Description
kprocesshacker.sys is a vulnerable driver and more information will be added as found.
- UUID: edd29861-6984-4dbe-8e7c-22e9b6cf68d0
- Created: 2023-01-09
- Author: Michael Haag
- Acknowledgement: |
Download
This download link contains the vulnerable driver!
Commands
sc.exe create krpocesshacker.sys binPath=C:\windows\temp\krpocesshacker.sys type=kernel && sc.exe start krpocesshacker.sys
| Use Case | Privileges | Operating System |
|---|
| Elevate privileges | kernel | Windows 10 |
Detections
Sigma 🛡️
Expand
Names
detects loading using name only
Hashes
detects loading using hashes only
Resources
https://www.unknowncheats.me/forum/anti-cheat-bypass/334557-vulnerable-driver-megathread.htmlhttps://www.unknowncheats.me/forum/anti-cheat-bypass/312791-bypaph-process-hackers-bypass-read-write-process-virtual-memory-kernel-mem.html#post2315763https://github.com/elastic/protections-artifacts/search?q=VulnDriverKnown Vulnerable Samples
Download
Certificates
Expand
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 03019a023aff58b16bd6d5eae617f066
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a752afee44f017e8d74e3f3eb7914ae3 |
| ToBeSigned (TBS) SHA1 | 8eca80a6b80e9c69dcef7745748524afb8019e2d |
| ToBeSigned (TBS) SHA256 | 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1 |
| Subject | C=US, O=DigiCert, CN=DigiCert Timestamp Responder |
| ValidFrom | 2014-10-22 00:00:00 |
| ValidTo | 2024-10-22 00:00:00 |
| Signature | 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 03019a023aff58b16bd6d5eae617f066 |
| Version | 3 |
Certificate 03e9017d54cd93f094d0a2ab7fc0e3f5
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | edebe2eab71887f7571e5c501cf8b745 |
| ToBeSigned (TBS) SHA1 | 9b039c3cc8d41568351b37628c8dd682b36872e4 |
| ToBeSigned (TBS) SHA256 | d6bc8ae81688ac5660ff3b1a337a63edb4c86b6eac8af9dc77f361c820bc7a82 |
| Subject | C=AU, ST=New South Wales, L=Sydney, O=Wen Jia Liu, CN=Wen Jia Liu |
| ValidFrom | 2013-10-30 00:00:00 |
| ValidTo | 2015-11-04 12:00:00 |
| Signature | bbc031b3dd6b1c6ebec77b8dc1ecfa938149c64e0c959e5857db5c28ef549ddf0be920ccb7ec515aaeb180a28d64a1f4065d38cb997db59295f123851392903c673ed6d1db930ec1618add9989f0f1fc8d06ec5a945242cd7432d6838e33b4c3e4784e754b64dce078686ab2e6626848ff7dcd6fb7efebffdfdad1eefc1e98f9c338ff2565f05039176b24148a841614635157da5f61a17bbd6d479815714e8d3067f0320d5e8bfaa6e35731804925df9b85ba32c0d9f4ccd484d6d1b279bad0ef22b0da375826ea2e119d5c848d9a9275b93abb084c02af9f1b46c5357652f113f556fdb9d1900223341503f4e89b98bae134f7cc9d6409fcf72d2c746c714a |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 03e9017d54cd93f094d0a2ab7fc0e3f5 |
| Version | 3 |
Certificate 02c4d1e58a4a680c568da3047e7e4d5f
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 829995f702421dea833a24fb2c7f4442 |
| ToBeSigned (TBS) SHA1 | 1d7e838accd498c2e5ba9373af819ec097bb955c |
| ToBeSigned (TBS) SHA256 | 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1 |
| ValidFrom | 2011-02-11 12:00:00 |
| ValidTo | 2026-02-10 12:00:00 |
| Signature | 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 02c4d1e58a4a680c568da3047e7e4d5f |
| Version | 3 |
Certificate 06fdf9039603adea000aeb3f27bbba1b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 4e5ad189638cf52ba9cd881d4d44668c |
| ToBeSigned (TBS) SHA1 | cdc115e98d798b33904c820d63cc1e1afc19251d |
| ToBeSigned (TBS) SHA256 | 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1 |
| ValidFrom | 2006-11-10 00:00:00 |
| ValidTo | 2021-11-10 00:00:00 |
| Signature | 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 06fdf9039603adea000aeb3f27bbba1b |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- ExAllocatePoolWithTag
- ExFreePoolWithTag
- RtlInitUnicodeString
- IoDeleteDevice
- ProbeForWrite
- ZwQuerySystemInformation
- ZwQueryValueKey
- ZwClose
- IofCompleteRequest
- PsGetCurrentProcessId
- IoCreateDevice
