operating System Elevate privileges kernel Windows 10
Detections Sigma 🛡️ Expand Names
detects loading using name only
Hashes
detects loading using hashes only
Resources https://github.com/eclypsium/Screwed-Drivers/blob/master/DRIVERS.md Known Vulnerable Samples Download
Certificates Expand Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b Field Value ToBeSigned (TBS) MD5 d0785ad36e427c92b19f6826ab1e8020 ToBeSigned (TBS) SHA1 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 ToBeSigned (TBS) SHA256 c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff Subject C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 ValidFrom 2012-12-21 00:00:00 ValidTo 2020-12-30 23:59:59 Signature 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 7e93ebfb7cc64e59ea4b9a77d406fc3b Version 3
Certificate 0ecff438c8febf356e04d86a981b1a50 Field Value ToBeSigned (TBS) MD5 e9d38360b914c8863f6cba3ee58764d3 ToBeSigned (TBS) SHA1 4cba8eae47b6bf76f20b3504b98b8f062694a89b ToBeSigned (TBS) SHA256 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 Subject C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 ValidFrom 2012-10-18 00:00:00 ValidTo 2020-12-29 23:59:59 Signature 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 0ecff438c8febf356e04d86a981b1a50 Version 3
Certificate 250ce8e030612e9f2b89f7054d7cf8fd Field Value ToBeSigned (TBS) MD5 918d9eb6a6cd36c531eceb926170a7e1 ToBeSigned (TBS) SHA1 0ae95700d65e6f59715aa47048993ca7858e676a ToBeSigned (TBS) SHA256 47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166 Subject C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5 ValidFrom 2006-11-08 00:00:00 ValidTo 2021-11-07 23:59:59 Signature 1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 250ce8e030612e9f2b89f7054d7cf8fd Version 3
Certificate 610c120600000000001b Field Value ToBeSigned (TBS) MD5 53c41bc1164e09e0cd1617a5bf913efd ToBeSigned (TBS) SHA1 93c03aac8951d494ecd5696b1c08658541b18727 ToBeSigned (TBS) SHA256 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b Subject C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority ValidFrom 2006-05-23 17:01:29 ValidTo 2016-05-23 17:11:29 Signature 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 610c120600000000001b Version 3
Certificate 4dfa235fb8e4e89715cc62facb68438d Field Value ToBeSigned (TBS) MD5 91ef24d360937dc7a131e11bd0ec6224 ToBeSigned (TBS) SHA1 25bd894d25596a11b1ea317bf25d4774fc19ee4c ToBeSigned (TBS) SHA256 120afcbfa6317121a8255d79d9216cacb1545acf8b27f63c5e9f50e208d9abeb Subject C=JP, ST=Tokyo, L=1,1 Shibaura, 1,chome, Minato,ku, O=TOSHIBA CORPORATION, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=TOSHIBA CORPORATION, CN=TOSHIBA CORPORATION ValidFrom 2012-04-05 00:00:00 ValidTo 2013-04-05 23:59:59 Signature d34cb4523367a2f1c3ac6cd7b60573565e4fb4408ebcd1b7b81a8c550df4c0cf8c5e4866f934b8cdc853c990a24134f098d4429befd62b07fdbfac78fec80ddb218b3a9311dec9d98fdba32ce0c2db6a40564212794311eaeb7459f19b355721a28e16c9e8d859983ce0d4c090baa076662d30e34385fea849917de462ced4be80e7b08b9a50493a5f59c84cc5f3258c8c85722cb2146e8470fe3f2a3ef9ad35a2e0ddd1227cdcc25b14e51d3eadea817412652ed9af9812fa86110376c487d0fc7370fdf9f9a5ad214e4c9e0ce464137965f8b6ef1c63a0743c1f127a910da444a05415b072ce6d3ce64e82368ac06a66d6d0a53a343ce06fe248cbb70d465a SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 4dfa235fb8e4e89715cc62facb68438d Version 3
