Description
zam64.sys is a vulnerable driver and more information will be added as found.
- UUID: e5f12b82-8d07-474e-9587-8c7b3714d60c
- Created: 2023-01-09
- Author: Michael Haag, Nasreddine Bencherchali
Download
This download link contains the vulnerable driver!
Block zam64.sys across your endpoints
Add this driver to your block policy in minutes with MagicSword, threat-driven application control. Free for up to 100 endpoints.
Start Blocking for FreeCommands
sc.exe create zam64.sys binPath=C:\windows\temp\zam64.sys type=kernel && sc.exe start zam64.sys
| Use Case | Privileges | Operating System |
|---|
| Elevate privileges | kernel | Windows 10 |
Detections
Sigma 🛡️
Expand
Names
detects loading using name only
Hashes
detects loading using hashes only
Resources
Internal Researchhttps://www.reddit.com/r/crowdstrike/comments/13wjrgn/20230531_situational_awareness_spyboy_defense/https://github.com/elastic/protections-artifacts/search?q=VulnDriverhttps://www.trendmicro.com/en_us/research/23/e/attack-on-security-titans-earth-longzhi-returns-with-new-tricks.htmlhttps://github.com/ZeroMemoryEx/TerminatorCVE
CVE-2018-5713Known Vulnerable Samples
Download
Certificates
Expand
Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | d0785ad36e427c92b19f6826ab1e8020 |
| ToBeSigned (TBS) SHA1 | 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 |
| ToBeSigned (TBS) SHA256 | c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 |
| ValidFrom | 2012-12-21 00:00:00 |
| ValidTo | 2020-12-30 23:59:59 |
| Signature | 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 7e93ebfb7cc64e59ea4b9a77d406fc3b |
| Version | 3 |
Certificate 0ecff438c8febf356e04d86a981b1a50
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | e9d38360b914c8863f6cba3ee58764d3 |
| ToBeSigned (TBS) SHA1 | 4cba8eae47b6bf76f20b3504b98b8f062694a89b |
| ToBeSigned (TBS) SHA256 | 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 |
| ValidFrom | 2012-10-18 00:00:00 |
| ValidTo | 2020-12-29 23:59:59 |
| Signature | 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0ecff438c8febf356e04d86a981b1a50 |
| Version | 3 |
Certificate 0210230fd364b469091b8a4440145e18
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 17e68f0650db3d4d698ef88ef963b47e |
| ToBeSigned (TBS) SHA1 | 00162854ea07ea0a83aa941767277a5c3ab03c9d |
| ToBeSigned (TBS) SHA256 | 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d |
| Subject | C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd. |
| ValidFrom | 2014-12-16 00:00:00 |
| ValidTo | 2017-12-20 12:00:00 |
| Signature | 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0210230fd364b469091b8a4440145e18 |
| Version | 3 |
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 02c4d1e58a4a680c568da3047e7e4d5f
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 829995f702421dea833a24fb2c7f4442 |
| ToBeSigned (TBS) SHA1 | 1d7e838accd498c2e5ba9373af819ec097bb955c |
| ToBeSigned (TBS) SHA256 | 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1 |
| ValidFrom | 2011-02-11 12:00:00 |
| ValidTo | 2026-02-10 12:00:00 |
| Signature | 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 02c4d1e58a4a680c568da3047e7e4d5f |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ZwClose
- RtlUpperString
- RtlUpcaseUnicodeString
- PsGetCurrentProcessId
- ZwOpenProcess
- PsLookupProcessByProcessId
- ObQueryNameString
- FsRtlIsNameInExpression
- PsGetProcessImageFileName
- ZwQueryInformationProcess
- __C_specific_handler
- strchr
- RtlAppendUnicodeToString
- KeInitializeSemaphore
- KeReleaseSemaphore
- KeWaitForSingleObject
- KeAcquireSpinLockRaiseToDpc
- KeReleaseSpinLock
- PsCreateSystemThread
- PsTerminateSystemThread
- ZwQueryInformationFile
- ZwWriteFile
- PsGetCurrentThreadId
- ZwDeleteFile
- _vsnprintf
- PsThreadType
- PsSetCreateProcessNotifyRoutine
- PsGetProcessSessionId
- RtlAppendUnicodeStringToString
- ZwDeleteValueKey
- ZwSetValueKey
- towupper
- RtlIntegerToUnicodeString
- KeInitializeEvent
- KeSetEvent
- KeAcquireSpinLockAtDpcLevel
- KeReleaseSpinLockFromDpcLevel
- MmProbeAndLockPages
- IoAllocateIrp
- IoAllocateMdl
- IofCallDriver
- IoFreeIrp
- IoFreeMdl
- IoGetDeviceObjectPointer
- IoGetRelatedDeviceObject
- ObCloseHandle
- ObfReferenceObject
- ZwSetInformationFile
- ZwReadFile
- ZwOpenSymbolicLinkObject
- ZwQuerySymbolicLinkObject
- ZwCreateFile
- IoGetDeviceAttachmentBaseRef
- FsRtlGetFileSize
- ZwQuerySystemInformation
- IoFileObjectType
- KeReadStateEvent
- ExQueueWorkItem
- ExGetPreviousMode
- MmGetSystemRoutineAddress
- NtOpenProcess
- ZwCreateEvent
- ZwWaitForSingleObject
- ZwSetEvent
- NtQuerySystemInformation
- ExEventObjectType
- NtBuildNumber
- ZwDeleteKey
- ObReferenceObjectByName
- IoDriverObjectType
- MmIsDriverVerifying
- IofCompleteRequest
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- RtlSetDaclSecurityDescriptor
- PsGetProcessId
- PsGetCurrentProcessSessionId
- ZwTerminateProcess
- KeStackAttachProcess
- KeUnstackDetachProcess
- ZwOpenThread
- PsProcessType
- ExInterlockedInsertHeadList
- ExInterlockedRemoveHeadList
- CmRegisterCallback
- CmUnRegisterCallback
- RtlCreateRegistryKey
- ZwOpenKey
- ZwEnumerateKey
- ZwQueryKey
- ZwQueryValueKey
- RtlUnicodeStringToAnsiString
- RtlFreeAnsiString
- ProbeForWrite
- PsSetLoadImageNotifyRoutine
- PsRemoveLoadImageNotifyRoutine
- PsGetProcessSectionBaseAddress
- MmSystemRangeStart
- KeBugCheckEx
- ObfDereferenceObject
- ObReferenceObjectByHandle
- ProbeForRead
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- KeDelayExecutionThread
- RtlGetVersion
- DbgPrint
- RtlCopyUnicodeString
- RtlInitUnicodeString
- wcsstr
- IoCreateFileSpecifyDeviceObjectHint
- strstr
- FltSendMessage
- FltCloseCommunicationPort
- FltCreateCommunicationPort
- FltStartFiltering
- FltUnregisterFilter
- FltRegisterFilter
- FltBuildDefaultSecurityDescriptor
Exported Functions
Expand
Sections
Expand
- .text
- .hook
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
"TBS": {
"MD5": "17e68f0650db3d4d698ef88ef963b47e",
"SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
"SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
"SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
},
"ValidFrom": "2014-12-16 00:00:00",
"ValidTo": "2017-12-20 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
"Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"TBS": {
"MD5": "829995f702421dea833a24fb2c7f4442",
"SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
"SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
"SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
},
"ValidFrom": "2011-02-11 12:00:00",
"ValidTo": "2026-02-10 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | d0785ad36e427c92b19f6826ab1e8020 |
| ToBeSigned (TBS) SHA1 | 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 |
| ToBeSigned (TBS) SHA256 | c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 |
| ValidFrom | 2012-12-21 00:00:00 |
| ValidTo | 2020-12-30 23:59:59 |
| Signature | 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 7e93ebfb7cc64e59ea4b9a77d406fc3b |
| Version | 3 |
Certificate 0ecff438c8febf356e04d86a981b1a50
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | e9d38360b914c8863f6cba3ee58764d3 |
| ToBeSigned (TBS) SHA1 | 4cba8eae47b6bf76f20b3504b98b8f062694a89b |
| ToBeSigned (TBS) SHA256 | 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 |
| ValidFrom | 2012-10-18 00:00:00 |
| ValidTo | 2020-12-29 23:59:59 |
| Signature | 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0ecff438c8febf356e04d86a981b1a50 |
| Version | 3 |
Certificate 0210230fd364b469091b8a4440145e18
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 17e68f0650db3d4d698ef88ef963b47e |
| ToBeSigned (TBS) SHA1 | 00162854ea07ea0a83aa941767277a5c3ab03c9d |
| ToBeSigned (TBS) SHA256 | 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d |
| Subject | C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd. |
| ValidFrom | 2014-12-16 00:00:00 |
| ValidTo | 2017-12-20 12:00:00 |
| Signature | 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0210230fd364b469091b8a4440145e18 |
| Version | 3 |
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 02c4d1e58a4a680c568da3047e7e4d5f
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 829995f702421dea833a24fb2c7f4442 |
| ToBeSigned (TBS) SHA1 | 1d7e838accd498c2e5ba9373af819ec097bb955c |
| ToBeSigned (TBS) SHA256 | 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1 |
| ValidFrom | 2011-02-11 12:00:00 |
| ValidTo | 2026-02-10 12:00:00 |
| Signature | 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 02c4d1e58a4a680c568da3047e7e4d5f |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ObfDereferenceObject
- ZwCreateFile
- ZwClose
- RtlUpperString
- RtlUpcaseUnicodeString
- PsGetCurrentProcessId
- ZwOpenProcess
- PsLookupProcessByProcessId
- ObQueryNameString
- FsRtlIsNameInExpression
- ZwQueryInformationProcess
- __C_specific_handler
- DbgPrint
- KeAcquireSpinLockRaiseToDpc
- KeReleaseSpinLock
- PsSetCreateProcessNotifyRoutine
- PsGetProcessImageFileName
- PsGetProcessSessionId
- RtlAppendUnicodeStringToString
- ZwDeleteValueKey
- ZwSetValueKey
- towupper
- RtlIntegerToUnicodeString
- RtlAppendUnicodeToString
- KeInitializeEvent
- KeSetEvent
- KeWaitForSingleObject
- KeAcquireSpinLockAtDpcLevel
- KeReleaseSpinLockFromDpcLevel
- MmProbeAndLockPages
- IoAllocateIrp
- IoAllocateMdl
- IofCallDriver
- IoFreeIrp
- IoFreeMdl
- IoGetDeviceObjectPointer
- IoGetRelatedDeviceObject
- ObCloseHandle
- ObfReferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwOpenSymbolicLinkObject
- ZwQuerySymbolicLinkObject
- IoCreateFileSpecifyDeviceObjectHint
- ObReferenceObjectByHandle
- FsRtlGetFileSize
- ZwDeleteFile
- ZwQuerySystemInformation
- IoFileObjectType
- KeReadStateEvent
- ExQueueWorkItem
- ExGetPreviousMode
- MmGetSystemRoutineAddress
- NtOpenProcess
- ZwCreateEvent
- ZwWaitForSingleObject
- ZwSetEvent
- NtQuerySystemInformation
- ExEventObjectType
- NtBuildNumber
- ZwDeleteKey
- ObReferenceObjectByName
- IoDriverObjectType
- MmIsDriverVerifying
- IofCompleteRequest
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- PsGetProcessId
- PsGetCurrentProcessSessionId
- ZwTerminateProcess
- KeStackAttachProcess
- KeUnstackDetachProcess
- ZwOpenThread
- PsProcessType
- ExInterlockedInsertHeadList
- ExInterlockedRemoveHeadList