- SePrivilegeCheck
- ZwOpenKey
- ProbeForRead
- RtlGetVersion
- RtlCompareMemory
- MmGetSystemRoutineAddress
- PsProcessType
- ObOpenObjectByName
- ZwQueryObject
- RtlEqualUnicodeString
- KeUnstackDetachProcess
- ExEnumHandleTable
- ObQueryNameString
- IoFileObjectType
- IoDriverObjectType
- IoGetCurrentProcess
- ObReferenceObjectByHandle
- ObCloseHandle
- PsInitialSystemProcess
- ObSetHandleAttributes
- ZwQueryInformationProcess
- ObfDereferenceObject
- ExAllocatePoolWithQuotaTag
- ZwQueryInformationThread
- ObOpenObjectByPointer
- KeStackAttachProcess
- ExAcquireRundownProtection
- PsLookupProcessByProcessId
- PsJobType
- PsReferencePrimaryToken
- SeTokenObjectType
- ExReleaseRundownProtection
- ZwSetInformationProcess
- PsGetProcessJob
- PsLookupProcessThreadByCid
- ZwTerminateProcess
- PsDereferencePrimaryToken
- IoThreadToProcess
- RtlWalkFrameChain
- KeInitializeApc
- KeSetEvent
- KeInsertQueueApc
- KeInitializeEvent
- PsSetContextThread
- PsGetThreadWin32Thread
- ZwSetInformationThread
- KeWaitForSingleObject
- PsThreadType
- PsAssignImpersonationToken
- PsGetContextThread
- PsLookupThreadByThreadId
- MmUnmapLockedPages
- ExRaiseStatus
- MmHighestUserAddress
- MmMapLockedPagesSpecifyCache
- MmProbeAndLockPages
- MmUnlockPages
- MmIsAddressValid
- KeBugCheckEx
- __C_specific_handler
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- PAGE
- INIT
- .rsrc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "03019a023aff58b16bd6d5eae617f066",
"Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
"TBS": {
"MD5": "a752afee44f017e8d74e3f3eb7914ae3",
"SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
"SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
"SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
},
"ValidFrom": "2014-10-22 00:00:00",
"ValidTo": "2024-10-22 00:00:00",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "03e9017d54cd93f094d0a2ab7fc0e3f5",
"Signature": "bbc031b3dd6b1c6ebec77b8dc1ecfa938149c64e0c959e5857db5c28ef549ddf0be920ccb7ec515aaeb180a28d64a1f4065d38cb997db59295f123851392903c673ed6d1db930ec1618add9989f0f1fc8d06ec5a945242cd7432d6838e33b4c3e4784e754b64dce078686ab2e6626848ff7dcd6fb7efebffdfdad1eefc1e98f9c338ff2565f05039176b24148a841614635157da5f61a17bbd6d479815714e8d3067f0320d5e8bfaa6e35731804925df9b85ba32c0d9f4ccd484d6d1b279bad0ef22b0da375826ea2e119d5c848d9a9275b93abb084c02af9f1b46c5357652f113f556fdb9d1900223341503f4e89b98bae134f7cc9d6409fcf72d2c746c714a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=AU, ST=New South Wales, L=Sydney, O=Wen Jia Liu, CN=Wen Jia Liu",
"TBS": {
"MD5": "edebe2eab71887f7571e5c501cf8b745",
"SHA1": "9b039c3cc8d41568351b37628c8dd682b36872e4",
"SHA256": "d6bc8ae81688ac5660ff3b1a337a63edb4c86b6eac8af9dc77f361c820bc7a82",
"SHA384": "a7728722407d4cab35d1e851b050c4c9614f5a66b47352b270c76bfea92b8002c7859c02b5fa1ef0773eb3a73f0a37dc"
},
"ValidFrom": "2013-10-30 00:00:00",
"ValidTo": "2015-11-04 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
"Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"TBS": {
"MD5": "829995f702421dea833a24fb2c7f4442",
"SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
"SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
"SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
},
"ValidFrom": "2011-02-11 12:00:00",
"ValidTo": "2026-02-10 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
"Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
"TBS": {
"MD5": "4e5ad189638cf52ba9cd881d4d44668c",
"SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
"SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
"SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
},
"ValidFrom": "2006-11-10 00:00:00",
"ValidTo": "2021-11-10 00:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"SerialNumber": "03e9017d54cd93f094d0a2ab7fc0e3f5",
"Version": 1
}
],
"SignerInfo": ""
}
Download
Certificates