Certificate 5200e5aa2556fc1a86ed96c9d44b33c7 Field Value ToBeSigned (TBS) MD5 b30c31a572b0409383ed3fbe17e56e81 ToBeSigned (TBS) SHA1 4843a82ed3b1f2bfbee9671960e1940c942f688d ToBeSigned (TBS) SHA256 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9 Subject C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA ValidFrom 2010-02-08 00:00:00 ValidTo 2020-02-07 23:59:59 Signature 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 5200e5aa2556fc1a86ed96c9d44b33c7 Version 3
Imports Expand Imported Functions Expand MmFreeContiguousMemory MmUnmapIoSpace MmGetPhysicalAddress MmMapLockedPagesSpecifyCache MmMapIoSpace IoDeleteDevice RtlCompareMemory IoCreateSymbolicLink IoCreateDevice MmAllocateContiguousMemory KeBugCheckEx RtlInitUnicodeString IofCompleteRequest IoDeleteSymbolicLink HalGetBusDataByOffset HalSetBusDataByOffset Exported Functions Expand Sections Expand .text .rdata .data .pdata INIT .rsrc Signature Expand {
"Certificates": [
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"CertificateType": "Intermediate",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "250ce8e030612e9f2b89f7054d7cf8fd",
"Signature": "1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
"TBS": {
"MD5": "918d9eb6a6cd36c531eceb926170a7e1",
"SHA1": "0ae95700d65e6f59715aa47048993ca7858e676a",
"SHA256": "47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166",
"SHA384": "e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85"
},
"ValidFrom": "2006-11-08 00:00:00",
"ValidTo": "2021-11-07 23:59:59",
"Version": 3
},
{
"CertificateType": "Intermediate",
"IsCA": false,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "610c120600000000001b",
"Signature": "01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority",
"TBS": {
"MD5": "53c41bc1164e09e0cd1617a5bf913efd",
"SHA1": "93c03aac8951d494ecd5696b1c08658541b18727",
"SHA256": "40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b",
"SHA384": "f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8"
},
"ValidFrom": "2006-05-23 17:01:29",
"ValidTo": "2016-05-23 17:11:29",
"Version": 3
},
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "4dfa235fb8e4e89715cc62facb68438d",
"Signature": "d34cb4523367a2f1c3ac6cd7b60573565e4fb4408ebcd1b7b81a8c550df4c0cf8c5e4866f934b8cdc853c990a24134f098d4429befd62b07fdbfac78fec80ddb218b3a9311dec9d98fdba32ce0c2db6a40564212794311eaeb7459f19b355721a28e16c9e8d859983ce0d4c090baa076662d30e34385fea849917de462ced4be80e7b08b9a50493a5f59c84cc5f3258c8c85722cb2146e8470fe3f2a3ef9ad35a2e0ddd1227cdcc25b14e51d3eadea817412652ed9af9812fa86110376c487d0fc7370fdf9f9a5ad214e4c9e0ce464137965f8b6ef1c63a0743c1f127a910da444a05415b072ce6d3ce64e82368ac06a66d6d0a53a343ce06fe248cbb70d465a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=JP, ST=Tokyo, L=1,1 Shibaura, 1,chome, Minato,ku, O=TOSHIBA CORPORATION, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=TOSHIBA CORPORATION, CN=TOSHIBA CORPORATION",
"TBS": {
"MD5": "91ef24d360937dc7a131e11bd0ec6224",
"SHA1": "25bd894d25596a11b1ea317bf25d4774fc19ee4c",
"SHA256": "120afcbfa6317121a8255d79d9216cacb1545acf8b27f63c5e9f50e208d9abeb",
"SHA384": "5ec40867f9174220893b801f465c81b00e6ccc52ecc401768d55e1c0c9c7943187500707978dfcd1feeab13d72857412"
},
"ValidFrom": "2012-04-05 00:00:00",
"ValidTo": "2013-04-05 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
"Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
"TBS": {
"MD5": "b30c31a572b0409383ed3fbe17e56e81",
"SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
"SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
"SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
},
"ValidFrom": "2010-02-08 00:00:00",
"ValidTo": "2020-02-07 23:59:59",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