- CmRegisterCallback
- CmUnRegisterCallback
- RtlCreateRegistryKey
- ZwOpenKey
- ZwEnumerateKey
- ZwQueryKey
- ZwQueryValueKey
- RtlUnicodeStringToAnsiString
- RtlFreeAnsiString
- ProbeForWrite
- PsSetLoadImageNotifyRoutine
- PsRemoveLoadImageNotifyRoutine
- MmSystemRangeStart
- KeBugCheckEx
- ProbeForRead
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- KeDelayExecutionThread
- RtlGetVersion
- RtlCopyUnicodeString
- RtlInitUnicodeString
- wcsstr
- IoGetDeviceAttachmentBaseRef
- strstr
Exported Functions
Expand
Sections
Expand
- .text
- .hook
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
"TBS": {
"MD5": "17e68f0650db3d4d698ef88ef963b47e",
"SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
"SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
"SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
},
"ValidFrom": "2014-12-16 00:00:00",
"ValidTo": "2017-12-20 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
"Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"TBS": {
"MD5": "829995f702421dea833a24fb2c7f4442",
"SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
"SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
"SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
},
"ValidFrom": "2011-02-11 12:00:00",
"ValidTo": "2026-02-10 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | d0785ad36e427c92b19f6826ab1e8020 |
| ToBeSigned (TBS) SHA1 | 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 |
| ToBeSigned (TBS) SHA256 | c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 |
| ValidFrom | 2012-12-21 00:00:00 |
| ValidTo | 2020-12-30 23:59:59 |
| Signature | 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 7e93ebfb7cc64e59ea4b9a77d406fc3b |
| Version | 3 |
Certificate 0ecff438c8febf356e04d86a981b1a50
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | e9d38360b914c8863f6cba3ee58764d3 |
| ToBeSigned (TBS) SHA1 | 4cba8eae47b6bf76f20b3504b98b8f062694a89b |
| ToBeSigned (TBS) SHA256 | 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 |
| ValidFrom | 2012-10-18 00:00:00 |
| ValidTo | 2020-12-29 23:59:59 |
| Signature | 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0ecff438c8febf356e04d86a981b1a50 |
| Version | 3 |
Certificate 0210230fd364b469091b8a4440145e18
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 17e68f0650db3d4d698ef88ef963b47e |
| ToBeSigned (TBS) SHA1 | 00162854ea07ea0a83aa941767277a5c3ab03c9d |
| ToBeSigned (TBS) SHA256 | 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d |
| Subject | C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd. |
| ValidFrom | 2014-12-16 00:00:00 |
| ValidTo | 2017-12-20 12:00:00 |
| Signature | 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0210230fd364b469091b8a4440145e18 |
| Version | 3 |
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 02c4d1e58a4a680c568da3047e7e4d5f
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 829995f702421dea833a24fb2c7f4442 |
| ToBeSigned (TBS) SHA1 | 1d7e838accd498c2e5ba9373af819ec097bb955c |
| ToBeSigned (TBS) SHA256 | 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1 |
| ValidFrom | 2011-02-11 12:00:00 |
| ValidTo | 2026-02-10 12:00:00 |
| Signature | 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 02c4d1e58a4a680c568da3047e7e4d5f |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- FsRtlIsNameInExpression
- PsGetProcessImageFileName
- ZwQueryInformationProcess
- __C_specific_handler
- strchr
- RtlAppendUnicodeToString
- KeInitializeSemaphore
- KeReleaseSemaphore
- KeWaitForSingleObject
- KeAcquireSpinLockRaiseToDpc
- KeReleaseSpinLock
- PsCreateSystemThread
- PsTerminateSystemThread
- ZwQueryInformationFile
- ZwWriteFile
- PsGetCurrentThreadId
- ZwDeleteFile
- _vsnprintf
- PsThreadType
- PsSetCreateProcessNotifyRoutine
- PsGetProcessSessionId
- RtlAppendUnicodeStringToString
- ZwDeleteValueKey
- ZwSetValueKey
- towupper
- RtlIntegerToUnicodeString
- KeInitializeEvent
- KeSetEvent
- KeAcquireSpinLockAtDpcLevel
- KeReleaseSpinLockFromDpcLevel
- MmProbeAndLockPages
- IoAllocateIrp
- IoAllocateMdl
- IofCallDriver
- IoFreeIrp
- IoFreeMdl
- IoGetDeviceObjectPointer
- IoGetRelatedDeviceObject
- ObCloseHandle
- ObfReferenceObject
- ZwSetInformationFile
- ZwReadFile
- ZwOpenSymbolicLinkObject
- ZwQuerySymbolicLinkObject
- IoCreateFileSpecifyDeviceObjectHint
- IoGetDeviceAttachmentBaseRef
- FsRtlGetFileSize
- ObQueryNameString
- IoFileObjectType
- KeReadStateEvent
- ExQueueWorkItem
- ExGetPreviousMode
- MmGetSystemRoutineAddress
- NtOpenProcess
- ZwCreateEvent
- ZwWaitForSingleObject
- ZwSetEvent
- NtQuerySystemInformation
- ExEventObjectType
- NtBuildNumber
- ZwDeleteKey
- ObReferenceObjectByName
- IoDriverObjectType
- MmIsDriverVerifying
- IofCompleteRequest
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- RtlSetDaclSecurityDescriptor
- MmMapLockedPagesSpecifyCache
- PsGetProcessId
- IoThreadToProcess
- PsGetCurrentProcessSessionId
- ZwTerminateProcess
- KeStackAttachProcess
- KeUnstackDetachProcess
- ZwOpenThread
- PsProcessType
- ExInterlockedInsertHeadList
- ExInterlockedRemoveHeadList
- CmRegisterCallback
- CmUnRegisterCallback
- RtlCreateRegistryKey
- ZwOpenKey
- ZwEnumerateKey
- ZwQueryKey
- ZwQueryValueKey
- RtlUnicodeStringToAnsiString
- RtlFreeAnsiString
- ProbeForWrite
- PsSetLoadImageNotifyRoutine
- PsRemoveLoadImageNotifyRoutine
- PsGetProcessSectionBaseAddress
- MmSystemRangeStart
- KeBugCheckEx
- PsLookupProcessByProcessId
- ZwOpenProcess
- PsGetCurrentProcessId
- RtlUpcaseUnicodeString
- RtlUpperString
- ZwClose
- ZwCreateFile
- ObfDereferenceObject
- ObReferenceObjectByHandle
- ProbeForRead
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- KeDelayExecutionThread
- RtlGetVersion
- DbgPrint
- RtlCopyUnicodeString
- RtlInitUnicodeString
- wcsstr
- ZwQuerySystemInformation
- strstr
- FltSendMessage
- FltCloseCommunicationPort
- FltCreateCommunicationPort
- FltReleaseContext
- FltGetStreamHandleContext
- FltSetStreamHandleContext
- FltAllocateContext
- FltCancelFileOpen
- FltQueryInformationFile
- FltReadFile
- FltParseFileNameInformation
- FltReleaseFileNameInformation
- FltGetFileNameInformation
- FltFreePoolAlignedWithTag
- FltAllocatePoolAlignedWithTag
- FltStartFiltering
- FltUnregisterFilter
- FltRegisterFilter
- FltBuildDefaultSecurityDescriptor
Exported Functions
Expand
Sections
Expand
- .text
- .hook
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
"TBS": {
"MD5": "17e68f0650db3d4d698ef88ef963b47e",
"SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
"SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
"SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
},
"ValidFrom": "2014-12-16 00:00:00",
"ValidTo": "2017-12-20 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
"Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"TBS": {
"MD5": "829995f702421dea833a24fb2c7f4442",
"SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
"SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
"SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
},
"ValidFrom": "2011-02-11 12:00:00",
"ValidTo": "2026-02-10 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | d0785ad36e427c92b19f6826ab1e8020 |
| ToBeSigned (TBS) SHA1 | 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 |
| ToBeSigned (TBS) SHA256 | c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 |
| ValidFrom | 2012-12-21 00:00:00 |
| ValidTo | 2020-12-30 23:59:59 |
| Signature | 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 7e93ebfb7cc64e59ea4b9a77d406fc3b |
| Version | 3 |
Certificate 0ecff438c8febf356e04d86a981b1a50
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | e9d38360b914c8863f6cba3ee58764d3 |
| ToBeSigned (TBS) SHA1 | 4cba8eae47b6bf76f20b3504b98b8f062694a89b |
| ToBeSigned (TBS) SHA256 | 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 |
| ValidFrom | 2012-10-18 00:00:00 |
| ValidTo | 2020-12-29 23:59:59 |
| Signature | 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0ecff438c8febf356e04d86a981b1a50 |
| Version | 3 |
Certificate 0210230fd364b469091b8a4440145e18
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 17e68f0650db3d4d698ef88ef963b47e |
| ToBeSigned (TBS) SHA1 | 00162854ea07ea0a83aa941767277a5c3ab03c9d |
| ToBeSigned (TBS) SHA256 | 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d |
| Subject | C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd. |
| ValidFrom | 2014-12-16 00:00:00 |
| ValidTo | 2017-12-20 12:00:00 |
| Signature | 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0210230fd364b469091b8a4440145e18 |
| Version | 3 |
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 02c4d1e58a4a680c568da3047e7e4d5f
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 829995f702421dea833a24fb2c7f4442 |
| ToBeSigned (TBS) SHA1 | 1d7e838accd498c2e5ba9373af819ec097bb955c |
| ToBeSigned (TBS) SHA256 | 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1 |
| ValidFrom | 2011-02-11 12:00:00 |
| ValidTo | 2026-02-10 12:00:00 |
| Signature | 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 02c4d1e58a4a680c568da3047e7e4d5f |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ZwClose
- RtlUpperString
- RtlUpcaseUnicodeString
- PsGetCurrentProcessId
- ZwOpenProcess
- PsLookupProcessByProcessId
- ObQueryNameString
- FsRtlIsNameInExpression
- PsGetProcessImageFileName
- ZwQueryInformationProcess
- __C_specific_handler
- strchr
- RtlAppendUnicodeToString
- KeInitializeSemaphore
- KeReleaseSemaphore
- KeWaitForSingleObject
- KeAcquireSpinLockRaiseToDpc
- KeReleaseSpinLock
- PsCreateSystemThread
- PsTerminateSystemThread
- ZwQueryInformationFile
- ZwWriteFile
- PsGetCurrentThreadId
- ZwDeleteFile
- _vsnprintf
- PsThreadType
- PsSetCreateProcessNotifyRoutine
- PsGetProcessSessionId
- RtlAppendUnicodeStringToString
- ZwDeleteValueKey
- ZwSetValueKey
- towupper
- RtlIntegerToUnicodeString
- KeInitializeEvent
- KeSetEvent
- KeAcquireSpinLockAtDpcLevel
- KeReleaseSpinLockFromDpcLevel
- MmProbeAndLockPages
- IoAllocateIrp
- IoAllocateMdl
- IofCallDriver
- IoFreeIrp
- IoFreeMdl
- IoGetDeviceObjectPointer
- IoGetRelatedDeviceObject
- ObCloseHandle
- ObfReferenceObject
- ZwSetInformationFile
- ZwReadFile
- ZwOpenSymbolicLinkObject
- ZwCreateFile
- IoCreateFileSpecifyDeviceObjectHint
- IoGetDeviceAttachmentBaseRef
- FsRtlGetFileSize
- ZwQuerySystemInformation