Expand
Certificate 0ff1ef66bd621c65b74b4de41425717f
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 757eb14413aba2d993b15943483df3b8 |
| ToBeSigned (TBS) SHA1 | 69f7d9ce7728f0a25643d4da3774704c699718b5 |
| ToBeSigned (TBS) SHA256 | f57d1b370f6a90ced8f5776d31549223448aad3486f777b0ccfa812ea3ed55fe |
| Subject | C=AU, ST=New South Wales, L=Sydney, O=Wen Jia Liu, CN=Wen Jia Liu |
| ValidFrom | 2013-10-30 00:00:00 |
| ValidTo | 2017-01-04 12:00:00 |
| Signature | 88f1598a6a8a6c4904646770021476573d57c2f9cb88786e823a6312f7c90b578b1316b069d7670f8c5a59386aa72defedeb4187b9e58199c3c2c805b056622022c294ac38e14d5e66a7a77a4524b893fac245341155abf301ae41c91918705d4c9c291e671cea6b9c77dbede85379866ea935ddda4f28e2954a30251d1e0696bd21c948de0d4201487fb7b35faa308b78cfc81a7d51979a5c0d1fe41fc55cddffd0039e6cf49b497cbe7dc15d492da007906accf14a601e1814334045b45198650b317d09653182dd78daccef4964c457cf6d15a7b79fbf0b732ae0ac45cfba627afb622dfe9dc18064c21411f0464ede145be82db7c5124488044547eb2022 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0ff1ef66bd621c65b74b4de41425717f |
| Version | 3 |
Certificate 61204db4000000000027
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 03019a023aff58b16bd6d5eae617f066
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | a752afee44f017e8d74e3f3eb7914ae3 |
| ToBeSigned (TBS) SHA1 | 8eca80a6b80e9c69dcef7745748524afb8019e2d |
| ToBeSigned (TBS) SHA256 | 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1 |
| Subject | C=US, O=DigiCert, CN=DigiCert Timestamp Responder |
| ValidFrom | 2014-10-22 00:00:00 |
| ValidTo | 2024-10-22 00:00:00 |
| Signature | 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 03019a023aff58b16bd6d5eae617f066 |
| Version | 3 |
Certificate 02c4d1e58a4a680c568da3047e7e4d5f
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 829995f702421dea833a24fb2c7f4442 |
| ToBeSigned (TBS) SHA1 | 1d7e838accd498c2e5ba9373af819ec097bb955c |
| ToBeSigned (TBS) SHA256 | 92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1 |
| ValidFrom | 2011-02-11 12:00:00 |
| ValidTo | 2026-02-10 12:00:00 |
| Signature | 49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 02c4d1e58a4a680c568da3047e7e4d5f |
| Version | 3 |
Certificate 06fdf9039603adea000aeb3f27bbba1b
| Field | Value |
|---|
| ToBeSigned (TBS) MD5 | 4e5ad189638cf52ba9cd881d4d44668c |
| ToBeSigned (TBS) SHA1 | cdc115e98d798b33904c820d63cc1e1afc19251d |
| ToBeSigned (TBS) SHA256 | 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1 |
| ValidFrom | 2006-11-10 00:00:00 |
| ValidTo | 2021-11-10 00:00:00 |
| Signature | 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 06fdf9039603adea000aeb3f27bbba1b |
| Version | 3 |
Imports
Expand
Imported Functions
Expand
- SePrivilegeCheck
- ZwOpenKey
- ProbeForRead
- RtlGetVersion
- PsProcessType
- ObOpenObjectByName
- ObGetObjectType
- PsReleaseProcessExitSynchronization
- ZwQueryObject
- RtlEqualUnicodeString
- KeUnstackDetachProcess
- ExEnumHandleTable
- ObQueryNameString
- IoFileObjectType
- IoDriverObjectType
- ExfUnblockPushLock
- ObReferenceObjectByHandle
- PsAcquireProcessExitSynchronization
- PsInitialSystemProcess
- ObSetHandleAttributes
- ZwQueryInformationProcess
- ObfDereferenceObject
- ExAllocatePoolWithQuotaTag
- ZwQueryInformationThread
- ObOpenObjectByPointer
- KeStackAttachProcess
- PsLookupProcessByProcessId
- PsJobType
- PsReferencePrimaryToken
- SeTokenObjectType
- IoCreateDevice
- PsGetProcessJob
- PsLookupProcessThreadByCid
- ZwTerminateProcess
- PsDereferencePrimaryToken
- IoThreadToProcess
- RtlWalkFrameChain
- KeInitializeApc
- KeSetEvent
- KeInsertQueueApc
- KeWaitForSingleObject
- PsThreadType
- PsLookupThreadByThreadId
- ZwQuerySystemInformation
- ZwQueryVirtualMemory
- ExReleaseFastMutex
- ExAcquireFastMutex
- ZwReadFile
- MmHighestUserAddress
- SeLocateProcessImageName
- KeDelayExecutionThread
- ZwCreateFile
- RtlRandomEx