"SerialNumber": "4dfa235fb8e4e89715cc62facb68438d",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates Expand Certificate 3825d7faf861af9ef490e726b5d65ad5 Field Value ToBeSigned (TBS) MD5 d6c7684e9aaa508cf268335f83afe040 ToBeSigned (TBS) SHA1 18066d20ad92409c567cdfde745279ff71c75226 ToBeSigned (TBS) SHA256 a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff Subject C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2 ValidFrom 2007-06-15 00:00:00 ValidTo 2012-06-14 23:59:59 Signature 50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 3825d7faf861af9ef490e726b5d65ad5 Version 3
Certificate 47bf1995df8d524643f7db6d480d31a4 Field Value ToBeSigned (TBS) MD5 518d2ea8a21e879c942d504824ac211c ToBeSigned (TBS) SHA1 21ce87d827077e61abddf2beba69fde5432ea031 ToBeSigned (TBS) SHA256 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7 Subject C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA ValidFrom 2003-12-04 00:00:00 ValidTo 2013-12-03 23:59:59 Signature 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 47bf1995df8d524643f7db6d480d31a4 Version 3
Certificate 655226e1b22e18e1590f2985ac22e75c Field Value ToBeSigned (TBS) MD5 650704c342850095f3288eaf791147d4 ToBeSigned (TBS) SHA1 4cdc38c800761463749c3cbd94a12f32e49877bf ToBeSigned (TBS) SHA256 07b8f662558ec85b71b43a79c6e94698144f4ced2308af21e7ba1e5d461da214 Subject C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, CN=VeriSign Class 3 Code Signing 2009,2 CA ValidFrom 2009-05-21 00:00:00 ValidTo 2019-05-20 23:59:59 Signature 8b03c0dd94d841a26169b015a878c730c6903c7e42f724b6e4837317047f04109ca1e2fa812febc0ca44e772e050b6551020836e9692e49a516ab43731dca52deb8c00c71d4fe74d32ba85f84ebefa675565f06abe7aca64381a101078457631f3867a030f60c2b35d9df68b6676821b59e183e5bd49a53856e5de41770e580f SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 655226e1b22e18e1590f2985ac22e75c Version 3
Certificate 610c120600000000001b Field Value ToBeSigned (TBS) MD5 53c41bc1164e09e0cd1617a5bf913efd ToBeSigned (TBS) SHA1 93c03aac8951d494ecd5696b1c08658541b18727 ToBeSigned (TBS) SHA256 40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b Subject C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority ValidFrom 2006-05-23 17:01:29 ValidTo 2016-05-23 17:11:29 Signature 01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 610c120600000000001b Version 3
Certificate 4b06fb7842759523c64bc79deaa482c6 Field Value ToBeSigned (TBS) MD5 b5879b02585ebcdb899f6ff09bf4d1ed ToBeSigned (TBS) SHA1 c9b563daca0689780baf6bc6524d86dfd66c2fd8 ToBeSigned (TBS) SHA256 36d22ed370549b7bd7ef59b27cc37d07e9462f9e270fb1f71bd69e3a2be18ba7 Subject C=JP, ST=Tokyo, L=1,1 Shibaura, 1,chome, Minato,ku, O=TOSHIBA CORPORATION, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=TOSHIBA CORPORATION, CN=TOSHIBA CORPORATION ValidFrom 2010-04-22 00:00:00 ValidTo 2011-04-22 23:59:59 Signature 1b0a053791d4efe2a37a3a58620359c1c41196f246c518778b2a48752073b125f823aeab26613cf222fb496c5c257ae5a2d29c9b6be0749636b1e3dd041e7ac9373e57e8e650f6d54d19fa78d954aef45995eb99a1213bff7dc72973047b83069811becaca46ed4a5d8e1e5d1c584eb2048e5551cbeb77fd8af2d385d7d77a5589ac83e4c1d8ff7056409d3af7e01fe8412cf331190198eabe590ce35d6cd87937824067eb1e809d7add6ef0fc566c6a4987e851cfce9bc716dd41dc043a37fd451e6e63e070f8fd7d31b4968b96c786a4fed2e0423a4db6dd0c52e7fb8a2fd4ddc4c0dbae7b1a344ffe9d4a2bdaf886f33893250640d13b2f31d77a12c10978 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 4b06fb7842759523c64bc79deaa482c6 Version 3