- IoFileObjectType
- KeReadStateEvent
- ExQueueWorkItem
- ExGetPreviousMode
- MmGetSystemRoutineAddress
- NtOpenProcess
- ZwCreateEvent
- ZwWaitForSingleObject
- ZwSetEvent
- NtQuerySystemInformation
- ExEventObjectType
- NtBuildNumber
- ZwDeleteKey
- ObReferenceObjectByName
- IoDriverObjectType
- MmIsDriverVerifying
- IofCompleteRequest
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- RtlSetDaclSecurityDescriptor
- PsGetProcessId
- PsGetCurrentProcessSessionId
- ZwTerminateProcess
- KeStackAttachProcess
- KeUnstackDetachProcess
- ZwOpenThread
- PsProcessType
- ExInterlockedInsertHeadList
- ExInterlockedRemoveHeadList
- CmRegisterCallback
- CmUnRegisterCallback
- RtlCreateRegistryKey
- ZwOpenKey
- ZwEnumerateKey
- ZwQueryKey
- ZwQueryValueKey
- RtlUnicodeStringToAnsiString
- RtlFreeAnsiString
- ProbeForWrite
- PsSetLoadImageNotifyRoutine
- PsRemoveLoadImageNotifyRoutine
- MmSystemRangeStart
- KeBugCheckEx
- ObfDereferenceObject
- ObReferenceObjectByHandle
- ProbeForRead
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- KeDelayExecutionThread
- RtlGetVersion
- DbgPrint
- RtlCopyUnicodeString
- RtlInitUnicodeString
- wcsstr
- ZwQuerySymbolicLinkObject
- strstr
- FltSendMessage
- FltCloseCommunicationPort
- FltCreateCommunicationPort
- FltStartFiltering
- FltUnregisterFilter
- FltRegisterFilter
- FltBuildDefaultSecurityDescriptor
Exported Functions
Expand
Sections
Expand
- .text
- .hook
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
"TBS": {
"MD5": "17e68f0650db3d4d698ef88ef963b47e",
"SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
"SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
"SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
},
"ValidFrom": "2014-12-16 00:00:00",
"ValidTo": "2017-12-20 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
"Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"TBS": {
"MD5": "829995f702421dea833a24fb2c7f4442",
"SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
"SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
"SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
},
"ValidFrom": "2011-02-11 12:00:00",
"ValidTo": "2026-02-10 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 3300000058e7c589c068dca727000000000058
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | d83c9268bb1f35e4ea0f81b7b876b4f8 |
| ToBeSigned (TBS) SHA1 | 6a784e02bf67f5791a85567716aa2d0fd701fcd0 |
| ToBeSigned (TBS) SHA256 | 00dab92fcb3753ac06147a6d8888b5731877d84979e3f178f572e3a1dff33fa8 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2022-06-07 18:08:07 |
| ValidTo | 2023-06-01 18:08:07 |
| Signature | 4c967b89d7f96aa22dbaa9eee6cdc8dad16669620cd9c5c84bf3ca1ec4eaa4a67df9fafb84ba75fcec635f0a3d484541d890d65542406e5792504ecb8fd428068837b11d8e9d4cdb503608d0842dea48428247b46364746dc86b79cdc3379acb229e67b749ed31d3c6bcc88624bff3e066355d59b7ef9e715d3c3270506d1e794959edd8df2572505c15876ac0f42ed0d05f70214f50fb109627ab192b217d6a2bf503fe35811f6ffcf0585ae508c37589dc8015eea615f36ea2f1105c0f677a6758cb4898b57458cab4fc2e1c60f8af32baf51cb41b775e79815713693db878a935b1fb8232232310bba545e57c74d63a406968c36818974ea1e425839b83e81c94897f1b896d2974e32ff5a47f8bcefdebfde84a4d01c5918bf98aececb8edb2ef9dc697054676a10c04313f3a131469c978f2e7839f11a28e436936cc07e227fd705becbb54ba67c2eeaaa025658811de22f37e4ce51109c10ed94a65583cc4e4024432cedf41b3b18b175360b1f4e12a0cc9d562e7fabd80bacb78a74e9262a9a46c3d0a7757f71e4202522cb70d9591c77e1a4b0ca24739a9cef78f7d2fb376c4cf56a35b58deb7dba458bee058254bc3883ba356c79f458815e3bbcac600b063594db47ffdbb215783bf5c38c74a1fc6271a093aab79b4cf253c14b1eeb89f9c607d7956203166fa4420482b52ab4f3bd3f0e6bda4a13a018f0ecdb0a0 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 3300000058e7c589c068dca727000000000058 |
| Version | 3 |
Certificate 330000000d690d5d7893d076df00000000000d
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 83f69422963f11c3c340b81712eef319 |
| ToBeSigned (TBS) SHA1 | 0c5e5f24590b53bc291e28583acb78e5adc95601 |
| ToBeSigned (TBS) SHA256 | d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014 |
| ValidFrom | 2014-10-15 20:31:27 |
| ValidTo | 2029-10-15 20:41:27 |
| Signature | 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 330000000d690d5d7893d076df00000000000d |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- FsRtlIsNameInExpression
- PsGetProcessImageFileName
- ZwQueryInformationProcess
- __C_specific_handler
- strchr
- RtlAppendUnicodeToString
- KeInitializeSemaphore
- KeReleaseSemaphore
- KeWaitForSingleObject
- KeAcquireSpinLockRaiseToDpc
- KeReleaseSpinLock
- PsCreateSystemThread
- PsTerminateSystemThread
- ZwQueryInformationFile
- ZwWriteFile
- PsGetCurrentThreadId
- ZwDeleteFile
- _vsnprintf
- PsThreadType
- PsSetCreateProcessNotifyRoutine
- PsGetProcessSessionId
- RtlAppendUnicodeStringToString
- ZwDeleteValueKey
- ZwSetValueKey
- towupper
- RtlIntegerToUnicodeString
- KeInitializeEvent
- KeSetEvent
- KeAcquireSpinLockAtDpcLevel
- KeReleaseSpinLockFromDpcLevel
- MmProbeAndLockPages
- IoAllocateIrp
- IoAllocateMdl
- IofCallDriver
- IoFreeIrp
- IoFreeMdl
- IoGetDeviceObjectPointer
- IoGetRelatedDeviceObject
- ObCloseHandle
- ObfReferenceObject
- ZwSetInformationFile
- ZwReadFile
- ZwOpenSymbolicLinkObject
- ZwQuerySymbolicLinkObject
- IoCreateFileSpecifyDeviceObjectHint
- IoGetDeviceAttachmentBaseRef
- FsRtlGetFileSize
- ObQueryNameString
- IoFileObjectType
- KeReadStateEvent
- ExQueueWorkItem
- ExGetPreviousMode
- MmGetSystemRoutineAddress
- NtOpenProcess
- ZwCreateEvent
- ZwWaitForSingleObject
- ZwSetEvent
- NtQuerySystemInformation
- ExEventObjectType
- NtBuildNumber
- ZwDeleteKey
- ObReferenceObjectByName
- IoDriverObjectType
- MmIsDriverVerifying
- IofCompleteRequest
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- RtlSetDaclSecurityDescriptor
- MmMapLockedPagesSpecifyCache
- PsGetProcessId
- IoThreadToProcess
- PsGetCurrentProcessSessionId
- ZwTerminateProcess
- KeStackAttachProcess
- KeUnstackDetachProcess
- ZwOpenThread
- PsProcessType
- ExInterlockedInsertHeadList
- ExInterlockedRemoveHeadList
- CmRegisterCallback
- CmUnRegisterCallback
- RtlCreateRegistryKey
- ZwOpenKey
- ZwEnumerateKey
- ZwQueryKey
- ZwQueryValueKey
- RtlUnicodeStringToAnsiString
- RtlFreeAnsiString
- ProbeForWrite
- PsSetLoadImageNotifyRoutine
- PsRemoveLoadImageNotifyRoutine
- PsGetProcessSectionBaseAddress
- MmSystemRangeStart
- KeBugCheckEx
- PsLookupProcessByProcessId
- ZwOpenProcess
- PsGetCurrentProcessId
- RtlUpcaseUnicodeString
- RtlUpperString
- ZwClose
- ZwCreateFile
- ObfDereferenceObject
- ObReferenceObjectByHandle
- ProbeForRead
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- KeDelayExecutionThread
- RtlGetVersion
- DbgPrint
- RtlCopyUnicodeString
- RtlInitUnicodeString
- wcsstr
- ZwQuerySystemInformation
- strstr
- FltSendMessage
- FltCloseCommunicationPort
- FltCreateCommunicationPort
- FltReleaseContext
- FltGetStreamHandleContext
- FltSetStreamHandleContext
- FltAllocateContext
- FltCancelFileOpen
- FltQueryInformationFile
- FltReadFile
- FltParseFileNameInformation
- FltReleaseFileNameInformation
- FltGetFileNameInformation
- FltFreePoolAlignedWithTag
- FltAllocatePoolAlignedWithTag
- FltStartFiltering
- FltUnregisterFilter
- FltRegisterFilter
- FltBuildDefaultSecurityDescriptor
Exported Functions
Expand
Sections
Expand
- .text
- .hook
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
"TBS": {
"MD5": "17e68f0650db3d4d698ef88ef963b47e",
"SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
"SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
"SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
},
"ValidFrom": "2014-12-16 00:00:00",
"ValidTo": "2017-12-20 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
"Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"TBS": {
"MD5": "829995f702421dea833a24fb2c7f4442",
"SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
"SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
"SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
},
"ValidFrom": "2011-02-11 12:00:00",
"ValidTo": "2026-02-10 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | d0785ad36e427c92b19f6826ab1e8020 |
| ToBeSigned (TBS) SHA1 | 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 |
| ToBeSigned (TBS) SHA256 | c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 |
| ValidFrom | 2012-12-21 00:00:00 |
| ValidTo | 2020-12-30 23:59:59 |
| Signature | 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 7e93ebfb7cc64e59ea4b9a77d406fc3b |
| Version | 3 |
Certificate 0ecff438c8febf356e04d86a981b1a50
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | e9d38360b914c8863f6cba3ee58764d3 |
| ToBeSigned (TBS) SHA1 | 4cba8eae47b6bf76f20b3504b98b8f062694a89b |
| ToBeSigned (TBS) SHA256 | 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 |
| ValidFrom | 2012-10-18 00:00:00 |
| ValidTo | 2020-12-29 23:59:59 |
| Signature | 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0ecff438c8febf356e04d86a981b1a50 |
| Version | 3 |
Certificate 0210230fd364b469091b8a4440145e18
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 17e68f0650db3d4d698ef88ef963b47e |
| ToBeSigned (TBS) SHA1 | 00162854ea07ea0a83aa941767277a5c3ab03c9d |
| ToBeSigned (TBS) SHA256 | 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d |
| Subject | C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd. |
| ValidFrom | 2014-12-16 00:00:00 |
| ValidTo | 2017-12-20 12:00:00 |
| Signature | 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0210230fd364b469091b8a4440145e18 |
| Version | 3 |
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 02c4d1e58a4a680c568da3047e7e4d5f
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 829995f702421dea833a24fb2c7f4442 |
| ToBeSigned (TBS) SHA1 | 1d7e838accd498c2e5ba9373af819ec097bb955c |
| ToBeSigned (TBS) SHA256 | 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1 |
| ValidFrom | 2011-02-11 12:00:00 |
| ValidTo | 2026-02-10 12:00:00 |
| Signature | 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 02c4d1e58a4a680c568da3047e7e4d5f |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ObfDereferenceObject
- ZwCreateFile
- ZwClose
- RtlUpperString
- RtlUpcaseUnicodeString
- PsGetCurrentProcessId
- ZwOpenProcess
- PsLookupProcessByProcessId
- ObQueryNameString
- FsRtlIsNameInExpression
- ZwQueryInformationProcess
