58509acb-50b4-41a0-9de3-76c571a459e3

msio32.sys :inline

Description

Confirmed vulnerable driver from Microsoft Block List

  • UUID: 58509acb-50b4-41a0-9de3-76c571a459e3
  • Created: 2023-07-22
  • Author: Michael Haag
  • Acknowledgement: |

DownloadBlock

Use CasePrivilegesOperating System
Elevate privilegeskernelWindows

Detections

YARA 🏹

Expand

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c

  • CVE

  • Known Vulnerable Samples

    PropertyValue
    Filename
    Creation Timestamp2018-02-12 00:57:28
    MD59c00a44418a8e719c0034f0d55802693
    SHA17478eb19b453f82ef99734b8aed1e0911aab9d55
    SHA256c7d4943ddac34e1a38692c624d799e634ad4c4e3ae7e3bb2ae4cf0d8eb8985bc
    Authentihash MD5d7acc8a58b2163f0b070d647e81c49fd
    Authentihash SHA10cb0fd5bea730e4eaaec1426b0c15376ccac6d83
    Authentihash SHA2560d0962db9dc6879067270134801ad425c1f3e85b0dc39877c02aaa9c54aca14e
    RichPEHeaderHash MD5d1c5b39e151846c2dcb30d3116cba10d
    RichPEHeaderHash SHA1ef12b9e4550f27b0c74b09f9f6c4e1cfa6d757f7
    RichPEHeaderHash SHA256ace4fba2c26bcc6e806e2ad3abec8dd0852907ccd429053608e3c639a514d1bc

    Download

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • ObfDereferenceObject
    • ZwUnmapViewOfSection
    • IofCompleteRequest
    • MmAllocateNonCachedMemory
    • MmFreeNonCachedMemory
    • Ke386SetIoAccessMap
    • ZwOpenSection
    • IoGetCurrentProcess
    • IoCreateSymbolicLink
    • IoCreateDevice
    • KeTickCount
    • ObReferenceObjectByHandle
    • ZwMapViewOfSection
    • ZwClose
    • DbgPrint
    • RtlInitUnicodeString
    • IoDeleteSymbolicLink
    • Ke386IoSetAccessProcess
    • IoDeleteDevice
    • WRITE_PORT_USHORT
    • WRITE_PORT_UCHAR
    • READ_PORT_ULONG
    • READ_PORT_USHORT
    • READ_PORT_UCHAR
    • HalTranslateBusAddress
    • WRITE_PORT_ULONG

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • INIT
    • .reloc

    Signature

    Expand

    source

    last_updated: 2024-09-26