Guys, I hate to break it to ya, but this is not going to work.
The vulnerability you discuss here is related to the "Flame" malware. Flame exploits the fact the the OS still accepts certs with an MD5 hash. Though the MD5 hash algorithm has been compromised years ago, finding a real hash-collision is still extremely hard. Only the best crypto-analists with the best computers can do this. The vulnerability in the MD5 algorithm was actually more a theory and it was published back then.
The hash-collision that was made in the Flame malware was a new type op hash-collision, that has not been seem before. It was not based on the theory that had already been published. So that means that some pretty smart crypto-analysts must have worked on this in secret and with criminal intentions. An d they succeeded. Nothing about this is public knowledge.
So the infected system do not contain this information either. An infected system only has the PUBLIC key, on it. And it is a legit MSFT key. The point is that the malware was signed with a PRIVATE key, which has the collisioned hash. And the private key is only in the hands of those criminals. Just as the legit Private Keys are only in the hands of Microsoft.
WP7 is also affected by this, in theory, because WP7 also accepts binaries, that are signed by certificates from this certificate-chain. But to run binaries in WP7 you also need to get past the whole policy-engine too. So, in practice, WP7 is not vulnerable.
You won't find that private key on the internet. So, I guess that ends it here.
For more info, look here:
https://www.google.com/search?sclient=psy-ab&q="flame"+"certificate"+"collision"&oq="flame"+"certificate"+"collision"
Ciao,
Heathcliff74