- __C_specific_handler
- DbgPrint
- KeAcquireSpinLockRaiseToDpc
- KeReleaseSpinLock
- PsSetCreateProcessNotifyRoutine
- PsGetProcessImageFileName
- PsGetProcessSessionId
- RtlAppendUnicodeStringToString
- ZwDeleteValueKey
- ZwSetValueKey
- towupper
- RtlIntegerToUnicodeString
- RtlAppendUnicodeToString
- KeInitializeEvent
- KeSetEvent
- KeWaitForSingleObject
- KeAcquireSpinLockAtDpcLevel
- KeReleaseSpinLockFromDpcLevel
- MmProbeAndLockPages
- IoAllocateIrp
- IoAllocateMdl
- IofCallDriver
- IoFreeIrp
- IoFreeMdl
- IoGetDeviceObjectPointer
- IoGetRelatedDeviceObject
- ObCloseHandle
- ObfReferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwOpenSymbolicLinkObject
- ZwQuerySymbolicLinkObject
- IoCreateFileSpecifyDeviceObjectHint
- ObReferenceObjectByHandle
- FsRtlGetFileSize
- ZwDeleteFile
- ZwQuerySystemInformation
- IoFileObjectType
- KeReadStateEvent
- ExQueueWorkItem
- ExGetPreviousMode
- MmGetSystemRoutineAddress
- NtOpenProcess
- ZwCreateEvent
- ZwWaitForSingleObject
- ZwSetEvent
- NtQuerySystemInformation
- ExEventObjectType
- NtBuildNumber
- ZwDeleteKey
- ObReferenceObjectByName
- IoDriverObjectType
- MmIsDriverVerifying
- IofCompleteRequest
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- PsGetProcessId
- PsGetCurrentProcessSessionId
- ZwTerminateProcess
- KeStackAttachProcess
- KeUnstackDetachProcess
- ZwOpenThread
- PsProcessType
- ExInterlockedInsertHeadList
- ExInterlockedRemoveHeadList
- CmRegisterCallback
- CmUnRegisterCallback
- RtlCreateRegistryKey
- ZwOpenKey
- ZwEnumerateKey
- ZwQueryKey
- ZwQueryValueKey
- RtlUnicodeStringToAnsiString
- RtlFreeAnsiString
- ProbeForWrite
- PsSetLoadImageNotifyRoutine
- PsRemoveLoadImageNotifyRoutine
- MmSystemRangeStart
- KeBugCheckEx
- ProbeForRead
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- KeDelayExecutionThread
- RtlGetVersion
- RtlCopyUnicodeString
- RtlInitUnicodeString
- wcsstr
- IoGetDeviceAttachmentBaseRef
- strstr
Exported Functions
Expand
Sections
Expand
- .text
- .hook
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
"TBS": {
"MD5": "17e68f0650db3d4d698ef88ef963b47e",
"SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
"SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
"SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
},
"ValidFrom": "2014-12-16 00:00:00",
"ValidTo": "2017-12-20 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
"Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"TBS": {
"MD5": "829995f702421dea833a24fb2c7f4442",
"SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
"SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
"SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
},
"ValidFrom": "2011-02-11 12:00:00",
"ValidTo": "2026-02-10 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | d0785ad36e427c92b19f6826ab1e8020 |
| ToBeSigned (TBS) SHA1 | 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 |
| ToBeSigned (TBS) SHA256 | c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 |
| ValidFrom | 2012-12-21 00:00:00 |
| ValidTo | 2020-12-30 23:59:59 |
| Signature | 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 7e93ebfb7cc64e59ea4b9a77d406fc3b |
| Version | 3 |
Certificate 0ecff438c8febf356e04d86a981b1a50
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | e9d38360b914c8863f6cba3ee58764d3 |
| ToBeSigned (TBS) SHA1 | 4cba8eae47b6bf76f20b3504b98b8f062694a89b |
| ToBeSigned (TBS) SHA256 | 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 |
| ValidFrom | 2012-10-18 00:00:00 |
| ValidTo | 2020-12-29 23:59:59 |
| Signature | 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0ecff438c8febf356e04d86a981b1a50 |
| Version | 3 |
Certificate 0210230fd364b469091b8a4440145e18
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 17e68f0650db3d4d698ef88ef963b47e |
| ToBeSigned (TBS) SHA1 | 00162854ea07ea0a83aa941767277a5c3ab03c9d |
| ToBeSigned (TBS) SHA256 | 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d |
| Subject | C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd. |
| ValidFrom | 2014-12-16 00:00:00 |
| ValidTo | 2017-12-20 12:00:00 |
| Signature | 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0210230fd364b469091b8a4440145e18 |
| Version | 3 |
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 02c4d1e58a4a680c568da3047e7e4d5f
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 829995f702421dea833a24fb2c7f4442 |
| ToBeSigned (TBS) SHA1 | 1d7e838accd498c2e5ba9373af819ec097bb955c |
| ToBeSigned (TBS) SHA256 | 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1 |
| ValidFrom | 2011-02-11 12:00:00 |
| ValidTo | 2026-02-10 12:00:00 |
| Signature | 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 02c4d1e58a4a680c568da3047e7e4d5f |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- strstr
- wcsstr
- RtlInitUnicodeString
- RtlCopyUnicodeString
- RtlGetVersion
- KeDelayExecutionThread
- ExAllocatePoolWithTag
- ExFreePoolWithTag
- ProbeForRead
- ObReferenceObjectByHandle
- ObfDereferenceObject
- ZwCreateFile
- ZwClose
- RtlUpperString
- RtlUpcaseUnicodeString
- PsGetCurrentProcessId
- ZwOpenProcess
- PsLookupProcessByProcessId
- ObQueryNameString
- FsRtlIsNameInExpression
- ZwQueryInformationProcess
- __C_specific_handler
- DbgPrint
- KeAcquireSpinLockRaiseToDpc
- KeReleaseSpinLock
- PsSetCreateProcessNotifyRoutine
- PsGetProcessImageFileName
- PsGetProcessSessionId
- RtlAppendUnicodeStringToString
- ZwDeleteValueKey
- ZwSetValueKey
- towupper
- RtlIntegerToUnicodeString
- RtlAppendUnicodeToString
- KeInitializeEvent
- KeSetEvent
- KeWaitForSingleObject
- KeAcquireSpinLockAtDpcLevel
- KeReleaseSpinLockFromDpcLevel
- MmProbeAndLockPages
- IoAllocateIrp
- IoAllocateMdl
- IofCallDriver
- IoFreeIrp
- IoFreeMdl
- IoGetDeviceObjectPointer
- IoGetRelatedDeviceObject
- ObCloseHandle
- ObfReferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwOpenSymbolicLinkObject
- ZwQuerySymbolicLinkObject
- IoCreateFileSpecifyDeviceObjectHint
- IoGetDeviceAttachmentBaseRef
- FsRtlGetFileSize
- ZwDeleteFile
- ZwQuerySystemInformation
- IoFileObjectType
- KeReadStateEvent
- ExQueueWorkItem
- ExGetPreviousMode
- MmGetSystemRoutineAddress
- NtOpenProcess
- ZwCreateEvent
- ZwWaitForSingleObject
- ZwSetEvent
- NtQuerySystemInformation
- ExEventObjectType
- NtBuildNumber
- ZwDeleteKey
- ObReferenceObjectByName
- IoDriverObjectType
- MmIsDriverVerifying
- IofCompleteRequest
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- PsGetCurrentProcessSessionId
- ZwTerminateProcess
- KeStackAttachProcess
- KeUnstackDetachProcess
- ZwOpenThread
- PsProcessType
- ExInterlockedInsertHeadList
- ExInterlockedRemoveHeadList
- CmRegisterCallback
- CmUnRegisterCallback
- RtlCreateRegistryKey
- ZwOpenKey
- ZwEnumerateKey
- ZwQueryKey
- ZwQueryValueKey
- PsGetProcessId
- RtlUnicodeStringToAnsiString
- RtlFreeAnsiString
- ProbeForWrite
- PsSetLoadImageNotifyRoutine
- PsRemoveLoadImageNotifyRoutine
- MmSystemRangeStart
- KeBugCheckEx
Exported Functions
Expand
Sections
Expand
- .text
- .hook
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
"TBS": {
"MD5": "17e68f0650db3d4d698ef88ef963b47e",
"SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
"SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
"SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
},
"ValidFrom": "2014-12-16 00:00:00",
"ValidTo": "2017-12-20 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
"Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"TBS": {
"MD5": "829995f702421dea833a24fb2c7f4442",
"SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
"SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
"SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
},
"ValidFrom": "2011-02-11 12:00:00",
"ValidTo": "2026-02-10 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | d0785ad36e427c92b19f6826ab1e8020 |
| ToBeSigned (TBS) SHA1 | 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 |
| ToBeSigned (TBS) SHA256 | c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 |
| ValidFrom | 2012-12-21 00:00:00 |
| ValidTo | 2020-12-30 23:59:59 |
| Signature | 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 7e93ebfb7cc64e59ea4b9a77d406fc3b |
| Version | 3 |
Certificate 0ecff438c8febf356e04d86a981b1a50
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | e9d38360b914c8863f6cba3ee58764d3 |
| ToBeSigned (TBS) SHA1 | 4cba8eae47b6bf76f20b3504b98b8f062694a89b |
| ToBeSigned (TBS) SHA256 | 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 |
| ValidFrom | 2012-10-18 00:00:00 |
| ValidTo | 2020-12-29 23:59:59 |
| Signature | 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0ecff438c8febf356e04d86a981b1a50 |
| Version | 3 |
Certificate 0210230fd364b469091b8a4440145e18
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 17e68f0650db3d4d698ef88ef963b47e |
| ToBeSigned (TBS) SHA1 | 00162854ea07ea0a83aa941767277a5c3ab03c9d |
| ToBeSigned (TBS) SHA256 | 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d |
| Subject | C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd. |
| ValidFrom | 2014-12-16 00:00:00 |
| ValidTo | 2017-12-20 12:00:00 |
| Signature | 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0210230fd364b469091b8a4440145e18 |
| Version | 3 |
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 02c4d1e58a4a680c568da3047e7e4d5f
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 829995f702421dea833a24fb2c7f4442 |
| ToBeSigned (TBS) SHA1 | 1d7e838accd498c2e5ba9373af819ec097bb955c |
| ToBeSigned (TBS) SHA256 | 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1 |
| ValidFrom | 2011-02-11 12:00:00 |
| ValidTo | 2026-02-10 12:00:00 |
| Signature | 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 02c4d1e58a4a680c568da3047e7e4d5f |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- HAL.dll
- FLTMGR.SYS
Imported Functions
Expand
- _allmul
- strchr
- RtlAppendUnicodeToString
- KeInitializeSemaphore
- KeReleaseSemaphore
- KeWaitForSingleObject
- PsCreateSystemThread
- PsTerminateSystemThread
- ZwQueryInformationFile
- ZwWriteFile
- PsGetCurrentThreadId
- ZwDeleteFile
- _vsnprintf
- PsThreadType
- KeQuerySystemTime
- PsSetCreateProcessNotifyRoutine
- PsGetProcessSessionId
- RtlAppendUnicodeStringToString
- ZwDeleteValueKey
- ZwSetValueKey
- towupper
- KeGetCurrentThread
- RtlIntegerToUnicodeString
- RtlCompareMemory
- KeInitializeEvent