- ZwQueryInformationFile
- MmUnmapLockedPages
- ExRaiseStatus
- MmMapLockedPagesSpecifyCache
- MmProbeAndLockPages
- MmUnlockPages
- MmIsAddressValid
- KeBugCheckEx
- PsGetCurrentProcessId
- IofCompleteRequest
- ZwClose
- ZwQueryValueKey
- KeInitializeEvent
- ProbeForWrite
- IoDeleteDevice
- RtlInitUnicodeString
- ExFreePoolWithTag
- IoGetCurrentProcess
- ExAllocatePoolWithTag
- __C_specific_handler
- BCryptCreateHash
- BCryptDestroyKey
- BCryptImportKeyPair
- BCryptCloseAlgorithmProvider
- BCryptVerifySignature
- BCryptFinishHash
- BCryptHashData
- BCryptDestroyHash
- BCryptOpenAlgorithmProvider
- BCryptGetProperty
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- PAGE
- INIT
- .rsrc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "03019a023aff58b16bd6d5eae617f066",
"Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
"TBS": {
"MD5": "a752afee44f017e8d74e3f3eb7914ae3",
"SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
"SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
"SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
},
"ValidFrom": "2014-10-22 00:00:00",
"ValidTo": "2024-10-22 00:00:00",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "03e9017d54cd93f094d0a2ab7fc0e3f5",
"Signature": "bbc031b3dd6b1c6ebec77b8dc1ecfa938149c64e0c959e5857db5c28ef549ddf0be920ccb7ec515aaeb180a28d64a1f4065d38cb997db59295f123851392903c673ed6d1db930ec1618add9989f0f1fc8d06ec5a945242cd7432d6838e33b4c3e4784e754b64dce078686ab2e6626848ff7dcd6fb7efebffdfdad1eefc1e98f9c338ff2565f05039176b24148a841614635157da5f61a17bbd6d479815714e8d3067f0320d5e8bfaa6e35731804925df9b85ba32c0d9f4ccd484d6d1b279bad0ef22b0da375826ea2e119d5c848d9a9275b93abb084c02af9f1b46c5357652f113f556fdb9d1900223341503f4e89b98bae134f7cc9d6409fcf72d2c746c714a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=AU, ST=New South Wales, L=Sydney, O=Wen Jia Liu, CN=Wen Jia Liu",
"TBS": {
"MD5": "edebe2eab71887f7571e5c501cf8b745",
"SHA1": "9b039c3cc8d41568351b37628c8dd682b36872e4",
"SHA256": "d6bc8ae81688ac5660ff3b1a337a63edb4c86b6eac8af9dc77f361c820bc7a82",
"SHA384": "a7728722407d4cab35d1e851b050c4c9614f5a66b47352b270c76bfea92b8002c7859c02b5fa1ef0773eb3a73f0a37dc"
},
"ValidFrom": "2013-10-30 00:00:00",
"ValidTo": "2015-11-04 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "02c4d1e58a4a680c568da3047e7e4d5f",
"Signature": "49eb7c60beaeefc97cb3c5ba4b64df1669e286fa29d9de98857d406626332f4455aaaa90e935700a34bed3ae542e8e6500d67a32203e6c26b898a939b1bc95c7aae9f5ee4666c6b3e812f8b3979dff74588234997550ac448fe892ce7d8b0f3196c7dcd31130987416c6e56b4576a39401cd33007a48f66f8631c9562b3322d5f801b644ce8cb4ca88d2e416e3e7f6e23ee109c09d7943437f555c05ad9310c62c0d6bc09eea78e5d277d6b8da9a987fba4c922b9dbda488b1ddafc34cd2979b03c6ae5f1b440f333715e3cbff2f56d316a45b55679da2cadb346c0c734ab57ba4b6b3e935027870ec007acbfc4b4f2236bb1484c98f91dd0f3c758cca0b88e7",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"TBS": {
"MD5": "829995f702421dea833a24fb2c7f4442",
"SHA1": "1d7e838accd498c2e5ba9373af819ec097bb955c",
"SHA256": "92914d016cc46e125e50c4bd0bd7f72db87eed4ba68f3c589b4e86aa563108db",
"SHA384": "dbb72e38c3bc17b08aa00535ebd48502058ce6ecfd24bd4dd45c7b33e3d523510a4a649d86dfc77436c58754bd0754ea"
},
"ValidFrom": "2011-02-11 12:00:00",
"ValidTo": "2026-02-10 12:00:00",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
"Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
"TBS": {
"MD5": "4e5ad189638cf52ba9cd881d4d44668c",
"SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
"SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
"SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
},
"ValidFrom": "2006-11-10 00:00:00",
"ValidTo": "2021-11-10 00:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance Code Signing CA,1",
"SerialNumber": "03e9017d54cd93f094d0a2ab7fc0e3f5",
"Version": 1
}
],
"SignerInfo": ""
}
source
last_updated: 2024-04-09