Imports Expand Imported Functions Expand IoIs32bitProcess MmFreeContiguousMemory MmUnmapIoSpace MmGetPhysicalAddress MmMapLockedPagesSpecifyCache MmMapIoSpace IoDeleteDevice RtlCompareMemory IoCreateSymbolicLink IoCreateDevice MmAllocateContiguousMemory KeBugCheckEx RtlInitUnicodeString IofCompleteRequest IoDeleteSymbolicLink HalGetBusDataByOffset HalSetBusDataByOffset Exported Functions Expand Sections Expand .text .rdata .data .pdata INIT .rsrc Signature Expand {
"Certificates": [
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"CertificateType": "Intermediate",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "250ce8e030612e9f2b89f7054d7cf8fd",
"Signature": "1302ddf8e88600f25af8f8200c59886207cecef74ef9bb59a198e5e138dd4ebc6618d3adeb18f20dc96d3e4a9420c33cbabd6554c6af44b310ad2c6b3eabd707b6b88163c5f95e2ee52a67cecd330c2ad7895603231fb3bee83a0859b4ec4535f78a5bff66cf50afc66d578d1978b7b9a2d157ea1f9a4bafbac98e127ec6bdff",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
"TBS": {
"MD5": "918d9eb6a6cd36c531eceb926170a7e1",
"SHA1": "0ae95700d65e6f59715aa47048993ca7858e676a",
"SHA256": "47c46e6eaa3780eace3d0d891346cd373359d246b21a957219dbab4c8f37c166",
"SHA384": "e54017c93ba52f012cc15aeb3bcbce1e90a0006ff8dca231a24fc572926770f63213343f538003407bed3463fa9c4a85"
},
"ValidFrom": "2006-11-08 00:00:00",
"ValidTo": "2021-11-07 23:59:59",
"Version": 3
},
{
"CertificateType": "Intermediate",
"IsCA": false,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "610c120600000000001b",
"Signature": "01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority",
"TBS": {
"MD5": "53c41bc1164e09e0cd1617a5bf913efd",
"SHA1": "93c03aac8951d494ecd5696b1c08658541b18727",
"SHA256": "40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b",
"SHA384": "f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8"
},
"ValidFrom": "2006-05-23 17:01:29",
"ValidTo": "2016-05-23 17:11:29",
"Version": 3
},
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "4dfa235fb8e4e89715cc62facb68438d",
"Signature": "d34cb4523367a2f1c3ac6cd7b60573565e4fb4408ebcd1b7b81a8c550df4c0cf8c5e4866f934b8cdc853c990a24134f098d4429befd62b07fdbfac78fec80ddb218b3a9311dec9d98fdba32ce0c2db6a40564212794311eaeb7459f19b355721a28e16c9e8d859983ce0d4c090baa076662d30e34385fea849917de462ced4be80e7b08b9a50493a5f59c84cc5f3258c8c85722cb2146e8470fe3f2a3ef9ad35a2e0ddd1227cdcc25b14e51d3eadea817412652ed9af9812fa86110376c487d0fc7370fdf9f9a5ad214e4c9e0ce464137965f8b6ef1c63a0743c1f127a910da444a05415b072ce6d3ce64e82368ac06a66d6d0a53a343ce06fe248cbb70d465a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=JP, ST=Tokyo, L=1,1 Shibaura, 1,chome, Minato,ku, O=TOSHIBA CORPORATION, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=TOSHIBA CORPORATION, CN=TOSHIBA CORPORATION",
"TBS": {
"MD5": "91ef24d360937dc7a131e11bd0ec6224",
"SHA1": "25bd894d25596a11b1ea317bf25d4774fc19ee4c",
"SHA256": "120afcbfa6317121a8255d79d9216cacb1545acf8b27f63c5e9f50e208d9abeb",
"SHA384": "5ec40867f9174220893b801f465c81b00e6ccc52ecc401768d55e1c0c9c7943187500707978dfcd1feeab13d72857412"
},
"ValidFrom": "2012-04-05 00:00:00",
"ValidTo": "2013-04-05 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
"Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
"TBS": {
"MD5": "b30c31a572b0409383ed3fbe17e56e81",
"SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
"SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
"SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
},
"ValidFrom": "2010-02-08 00:00:00",
"ValidTo": "2020-02-07 23:59:59",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
"SerialNumber": "4dfa235fb8e4e89715cc62facb68438d",
"Version": 1
}
],
"SignerInfo": ""
}
source
last_updated: 2026-04-20