- KeSetEvent
- KefAcquireSpinLockAtDpcLevel
- KefReleaseSpinLockFromDpcLevel
- MmProbeAndLockPages
- IoAllocateIrp
- IoAllocateMdl
- IofCallDriver
- IoFreeIrp
- IoFreeMdl
- IoGetDeviceObjectPointer
- IoGetRelatedDeviceObject
- ObCloseHandle
- ObfReferenceObject
- ZwSetInformationFile
- ZwReadFile
- ZwOpenSymbolicLinkObject
- ZwQuerySymbolicLinkObject
- IoCreateFileSpecifyDeviceObjectHint
- IoGetDeviceAttachmentBaseRef
- FsRtlGetFileSize
- ZwQuerySystemInformation
- IoFileObjectType
- ZwQueryInformationProcess
- ExQueueWorkItem
- ExGetPreviousMode
- MmGetSystemRoutineAddress
- NtOpenProcess
- ZwCreateEvent
- ZwWaitForSingleObject
- ZwSetEvent
- NtQuerySystemInformation
- ExEventObjectType
- NtBuildNumber
- ZwDeleteKey
- ObReferenceObjectByName
- IoDriverObjectType
- MmIsDriverVerifying
- IofCompleteRequest
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- RtlSetDaclSecurityDescriptor
- MmMapLockedPagesSpecifyCache
- PsGetProcessId
- IoThreadToProcess
- PsGetCurrentProcessSessionId
- ZwTerminateProcess
- KeStackAttachProcess
- KeUnstackDetachProcess
- ZwOpenThread
- PsProcessType
- ExfInterlockedInsertHeadList
- ExfInterlockedRemoveHeadList
- CmRegisterCallback
- CmUnRegisterCallback
- RtlCreateRegistryKey
- ZwOpenKey
- ZwEnumerateKey
- ZwQueryKey
- ZwQueryValueKey
- KeServiceDescriptorTable
- RtlUnicodeStringToAnsiString
- RtlFreeAnsiString
- ProbeForWrite
- PsSetLoadImageNotifyRoutine
- PsRemoveLoadImageNotifyRoutine
- PsGetProcessSectionBaseAddress
- MmSystemRangeStart
- KeBugCheckEx
- RtlUnwind
- PsGetProcessImageFileName
- FsRtlIsNameInExpression
- ObQueryNameString
- PsLookupProcessByProcessId
- PsGetCurrentProcessId
- ZwOpenProcess
- RtlUpcaseUnicodeString
- RtlUpperString
- ZwClose
- ZwCreateFile
- ObfDereferenceObject
- ObReferenceObjectByHandle
- ProbeForRead
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- KeDelayExecutionThread
- RtlGetVersion
- DbgPrint
- RtlCopyUnicodeString
- RtlInitUnicodeString
- wcsstr
- strstr
- _aullshr
- memcpy
- KeReadStateEvent
- memset
- KfRaiseIrql
- KfLowerIrql
- KfReleaseSpinLock
- KfAcquireSpinLock
- KeGetCurrentIrql
- FltSendMessage
- FltCloseCommunicationPort
- FltCreateCommunicationPort
- FltReleaseContext
- FltGetStreamHandleContext
- FltSetStreamHandleContext
- FltAllocateContext
- FltCancelFileOpen
- FltQueryInformationFile
- FltReadFile
- FltParseFileNameInformation
- FltReleaseFileNameInformation
- FltGetFileNameInformation
- FltFreePoolAlignedWithTag
- FltAllocatePoolAlignedWithTag
- FltStartFiltering
- FltUnregisterFilter
- FltRegisterFilter
- FltBuildDefaultSecurityDescriptor
Exported Functions
Expand
Sections
Expand
- .text
- .hook
- .rdata
- .data
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
"TBS": {
"MD5": "17e68f0650db3d4d698ef88ef963b47e",
"SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
"SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
"SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
},
"ValidFrom": "2014-12-16 00:00:00",
"ValidTo": "2017-12-20 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
"Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"TBS": {
"MD5": "829995f702421dea833a24fb2c7f4442",
"SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
"SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
"SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
},
"ValidFrom": "2011-02-11 12:00:00",
"ValidTo": "2026-02-10 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | d0785ad36e427c92b19f6826ab1e8020 |
| ToBeSigned (TBS) SHA1 | 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 |
| ToBeSigned (TBS) SHA256 | c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 |
| ValidFrom | 2012-12-21 00:00:00 |
| ValidTo | 2020-12-30 23:59:59 |
| Signature | 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 7e93ebfb7cc64e59ea4b9a77d406fc3b |
| Version | 3 |
Certificate 0ecff438c8febf356e04d86a981b1a50
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | e9d38360b914c8863f6cba3ee58764d3 |
| ToBeSigned (TBS) SHA1 | 4cba8eae47b6bf76f20b3504b98b8f062694a89b |
| ToBeSigned (TBS) SHA256 | 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 |
| ValidFrom | 2012-10-18 00:00:00 |
| ValidTo | 2020-12-29 23:59:59 |
| Signature | 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0ecff438c8febf356e04d86a981b1a50 |
| Version | 3 |
Certificate 0210230fd364b469091b8a4440145e18
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 17e68f0650db3d4d698ef88ef963b47e |
| ToBeSigned (TBS) SHA1 | 00162854ea07ea0a83aa941767277a5c3ab03c9d |
| ToBeSigned (TBS) SHA256 | 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d |
| Subject | C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd. |
| ValidFrom | 2014-12-16 00:00:00 |
| ValidTo | 2017-12-20 12:00:00 |
| Signature | 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0210230fd364b469091b8a4440145e18 |
| Version | 3 |
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 02c4d1e58a4a680c568da3047e7e4d5f
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 829995f702421dea833a24fb2c7f4442 |
| ToBeSigned (TBS) SHA1 | 1d7e838accd498c2e5ba9373af819ec097bb955c |
| ToBeSigned (TBS) SHA256 | 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1 |
| ValidFrom | 2011-02-11 12:00:00 |
| ValidTo | 2026-02-10 12:00:00 |
| Signature | 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 02c4d1e58a4a680c568da3047e7e4d5f |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- strstr
- wcsstr
- RtlInitUnicodeString
- RtlCopyUnicodeString
- RtlGetVersion
- KeDelayExecutionThread
- ExAllocatePoolWithTag
- ExFreePoolWithTag
- ProbeForRead
- ObReferenceObjectByHandle
- ObfDereferenceObject
- ZwCreateFile
- ZwClose
- RtlUpperString
- RtlUpcaseUnicodeString
- PsGetCurrentProcessId
- ZwOpenProcess
- PsLookupProcessByProcessId
- ObQueryNameString
- FsRtlIsNameInExpression
- ZwQueryInformationProcess
- __C_specific_handler
- DbgPrint
- KeAcquireSpinLockRaiseToDpc
- KeReleaseSpinLock
- PsSetCreateProcessNotifyRoutine
- PsGetProcessImageFileName
- PsGetProcessSessionId
- RtlAppendUnicodeStringToString
- ZwDeleteValueKey
- ZwSetValueKey
- towupper
- RtlIntegerToUnicodeString
- RtlAppendUnicodeToString
- KeInitializeEvent
- KeSetEvent
- KeWaitForSingleObject
- KeAcquireSpinLockAtDpcLevel
- KeReleaseSpinLockFromDpcLevel
- MmProbeAndLockPages
- IoAllocateIrp
- IoAllocateMdl
- IofCallDriver
- IoFreeIrp
- IoFreeMdl
- IoGetDeviceObjectPointer
- IoGetRelatedDeviceObject
- ObCloseHandle
- ObfReferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwOpenSymbolicLinkObject
- ZwQuerySymbolicLinkObject
- IoCreateFileSpecifyDeviceObjectHint
- IoGetDeviceAttachmentBaseRef
- FsRtlGetFileSize
- ZwDeleteFile
- ZwQuerySystemInformation
- IoFileObjectType
- KeReadStateEvent
- ExQueueWorkItem
- ExGetPreviousMode
- MmGetSystemRoutineAddress
- NtOpenProcess
- ZwCreateEvent
- ZwWaitForSingleObject
- ZwSetEvent
- NtQuerySystemInformation
- ExEventObjectType
- NtBuildNumber
- ZwDeleteKey
- ObReferenceObjectByName
- IoDriverObjectType
- MmIsDriverVerifying
- IofCompleteRequest
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- PsGetCurrentProcessSessionId
- ZwTerminateProcess
- KeStackAttachProcess
- KeUnstackDetachProcess
- PsProcessType
- ExInterlockedInsertHeadList
- ExInterlockedRemoveHeadList
- CmRegisterCallback
- CmUnRegisterCallback
- RtlCreateRegistryKey
- ZwOpenKey
- ZwEnumerateKey
- ZwQueryKey
- ZwQueryValueKey
- PsGetProcessId
- RtlUnicodeStringToAnsiString
- RtlFreeAnsiString
- PsSetLoadImageNotifyRoutine
- PsRemoveLoadImageNotifyRoutine
- MmSystemRangeStart
- KeBugCheckEx
Exported Functions
Expand
Sections
Expand
- .text
- .hook
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
"TBS": {
"MD5": "17e68f0650db3d4d698ef88ef963b47e",
"SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
"SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
"SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
},
"ValidFrom": "2014-12-16 00:00:00",
"ValidTo": "2017-12-20 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
"Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"TBS": {
"MD5": "829995f702421dea833a24fb2c7f4442",
"SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
"SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
"SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
},
"ValidFrom": "2011-02-11 12:00:00",
"ValidTo": "2026-02-10 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | d0785ad36e427c92b19f6826ab1e8020 |
| ToBeSigned (TBS) SHA1 | 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 |
| ToBeSigned (TBS) SHA256 | c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 |
| ValidFrom | 2012-12-21 00:00:00 |
| ValidTo | 2020-12-30 23:59:59 |
| Signature | 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 7e93ebfb7cc64e59ea4b9a77d406fc3b |
| Version | 3 |
Certificate 0ecff438c8febf356e04d86a981b1a50
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | e9d38360b914c8863f6cba3ee58764d3 |
| ToBeSigned (TBS) SHA1 | 4cba8eae47b6bf76f20b3504b98b8f062694a89b |
| ToBeSigned (TBS) SHA256 | 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 |
| ValidFrom | 2012-10-18 00:00:00 |
| ValidTo | 2020-12-29 23:59:59 |
| Signature | 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0ecff438c8febf356e04d86a981b1a50 |
| Version | 3 |
Certificate 0210230fd364b469091b8a4440145e18
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 17e68f0650db3d4d698ef88ef963b47e |
| ToBeSigned (TBS) SHA1 | 00162854ea07ea0a83aa941767277a5c3ab03c9d |
| ToBeSigned (TBS) SHA256 | 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d |
| Subject | C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd. |
| ValidFrom | 2014-12-16 00:00:00 |
| ValidTo | 2017-12-20 12:00:00 |
| Signature | 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0210230fd364b469091b8a4440145e18 |
| Version | 3 |
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 02c4d1e58a4a680c568da3047e7e4d5f
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 829995f702421dea833a24fb2c7f4442 |
| ToBeSigned (TBS) SHA1 | 1d7e838accd498c2e5ba9373af819ec097bb955c |
| ToBeSigned (TBS) SHA256 | 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1 |
| ValidFrom | 2011-02-11 12:00:00 |
| ValidTo | 2026-02-10 12:00:00 |
