Exetools - View Single Post

CodeCracker · #23 11-15-2024, 01:04

signtool.exe sign -a -f current_cert.pfx -p nv1d1aRules -t http://timestamp.verisign.com/scripts/timstamp.dll %1

signtool.exe sign -a -f current_cert.pfx -p nv1d1aRules -t http://timestamp.sectigo.com file.sys

capicom.dll
726BD80A . /75 07 JNZ SHORT 726BD813 ; capicom.726BD813
726BD80C . |BE 53028880 MOV ESI,0x80880253
726BD811 .^|EB AF JMP SHORT 726BD7C2 ; capicom.726BD7C2
726BD813 > \8D45 E0 LEA EAX,DWORD PTR SS:[EBP-0x20]

726BD3CE |> \FF76 0C PUSH DWORD PTR DS:[ESI+0xC]
726BD3D1 |. 57 PUSH EDI
726BD3D2 |. FF15 C0106972 CALL DWORD PTR DS:[0x726910C0] ; CRYPT32.CertVerifyTimeValidity
726BD3D8 |. 85C0 TEST EAX,EAX
726BD3DA |. 74 05 JE SHORT 726BD3E1 ; capicom.726BD3E1
726BD3DC |. BF 01010B80 MOV EDI,0x800B0101
726BD3E1 |> 8BC7 MOV EAX,EDI
726BD3E3 |. 5F POP EDI
726BD3E4 |. 5E POP ESI
726BD3E5 |. C9 LEAVE
726BD3E6 \. C2 0800 RETN 0x8

I also noticed the presence of:
C:\pp2\COPP\Cert\Win8_64\
nvDrvCert.crt
nvDrvCert.dat
nvDrvCert.prv
nvDrvCert.pub

what are those?

The Following User Says Thank You to CodeCracker For This Useful Post:
niculaita (11-19-2024)