| Signature | 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 02c4d1e58a4a680c568da3047e7e4d5f |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- FsRtlIsNameInExpression
- PsGetProcessImageFileName
- ZwQueryInformationProcess
- __C_specific_handler
- strchr
- RtlAppendUnicodeToString
- KeInitializeSemaphore
- KeReleaseSemaphore
- KeWaitForSingleObject
- KeAcquireSpinLockRaiseToDpc
- KeReleaseSpinLock
- PsCreateSystemThread
- PsTerminateSystemThread
- ZwQueryInformationFile
- ZwWriteFile
- PsGetCurrentThreadId
- ZwDeleteFile
- _vsnprintf
- PsThreadType
- PsSetCreateProcessNotifyRoutine
- PsGetProcessSessionId
- RtlAppendUnicodeStringToString
- ZwDeleteValueKey
- ZwSetValueKey
- towupper
- RtlIntegerToUnicodeString
- KeInitializeEvent
- KeSetEvent
- KeAcquireSpinLockAtDpcLevel
- KeReleaseSpinLockFromDpcLevel
- MmProbeAndLockPages
- IoAllocateIrp
- IoAllocateMdl
- IofCallDriver
- IoFreeIrp
- IoFreeMdl
- IoGetDeviceObjectPointer
- IoGetRelatedDeviceObject
- ObCloseHandle
- ObfReferenceObject
- ZwSetInformationFile
- ZwReadFile
- ZwOpenSymbolicLinkObject
- ZwQuerySymbolicLinkObject
- IoCreateFileSpecifyDeviceObjectHint
- IoGetDeviceAttachmentBaseRef
- FsRtlGetFileSize
- ObQueryNameString
- IoFileObjectType
- KeReadStateEvent
- ExQueueWorkItem
- ExGetPreviousMode
- MmGetSystemRoutineAddress
- NtOpenProcess
- ZwCreateEvent
- ZwWaitForSingleObject
- ZwSetEvent
- NtQuerySystemInformation
- ExEventObjectType
- NtBuildNumber
- ZwDeleteKey
- ObReferenceObjectByName
- IoDriverObjectType
- MmIsDriverVerifying
- IofCompleteRequest
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- RtlSetDaclSecurityDescriptor
- MmMapLockedPagesSpecifyCache
- PsGetProcessId
- IoThreadToProcess
- PsGetCurrentProcessSessionId
- ZwTerminateProcess
- KeStackAttachProcess
- KeUnstackDetachProcess
- ZwOpenThread
- PsProcessType
- ExInterlockedInsertHeadList
- ExInterlockedRemoveHeadList
- CmRegisterCallback
- CmUnRegisterCallback
- RtlCreateRegistryKey
- ZwOpenKey
- ZwEnumerateKey
- ZwQueryKey
- ZwQueryValueKey
- RtlUnicodeStringToAnsiString
- RtlFreeAnsiString
- ProbeForWrite
- PsSetLoadImageNotifyRoutine
- PsRemoveLoadImageNotifyRoutine
- PsGetProcessSectionBaseAddress
- MmSystemRangeStart
- KeBugCheckEx
- PsLookupProcessByProcessId
- ZwOpenProcess
- PsGetCurrentProcessId
- RtlUpcaseUnicodeString
- RtlUpperString
- ZwClose
- ZwCreateFile
- ObfDereferenceObject
- ObReferenceObjectByHandle
- ProbeForRead
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- KeDelayExecutionThread
- RtlGetVersion
- RtlCopyUnicodeString
- RtlInitUnicodeString
- wcsstr
- strstr
- ZwQuerySystemInformation
- DbgPrint
- FltSendMessage
- FltCloseCommunicationPort
- FltCreateCommunicationPort
- FltReleaseContext
- FltGetStreamHandleContext
- FltSetStreamHandleContext
- FltAllocateContext
- FltCancelFileOpen
- FltQueryInformationFile
- FltReadFile
- FltParseFileNameInformation
- FltReleaseFileNameInformation
- FltGetFileNameInformation
- FltFreePoolAlignedWithTag
- FltAllocatePoolAlignedWithTag
- FltStartFiltering
- FltUnregisterFilter
- FltRegisterFilter
- FltBuildDefaultSecurityDescriptor
Exported Functions
Expand
Sections
Expand
- .text
- .hook
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
"TBS": {
"MD5": "17e68f0650db3d4d698ef88ef963b47e",
"SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
"SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
"SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
},
"ValidFrom": "2014-12-16 00:00:00",
"ValidTo": "2017-12-20 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
"Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"TBS": {
"MD5": "829995f702421dea833a24fb2c7f4442",
"SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
"SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
"SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
},
"ValidFrom": "2011-02-11 12:00:00",
"ValidTo": "2026-02-10 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | d0785ad36e427c92b19f6826ab1e8020 |
| ToBeSigned (TBS) SHA1 | 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 |
| ToBeSigned (TBS) SHA256 | c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 |
| ValidFrom | 2012-12-21 00:00:00 |
| ValidTo | 2020-12-30 23:59:59 |
| Signature | 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 7e93ebfb7cc64e59ea4b9a77d406fc3b |
| Version | 3 |
Certificate 0ecff438c8febf356e04d86a981b1a50
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | e9d38360b914c8863f6cba3ee58764d3 |
| ToBeSigned (TBS) SHA1 | 4cba8eae47b6bf76f20b3504b98b8f062694a89b |
| ToBeSigned (TBS) SHA256 | 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 |
| ValidFrom | 2012-10-18 00:00:00 |
| ValidTo | 2020-12-29 23:59:59 |
| Signature | 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0ecff438c8febf356e04d86a981b1a50 |
| Version | 3 |
Certificate 0210230fd364b469091b8a4440145e18
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 17e68f0650db3d4d698ef88ef963b47e |
| ToBeSigned (TBS) SHA1 | 00162854ea07ea0a83aa941767277a5c3ab03c9d |
| ToBeSigned (TBS) SHA256 | 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d |
| Subject | C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd. |
| ValidFrom | 2014-12-16 00:00:00 |
| ValidTo | 2017-12-20 12:00:00 |
| Signature | 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0210230fd364b469091b8a4440145e18 |
| Version | 3 |
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 02c4d1e58a4a680c568da3047e7e4d5f
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 829995f702421dea833a24fb2c7f4442 |
| ToBeSigned (TBS) SHA1 | 1d7e838accd498c2e5ba9373af819ec097bb955c |
| ToBeSigned (TBS) SHA256 | 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1 |
| ValidFrom | 2011-02-11 12:00:00 |
| ValidTo | 2026-02-10 12:00:00 |
| Signature | 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 02c4d1e58a4a680c568da3047e7e4d5f |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- RtlUpperString
- RtlUpcaseUnicodeString
- PsGetCurrentProcessId
- ZwOpenProcess
- PsLookupProcessByProcessId
- ObQueryNameString
- FsRtlIsNameInExpression
- ZwQueryInformationProcess
- __C_specific_handler
- DbgPrint
- KeAcquireSpinLockRaiseToDpc
- KeReleaseSpinLock
- PsSetCreateProcessNotifyRoutine
- PsGetProcessImageFileName
- PsGetProcessSessionId
- RtlAppendUnicodeStringToString
- ZwDeleteValueKey
- ZwSetValueKey
- towupper
- RtlIntegerToUnicodeString
- RtlAppendUnicodeToString
- KeInitializeEvent
- KeSetEvent
- KeWaitForSingleObject
- KeAcquireSpinLockAtDpcLevel
- KeReleaseSpinLockFromDpcLevel
- MmProbeAndLockPages
- IoAllocateIrp
- IoAllocateMdl
- IofCallDriver
- IoFreeIrp
- IoFreeMdl
- IoGetDeviceObjectPointer
- IoGetRelatedDeviceObject
- ObCloseHandle
- ObfReferenceObject
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- ZwOpenSymbolicLinkObject
- ZwQuerySymbolicLinkObject
- IoCreateFileSpecifyDeviceObjectHint
- IoGetDeviceAttachmentBaseRef
- FsRtlGetFileSize
- ZwDeleteFile
- ZwClose
- IoFileObjectType
- KeReadStateEvent
- ExQueueWorkItem
- ExGetPreviousMode
- MmGetSystemRoutineAddress
- NtOpenProcess
- ZwCreateEvent
- ZwWaitForSingleObject
- ZwSetEvent
- NtQuerySystemInformation
- ExEventObjectType
- NtBuildNumber
- ZwDeleteKey
- ObReferenceObjectByName
- IoDriverObjectType
- MmIsDriverVerifying
- IofCompleteRequest
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- RtlSetDaclSecurityDescriptor
- PsGetProcessId
- PsGetCurrentProcessSessionId
- ZwTerminateProcess
- KeStackAttachProcess
- KeUnstackDetachProcess
- ZwOpenThread
- PsProcessType
- ExInterlockedInsertHeadList
- ExInterlockedRemoveHeadList
- CmRegisterCallback
- CmUnRegisterCallback
- RtlCreateRegistryKey
- ZwOpenKey
- ZwEnumerateKey
- ZwQueryKey
- ZwQueryValueKey
- RtlUnicodeStringToAnsiString
- RtlFreeAnsiString
- ProbeForWrite
- PsSetLoadImageNotifyRoutine
- PsRemoveLoadImageNotifyRoutine
- MmSystemRangeStart
- KeBugCheckEx
- ZwCreateFile
- ObfDereferenceObject
- ObReferenceObjectByHandle
- ProbeForRead
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- KeDelayExecutionThread
- RtlGetVersion
- RtlCopyUnicodeString
- RtlInitUnicodeString
- wcsstr
- ZwQuerySystemInformation
- strstr
- FltSendMessage
- FltCloseCommunicationPort
- FltCreateCommunicationPort
- FltStartFiltering
- FltUnregisterFilter
- FltRegisterFilter
- FltBuildDefaultSecurityDescriptor
Exported Functions
Expand
Sections
Expand
- .text
- .hook
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
"TBS": {
"MD5": "17e68f0650db3d4d698ef88ef963b47e",
"SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
"SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
"SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
},
"ValidFrom": "2014-12-16 00:00:00",
"ValidTo": "2017-12-20 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
"Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"TBS": {
"MD5": "829995f702421dea833a24fb2c7f4442",
"SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
"SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
"SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
},
"ValidFrom": "2011-02-11 12:00:00",
"ValidTo": "2026-02-10 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | d0785ad36e427c92b19f6826ab1e8020 |
| ToBeSigned (TBS) SHA1 | 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 |
| ToBeSigned (TBS) SHA256 | c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 |
| ValidFrom | 2012-12-21 00:00:00 |
| ValidTo | 2020-12-30 23:59:59 |
| Signature | 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 7e93ebfb7cc64e59ea4b9a77d406fc3b |
| Version | 3 |
Certificate 0ecff438c8febf356e04d86a981b1a50
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | e9d38360b914c8863f6cba3ee58764d3 |
| ToBeSigned (TBS) SHA1 | 4cba8eae47b6bf76f20b3504b98b8f062694a89b |
| ToBeSigned (TBS) SHA256 | 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 |
| ValidFrom | 2012-10-18 00:00:00 |
| ValidTo | 2020-12-29 23:59:59 |
| Signature | 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0ecff438c8febf356e04d86a981b1a50 |
| Version | 3 |
Certificate 0210230fd364b469091b8a4440145e18
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 17e68f0650db3d4d698ef88ef963b47e |
| ToBeSigned (TBS) SHA1 | 00162854ea07ea0a83aa941767277a5c3ab03c9d |
| ToBeSigned (TBS) SHA256 | 7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d |
| Subject | C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd. |
| ValidFrom | 2014-12-16 00:00:00 |
| ValidTo | 2017-12-20 12:00:00 |
| Signature | 8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0210230fd364b469091b8a4440145e18 |
| Version | 3 |
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 02c4d1e58a4a680c568da3047e7e4d5f
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 829995f702421dea833a24fb2c7f4442 |
| ToBeSigned (TBS) SHA1 | 1d7e838accd498c2e5ba9373af819ec097bb955c |
| ToBeSigned (TBS) SHA256 | 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1 |
| ValidFrom | 2011-02-11 12:00:00 |
| ValidTo | 2026-02-10 12:00:00 |
| Signature | 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 02c4d1e58a4a680c568da3047e7e4d5f |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- FsRtlIsNameInExpression
- PsGetProcessImageFileName
- ZwQueryInformationProcess
- __C_specific_handler
- strchr
- RtlAppendUnicodeToString
- KeInitializeSemaphore
- KeReleaseSemaphore
- KeWaitForSingleObject
- KeAcquireSpinLockRaiseToDpc
- KeReleaseSpinLock
- PsCreateSystemThread
- PsTerminateSystemThread
- ZwQueryInformationFile
- ZwWriteFile
- PsGetCurrentThreadId
- ZwDeleteFile
- _vsnprintf
- PsThreadType
- PsSetCreateProcessNotifyRoutine
- PsGetProcessSessionId
- RtlAppendUnicodeStringToString
- ZwDeleteValueKey
- ZwSetValueKey
- towupper
- RtlIntegerToUnicodeString
- KeInitializeEvent
- KeSetEvent
- KeAcquireSpinLockAtDpcLevel
- KeReleaseSpinLockFromDpcLevel
- MmProbeAndLockPages
- IoAllocateIrp
- IoAllocateMdl
- IofCallDriver
- IoFreeIrp
- IoFreeMdl
- IoGetDeviceObjectPointer
- IoGetRelatedDeviceObject
- ObCloseHandle
- ObfReferenceObject
- ZwSetInformationFile
- ZwReadFile
- ZwOpenSymbolicLinkObject
- ZwQuerySymbolicLinkObject
- IoCreateFileSpecifyDeviceObjectHint
- IoGetDeviceAttachmentBaseRef
- FsRtlGetFileSize
- ObQueryNameString
- IoFileObjectType
- KeReadStateEvent
- ExQueueWorkItem
- ExGetPreviousMode
- MmGetSystemRoutineAddress
- NtOpenProcess
- ZwCreateEvent
- ZwWaitForSingleObject
- ZwSetEvent
- NtQuerySystemInformation
- ExEventObjectType
- NtBuildNumber
- ZwDeleteKey
- ObReferenceObjectByName
- IoDriverObjectType
- MmIsDriverVerifying
- IofCompleteRequest
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- RtlSetDaclSecurityDescriptor
- MmMapLockedPagesSpecifyCache
- PsGetProcessId
- IoThreadToProcess
- PsGetCurrentProcessSessionId
- ZwTerminateProcess
- KeStackAttachProcess
- KeUnstackDetachProcess
- ZwOpenThread
- PsProcessType
- ExInterlockedInsertHeadList
- ExInterlockedRemoveHeadList
- CmRegisterCallback
- CmUnRegisterCallback
- RtlCreateRegistryKey
- ZwOpenKey
- ZwEnumerateKey
- ZwQueryKey
- ZwQueryValueKey
- RtlUnicodeStringToAnsiString
- RtlFreeAnsiString
- ProbeForWrite
- PsSetLoadImageNotifyRoutine
- PsRemoveLoadImageNotifyRoutine
- PsGetProcessSectionBaseAddress
- MmSystemRangeStart
- KeBugCheckEx
- PsLookupProcessByProcessId
- ZwOpenProcess
- PsGetCurrentProcessId
- RtlUpcaseUnicodeString
- RtlUpperString
- ZwClose
- ZwCreateFile
- ObfDereferenceObject
- ObReferenceObjectByHandle
- ProbeForRead
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- KeDelayExecutionThread
- RtlGetVersion
- DbgPrint
- RtlCopyUnicodeString
- RtlInitUnicodeString
- wcsstr
- ZwQuerySystemInformation
- strstr
- FltSendMessage
- FltCloseCommunicationPort
- FltCreateCommunicationPort
- FltReleaseContext
- FltGetStreamHandleContext
- FltSetStreamHandleContext
- FltAllocateContext
- FltCancelFileOpen
- FltQueryInformationFile
- FltReadFile
- FltParseFileNameInformation
- FltReleaseFileNameInformation
- FltGetFileNameInformation
- FltFreePoolAlignedWithTag
- FltAllocatePoolAlignedWithTag
- FltStartFiltering
- FltUnregisterFilter
- FltRegisterFilter
- FltBuildDefaultSecurityDescriptor
Exported Functions
Expand
Sections
Expand
- .text
- .hook
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
"TBS": {
"MD5": "17e68f0650db3d4d698ef88ef963b47e",
"SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
"SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
"SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
},
"ValidFrom": "2014-12-16 00:00:00",
"ValidTo": "2017-12-20 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
"Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"TBS": {
"MD5": "829995f702421dea833a24fb2c7f4442",
"SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
"SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
"SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
},
"ValidFrom": "2011-02-11 12:00:00",
"ValidTo": "2026-02-10 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 01ee5f169dff97352b6465d66a
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 51c3959a45cecf3d21a3effb05762573 |
| ToBeSigned (TBS) SHA1 | ecfcd25fd0525448a74875ba271566bc0bfbf061 |
| ToBeSigned (TBS) SHA256 | de1da11668f0a8d5e13346ed3ab2755f5d25bebffcfd1d0bde5b9f87bc292c91 |
| Subject | OU=GlobalSign Root CA , R3, O=GlobalSign, CN=GlobalSign |
| ValidFrom | 2018-09-19 00:00:00 |
| ValidTo | 2028-01-28 12:00:00 |
| Signature | 2370e9cfe2bef559ae94426fc44333aacd3f3ab96417f262064b48f140880617a1feabd15f3cc633f2f38edd1f1d3ecc1a6099820bacc7fc7e9a872aa57d0fa657eeac3b6a85d6debd4063f8ada6c888b012fcf641df0f09971e38ea539fbe05f43eead39f501276be098bc20b487d1e2e51f68d53d3ab1f401b8a8eed7dfb4f7956705f0cd38e1bb3a7700d372b9795abdae0126b1c40cec5c77eedc26258ec77ed7322c28af5864388adea136efdd8fe422fb97d5ead18ef9490ca3d27ab26949975c7cbd37bf7ca4cd3af5121925b847d2b9f153f74cb51e89e830e166f1be746ce23bdf9e4a28bd2396baa791c912ce261242d8e2a487090c41ec5e8e070 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 01ee5f169dff97352b6465d66a |
| Version | 3 |
Certificate 6129152700000000002a
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 0bb058d116f02817737920f112d9fd3b |
| ToBeSigned (TBS) SHA1 | fd116235171a4feafedee586b7a59185fb5fd7e6 |
| ToBeSigned (TBS) SHA256 | f970426cc46d2ae0fc5f899fa19dbe76e05f07e525654c60c3c9399492c291f4 |
| Subject | C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA |
| ValidFrom | 2011-04-15 19:55:08 |
| ValidTo | 2021-04-15 20:05:08 |
| Signature | 5ff8d065746a81c6a6ca5b03b6914ae84bbdef2ba142f0efb4a5adcd3389ec0b9585ac62501108aa58d25aa08310e5a6337af25af2c5fe787cf09c83df190ad97396002dd62ccde914d41d9de83f3c1a76f7904efb01350a6c9313a0c356eb67a0e4d17a96dec267f190f80a7bf5321b94ec5f751f8d1b34da6c58a7cb2d279e2226b7c9aa30cc0777b836e38201b5393ccc8dd9a75f7f23b3877fdb5798918bd7ce2520e39d644fdd87f72b68490318e0a5df7c5f68644d36838d4781f2e9e0a869abfa7b163c05a449ea8830190a6c73055178dfd41ddd3ad47f2de44e54be83431e7a7433b4a4ebd77073bc2a02988966eef6bc8f749378e329025a5a43e258ce7ccf9acad236893be25fda26054ec8d4e72c910e1797c5beee8b13112323294ffa83d050f6bafad53db3173df4ff034aa325dce67561d1fa35086bd62744d068b78d45e0eb852cc8a15d614474160e5958aed2b5eea5bcd6d7076ab62978fd976767dd8d4f17944fd2ed0caf972437c3a29c81da6be143b6577b4cecbf791319e79fe844e94781b75e701e91f83dd17b27f50b7056434805dda92fab86101d0b12e31ad04c6e75ded645b30b748887935c564a41029af7aeb799d8b67f88fa11f2457cf4d71b91c01cf1a0fbd4080a411a142acef4eb34486e66879ed54b7a397fbb0e3d3861cf735706e412066bd96b5308cd7018c22d4f974691bca9f0 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 6129152700000000002a |
| Version | 3 |
Certificate 0e9b188ef9d02de7efdb50e20840185a
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 21a266bd49f2778b24d13d95641ea6ac |
| ToBeSigned (TBS) SHA1 | 21319f341fdf06bf6a104427afa8b7823b1ea7f3 |
| ToBeSigned (TBS) SHA256 | e933dc68ee65abd1f9b1aa6738eff60a6895d3d8cc4accf0c69069aa3decd757 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4 |
| ValidFrom | 2022-08-01 00:00:00 |
| ValidTo | 2031-11-09 23:59:59 |
| Signature | 70a0bf435c55e7385fa0a3741b3db616d7f7bf5707bd9aaca1872cec855ea91abb22f8871a695422eda488776dbd1a14f4134a7a2f2db738eff4ff80b9f8a1f7f272de24bc5203c84ed02adefa2d56cff9f4f7ac307a9a8bb25ed4cfd143449b4321eb9672a148b499cb9d4fa7060313772744d4e77fe859a8f0bf2f0ba6e9f2343cecf703c787a8d24c401935466a6954b0b8a1568eeca4d53de8b1dcfd1cd8f4775a5c548c6fefa1503dfc760968849f6fcadb208d35601c0203cb20b0ac58a00e4063c59822c1b259f5556bcf27ab6c76ce6f232df47e716a236b22ff12b8542d277ed83ad9f0b68796fd5bd15cac18c34d9f73b701a99f57aa5e28e2b994 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.12 |
| IsCertificateAuthority | True |
| SerialNumber | 0e9b188ef9d02de7efdb50e20840185a |
| Version | 3 |
Certificate 7803184245708a41cf6f01b8eeb4a954
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a33260428269bc902bc1cd280e4b1837 |
| ToBeSigned (TBS) SHA1 | 254209ca172cffcc67bd2a88996556d2f09538f0 |
| ToBeSigned (TBS) SHA256 | a67411358594f2cf016741a63fd49f36de917f86531b3e3a43eb6a421c654868 |
| Subject | C=BE, O=GlobalSign nv,sa, CN=GlobalSign Code Signing Root R45 |
| ValidFrom | 2020-07-28 00:00:00 |
| ValidTo | 2029-03-18 00:00:00 |
| Signature | acf7cc158b3079a81d0b28881909d71c7ffe86bd7b5a336e0d670e7b62d9e1185cb0bd135d1d23ae39507637aa44fd5f01235986564cccadbc64131430a420a8e03fe89c72dc7ef3d80c23baa82daa3cf6ec9f87310765f539a7518275e1f22f97f6d1e165968364fea11d51fbb5249bf5d27769bc852c5cfa5877d1aea7b10be2d677bba9b4344aa96f3df4f30d955de6f97a45b02517312edbf70f68e6831fa9f7e5d49d988cd3614b2fc3287e7ade930eb47da00a6d92c4b4663f7da758eeacf7ecc30801ab38fc0a1ca9c597b288c8090219f65c9a1af14d6c30d4b306ab0060480d78abcf17ad9293622077756cbdc832b4dc4debd9dfc1909629bdc17f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.12 |
| IsCertificateAuthority | True |
| SerialNumber | 7803184245708a41cf6f01b8eeb4a954 |
| Version | 3 |
Certificate 073637b724547cd847acfd28662a5e5b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | e4b8ad9932ff9205f580cf8fb2afbb86 |
| ToBeSigned (TBS) SHA1 | 5301f7044d78bf94dd2b6e4871083a17fdba1dcc |
| ToBeSigned (TBS) SHA256 | c3d01499a5d1d2f71e0f44e78fbfa4b8aadb43dd4f226401e0c1d7a6d53357fa |
| Subject | C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA |
| ValidFrom | 2022-03-23 00:00:00 |
| ValidTo | 2037-03-22 23:59:59 |
| Signature | 7d598ec093b66f98a94422017e66d6d82142e1b0182e104d13cf3053cebf18fbc7505de24b29fb708a0daa2969fc69c1cf1d07e93e60c8d80be55c5bd76d87fa842025343167cdb612966fc4504c621d0c0882a816bda956cf15738d012225ce95693f4777fb727414d7ffab4f8a2c7aab85cd435fed60b6aa4f91669e2c9ee08aace5fd8cbc6426876c92bd9d7cd0700a7cefa8bc754fba5af7a910b25de9ff285489f0d58a717665daccf072a323fac0278244ae99271bab241e26c1b7de2aebf69eb1799981a35686ab0a45c9dfc48da0e798fbfba69d72afc4c7c1c16a71d9c6138009c4b69fcd878724bb4fa349b9776691f1729ce94b0252a7377e9353ac3b1d08490f94cd397addff256399272c3d3f6ba7f166c341cd4fb6409b212140d0b71324cddc1d783ae49eade5347192d7266be43873aba6014fbd3f3b78ad4cadfbc4957bed0a5f33398741787a38e99ce1dd23fd1d28d3c7f9e8f1985ffb2bd87ef2469d752c1e272c26db6f157b1e198b36b893d4e6f2179959ca70f037bf9800df20164f27fb606716a166badd55c03a2986b098a02bed9541b73ad5159831b462090f0abd81d913febfa4d1f357d9bc04fa82de32df0489f000cd5dc2f9d0237f000be4760226d9f0657642a6298709472be67f1aa4850ffc9896f655542b1f80fac0f20e2be5d6fba92f44154ae7130e1ddb37381aa12bf6edd67cfc |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 073637b724547cd847acfd28662a5e5b |
| Version | 3 |
Certificate 0544aff3949d0839a6bfdb3f5fe56116
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 7630cbd02cc6732394e9fdfe99d0d8f8 |
| ToBeSigned (TBS) SHA1 | bc1890d694f9d392c4cbae6a174e35d70e7ec8b1 |
| ToBeSigned (TBS) SHA256 | 594a02de632b3a08ed6644c36994025e57f35bc8e7bd16cec5d347883390d1d8 |
| Subject | C=US, O=DigiCert, Inc., CN=DigiCert Timestamp 2023 |
| ValidFrom | 2023-07-14 00:00:00 |
| ValidTo | 2034-10-13 23:59:59 |
| Signature | 811ad6dea0a9b59817bc708d4f8a3c689cd825ffcb2ce4cdea5d2292ec8c2202a9b8cf80a8d9e7e3c5ed26828a712f18dd4eb6de6cd7e1609c2beded3d488eb86bba7c5dbdc26137684977a3eb90aa12d72785f38e1e92dac240389f5dc8a02e2578259d2a057a842998b657798fdb26562bb0f3a7bd370cd898764f56b952c2b69d38a981e76d415c8c69d1b92bc4c67bcf9cfa78e2931a76a26975d350e44412be200d9ea944d0f8e54977085a21c5b4cf98951a54bab9bcc16919bacf16f28337346eb04126ddde5a974f338dd48d777d7545a1a558266a0345ded950b5508caf56bd4cc5e146c528d3ade7430070decc989e198903ead49137ef4d52f3c96021c45647edda114b8c32c388e658e2b6db3ef95fb042d68fe31791d1aac055e386bfac272c41d09a334aa836d4b972967e977938485fcac2dc3d32df75d636675a89f8f6a7c7e54f353c00bdbe9c2a6c7901dcda44e63ade383b075e3958f47c733155a08011cb140c7eaebcfea4eb7965aa68d622ca3beb9a8235572816cb69f2329ab2d2d83ab8b146866bba17fdc4776c156caeabaf733ae84946b7d57fccb638c0d8ec1cf5b6a1b8432cdf4e4c7d1e6870c0770ad402e05c60bb28ff38e5525ad6ac1722234ef4ecd317fb506bff07771f71974441c9b846d36c327c582f674765e51b73b699f96b2c0646ef411ef0f05fe0dbd9ad908044af8010418a |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 0544aff3949d0839a6bfdb3f5fe56116 |
| Version | 3 |
Certificate 77bd0e05b7590bb61d4761531e3f75ed
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 65fd1dac1f115d9507f4e1840c8cb36a |
| ToBeSigned (TBS) SHA1 | c7cf5607e19b22fe60c055e71d9b555d70f71f66 |
| ToBeSigned (TBS) SHA256 | d9c7db0b704f07089440c56e69a0f31d730edf77cfbf7514630e8b5390a270fe |
| Subject | C=BE, O=GlobalSign nv,sa, CN=GlobalSign GCC R45 EV CodeSigning CA 2020 |
| ValidFrom | 2020-07-28 00:00:00 |
| ValidTo | 2030-07-28 00:00:00 |
| Signature | 2575a009c939bab7a139892f189fabd6eb1d4be8947c0d07689b1c9def71b6176a6b024fb33f864587cc659b4ce35806022266d56102c5638fd4a2f1b65e250b7796e9cd7140338829eceef3a26dbc4db53e064bc97333ca08142d3d4ce8b0ba75a6742da4583a6c1349f8a5150a149685b16a68342542af9656f410fa247df12b72c116e16bebe6a998c73e5af4d0189dfd74978677462a3d237d28738aaeef2b1b9abf6c53a7149e3c8771c05e8ec8fbd32a9233ea574d5e075ecac118ac812d1a21fa6ecf97617bdf717a3aca63f7d530443732febb4385dcbafca6ca33192b776ddbcb05f07e5f752ea2b6bf35aa3663c9ce64d9bdfcbc2cf3495600c8122bc627bb37af57efc4cf1e29c4f4e22dce2a61cf57edf50a40e2f518d61ee9902fcad3875f938a481a111de537859f2e66629a5e814e95ac555743dc538b257e3c610f8a0bbaf53fa6d78ef704565e21bb9fd76a7180bf96de7203d8d8222bf327164f38e851400cae92efbe3d7df780c64c36578495a7841548300e5227088d8ea2bd22c719c9a6ca0ea87a36db6aba615f112495a4e28e68ee19a949995ed0b434bdd6f940c710973152393529118724d3c4fba963cb7748d5fa62fc24e0047a4ed0e46edece9e385026f4217165d70925d4c907007ab8c7f377e8c5d4e255d0d31ef67f52e2498db911720c88442633660144dfe4330e21de62894807daf5 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 77bd0e05b7590bb61d4761531e3f75ed |
| Version | 3 |
Certificate 5b3b40442fc61bf39d4ad414
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 69e097228223b745d14e726062ecbd27 |
| ToBeSigned (TBS) SHA1 | aebee16d3f77ca075ede3e4896b6e46e2a9274f0 |
| ToBeSigned (TBS) SHA256 | d54dc9cdcee1f196c17901082956b7be8d78bdd2cd91e72fbda164e4909341df |
| Subject | ??=Private Organization, serialNumber=91440300MA5FD6WK46, ??=CN, ??=Guangdong, ??=Shenzhen, C=CN, ST=Guangdong, L=Shenzhen, O=CleverSoar Electronic Technology Co., Ltd., CN=CleverSoar Electronic Technology Co., Ltd. |
| ValidFrom | 2023-07-24 08:30:28 |
| ValidTo | 2024-07-24 08:30:28 |
| Signature | 81e71777c185f29a3d776650ad84c90e6419af36c0041dbf22561902437ea07c17adddd61992777afa3afa1868cd90b5c1b1a0539c8a23f03134ee0fbd128497f1dbcf42ba3bc2108c013dbdadbb8b8b4f8e1da4d38f6467a237726090c32399514c87099fe5e143462081dda34a986817de71808ac8b682ca973731156648fd38f20d8c5f3b3bff004098d1e0633bced928b8b708ea94104a227f2591794c12f82b45141bba1333f7f12c5c7e84be6b1773cda0745ef788d54af51e1639c2b00cd6986e4bb32840ff5925fa1e1deecdda8287d47b9ce51afa81baa5d62dfc07fbf8c96ae842a6cf299b0182a11eca956e6506deb18e48b3a0f635b1dc352b4a238aa01fe9d0b3a79b6596b572331e22dbbc734a745761d7d38889ad03690f8ac7531dc09ba0bdcb525af1ba58165c436c1005330f7cc3b44e1ede21e736e767bc2939d1acd00487bb5175ab2ad3d77d0b9ba75d472ed672b02f90c49dc453925f22265e66cd5ff872e80d554c016efb6377dcf61bf0eb04c0f0b697278f9c1e8c10f601e36ca9fd3b2dbfab74f66df00488995217394ee05c9b8b2af03a00589b7add6d10a341e36abf81898576cc6856ecd4443d2fa8bcdd5a4d79812d5a95ae19e69de79d6280eff57738c42f4ca318086ae54c3e47aeb0691b17bee017cfd272efd2d3a5efb6a7476b5fb1986ec1d5254741c683318a63affaf1ec2c0497 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 5b3b40442fc61bf39d4ad414 |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- FsRtlIsNameInExpression
- PsGetProcessImageFileName
- ZwQueryInformationProcess
- __C_specific_handler
- strchr
- RtlAppendUnicodeToString
- KeInitializeSemaphore
- KeReleaseSemaphore
- KeWaitForSingleObject
- KeAcquireSpinLockRaiseToDpc
- KeReleaseSpinLock
- PsCreateSystemThread
- PsTerminateSystemThread
- ZwQueryInformationFile
- ZwWriteFile
- PsGetCurrentThreadId
- ZwDeleteFile
- _vsnprintf
- PsThreadType
- PsSetCreateProcessNotifyRoutine
- PsGetProcessSessionId
- RtlAppendUnicodeStringToString
- ZwDeleteValueKey
- ZwSetValueKey
- towupper
- RtlIntegerToUnicodeString
- KeInitializeEvent
- KeSetEvent
- KeAcquireSpinLockAtDpcLevel
- KeReleaseSpinLockFromDpcLevel
- MmProbeAndLockPages
- IoAllocateIrp
- IoAllocateMdl
- IofCallDriver
- IoFreeIrp
- IoFreeMdl
- IoGetDeviceObjectPointer
- IoGetRelatedDeviceObject
- ObCloseHandle
- ObfReferenceObject
- ZwSetInformationFile
- ZwReadFile
- ZwOpenSymbolicLinkObject
- ZwQuerySymbolicLinkObject
- IoCreateFileSpecifyDeviceObjectHint
- IoGetDeviceAttachmentBaseRef
- FsRtlGetFileSize
- ObQueryNameString
- IoFileObjectType
- KeReadStateEvent
- ExQueueWorkItem
- ExGetPreviousMode
- MmGetSystemRoutineAddress
- NtOpenProcess
- ZwCreateEvent
- ZwWaitForSingleObject
- ZwSetEvent
- NtQuerySystemInformation
- ExEventObjectType
- NtBuildNumber
- ZwDeleteKey
- ObReferenceObjectByName
- IoDriverObjectType
- MmIsDriverVerifying
- IofCompleteRequest
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- RtlSetDaclSecurityDescriptor
- MmMapLockedPagesSpecifyCache
- PsGetProcessId
- IoThreadToProcess
- PsGetCurrentProcessSessionId
- ZwTerminateProcess
- KeStackAttachProcess
- KeUnstackDetachProcess
- ZwOpenThread
- PsProcessType
- ExInterlockedInsertHeadList
- ExInterlockedRemoveHeadList
- CmRegisterCallback
- CmUnRegisterCallback
- RtlCreateRegistryKey
- ZwOpenKey
- ZwEnumerateKey
- ZwQueryKey
- ZwQueryValueKey
- RtlUnicodeStringToAnsiString
- RtlFreeAnsiString
- ProbeForWrite
- PsSetLoadImageNotifyRoutine
- PsRemoveLoadImageNotifyRoutine
- PsGetProcessSectionBaseAddress
- MmSystemRangeStart
- KeBugCheckEx
- PsLookupProcessByProcessId
- ZwOpenProcess
- PsGetCurrentProcessId
- RtlUpcaseUnicodeString
- RtlUpperString
- ZwClose
- ZwCreateFile
- ObfDereferenceObject
- ObReferenceObjectByHandle
- ProbeForRead
- ExFreePoolWithTag
- ExAllocatePoolWithTag
- KeDelayExecutionThread
- RtlGetVersion
- DbgPrint
- RtlCopyUnicodeString
- RtlInitUnicodeString
- wcsstr
- ZwQuerySystemInformation
- strstr
- FltSendMessage
- FltCloseCommunicationPort
- FltCreateCommunicationPort
- FltReleaseContext
- FltGetStreamHandleContext
- FltSetStreamHandleContext
- FltAllocateContext
- FltCancelFileOpen
- FltQueryInformationFile
- FltReadFile
- FltParseFileNameInformation
- FltReleaseFileNameInformation
- FltGetFileNameInformation
- FltFreePoolAlignedWithTag
- FltAllocatePoolAlignedWithTag
- FltStartFiltering
- FltUnregisterFilter
- FltRegisterFilter
- FltBuildDefaultSecurityDescriptor
Exported Functions
Expand
Sections
Expand
- .text
- .hook
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Signature": "8a60d49cf93c42e609a5fc51877e8caee77cdc7848d3db41a9556d186c795f8f20e825c3be29056670c4414f35dc24e538606c0b1404c9b751e1fad91e2c136a5970c3c0edbb5a2391c47bb1d2782ff673636c6ec7bc2a69d06011f07dc957039835f50b6d5f342e75e00564be8edc0035aa4ae92d412dd38f347abff1d8ec9059ef25af4f5d1e20d6c5b2a5e69c7cba53c0f88901f7db044f11724be5a04b0d689c4f4fccef40d4a654954b67d5ecacf272c48a3d81ac0056c1d252f42bb403291f674642bd001d99b3846f0270b070d1487ef42e939193c949feb162e29ca5ad41d8d195b8e8f6e4c8dd79c46f27b06f9e15906df8f8fd9a850ba28f169468",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=TR, L=Edirne, O=Zemana Ltd., CN=Zemana Ltd.",
"TBS": {
"MD5": "17e68f0650db3d4d698ef88ef963b47e",
"SHA1": "00162854ea07ea0a83aa941767277a5c3ab03c9d",
"SHA256": "7caefa120bfce12d33df6ed4ffefcb069a7290c90b378deca4ef2d66947eb18d",
"SHA384": "e26234d027fe70850cbb5efc9c4e61196cdaa00339a64d729c6d4a57bd04d148b16c00e2855b79979787a76f4b860a25"
},
"ValidFrom": "2014-12-16 00:00:00",
"ValidTo": "2017-12-20 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
"Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"TBS": {
"MD5": "829995f702421dea833a24fb2c7f4442",
"SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
"SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
"SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
},
"ValidFrom": "2011-02-11 12:00:00",
"ValidTo": "2026-02-10 12:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"SerialNumber": "0210230fd364b469091b8a4440145e18",
"Version": 1
}
],
"SignerInfo": ""
}
source
last_updated: 2026-04-23
