705facba-b595-41dd-86a6-93aefe6a6234
titidrv.sys
Description
Confirmed vulnerable driver from Microsoft Block List
Use Case | Privileges | Operating System |
---|---|---|
Elevate privileges | kernel | Windows |
Detections
YARA 🏹
Expand
Resources
CVE
Known Vulnerable Samples
Property | Value |
---|---|
Filename | |
Creation Timestamp | 2017-12-03 13:13:32 |
MD5 | 79e368a81e3a7ae8a5d2db97dd5138e2 |
SHA1 | c8d520d4ce717c17f4d9aaedc5b0070f94955c12 |
SHA256 | 208ea38734979aa2c86332eba1ea5269999227077ff110ac0a0d411073165f85 |
Authentihash MD5 | dbb48a1b8fa3673466b53c6f16f2eddf |
Authentihash SHA1 | af1f5823b678666b85c23a2e5280c1ce3924917c |
Authentihash SHA256 | 7afdb552a7fa25dd716fe3a55c988a59d120e78f9ee95067f31901f51987ab8d |
RichPEHeaderHash MD5 | d45d2640e1584c776a1d10e5f695d7ad |
RichPEHeaderHash SHA1 | fef88c261764494d9a145b37b7739f3454786729 |
RichPEHeaderHash SHA256 | 213d9812b1847d0b21caf20daa3a64bfee117ab009b64cfaf1d536fa6fe56707 |
Company | genitlkiwi (Benjamin XXXXX) |
Description | titidrv for Windows (titicatz) |
Product | titidrv (titicatz) |
OriginalFilename | titidrv.sys |
Certificates
Expand
Certificate 0400000000012f4ee1355c
Field | Value |
---|---|
ToBeSigned (TBS) MD5 | f6a9e8eb8784f3f694b4e353c08a0ff5 |
ToBeSigned (TBS) SHA1 | 589a7d4df869395601ba7538a65afae8c4616385 |
ToBeSigned (TBS) SHA256 | cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4 |
Subject | C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2 |
ValidFrom | 2011-04-13 10:00:00 |
ValidTo | 2019-04-13 10:00:00 |
Signature | 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24 |
SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
IsCertificateAuthority | True |
SerialNumber | 0400000000012f4ee1355c |
Version | 3 |
Certificate 112169417a1c3ef46a301f99385f50680fa0
Field | Value |
---|---|
ToBeSigned (TBS) MD5 | ee0a53dda8301d1e78bd5487f1d49bf4 |
ToBeSigned (TBS) SHA1 | 5538f8cd492c2ec8d581f3665d2b4217c86fa19a |
ToBeSigned (TBS) SHA256 | a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb |
Subject | C=FR, CN=Benjamin Delpy |
ValidFrom | 2011-06-28 09:46:16 |
ValidTo | 2014-06-28 09:46:16 |
Signature | 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8 |
SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
IsCertificateAuthority | False |
SerialNumber | 112169417a1c3ef46a301f99385f50680fa0 |
Version | 3 |
Certificate 610b7f6b000000000019
Field | Value |
---|---|
ToBeSigned (TBS) MD5 | 4798d55be7663a75649cda4dedc686ef |
ToBeSigned (TBS) SHA1 | 0f1ab2937b245d9466ea6f9bf056a5942e3989cf |
ToBeSigned (TBS) SHA256 | ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1 |
Subject | C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA |
ValidFrom | 2006-05-23 17:00:51 |
ValidTo | 2016-05-23 17:10:51 |
Signature | 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461 |
SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
IsCertificateAuthority | True |
SerialNumber | 610b7f6b000000000019 |
Version | 3 |
Imports
Expand
- ntoskrnl.exe
- FLTMGR.SYS
Imported Functions
Expand
- KeBugCheck
- IofCompleteRequest
- IoCreateSymbolicLink
- IoCreateDevice
- PsProcessType
- PsGetProcessImageFileName
- PsLookupProcessByProcessId
- PsReferencePrimaryToken
- ZwOpenProcessTokenEx
- IoGetCurrentProcess
- ZwSetInformationProcess
- ZwClose
- ZwDuplicateToken
- PsInitialSystemProcess
- _vsnwprintf
- ObfDereferenceObject
- ObOpenObjectByPointer
- PsGetProcessId
- PsDereferencePrimaryToken
- ExAllocatePoolWithTag
- ExFreePoolWithTag
- IoFreeMdl
- MmProbeAndLockPages
- MmUnlockPages
- IoAllocateMdl
- ZwUnloadKey
- IoEnumerateRegisteredFiltersList
- KeBugCheckEx
- MmGetSystemRoutineAddress
- IoDeleteDevice
- RtlInitUnicodeString
- NtBuildNumber
- RtlCompareMemory
- IoDeleteSymbolicLink
- PsGetVersion
- ExAllocatePoolWithQuotaTag
- ZwQuerySystemInformation
- RtlUnwindEx
- FltGetFilterInformation
- FltEnumerateInstances
- FltEnumerateFilters
- FltObjectDereference
- FltGetVolumeFromInstance
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- PAGE
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "0400000000012f4ee1355c",
"Signature": "225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
"TBS": {
"MD5": "f6a9e8eb8784f3f694b4e353c08a0ff5",
"SHA1": "589a7d4df869395601ba7538a65afae8c4616385",
"SHA256": "cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4",
"SHA384": "dcec542f242317863d0b3d23947e17d6982e381003831777b07ed75b46fb18bd0392a89c9beb6862981cd05f3f2fb77b"
},
"ValidFrom": "2011-04-13 10:00:00",
"ValidTo": "2019-04-13 10:00:00",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
"Signature": "7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=FR, CN=Benjamin Delpy",
"TBS": {
"MD5": "ee0a53dda8301d1e78bd5487f1d49bf4",
"SHA1": "5538f8cd492c2ec8d581f3665d2b4217c86fa19a",
"SHA256": "a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb",
"SHA384": "4d4d34b092fe3ed154a156e89c561e8a57082e207ff3d89025574e6fb05922465d3347141710b408259c73e7a0e889ca"
},
"ValidFrom": "2011-06-28 09:46:16",
"ValidTo": "2014-06-28 09:46:16",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "610b7f6b000000000019",
"Signature": "13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA",
"TBS": {
"MD5": "4798d55be7663a75649cda4dedc686ef",
"SHA1": "0f1ab2937b245d9466ea6f9bf056a5942e3989cf",
"SHA256": "ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1",
"SHA384": "6e7450a139856aeda6fa6284ff89b3752a9b646e096b4d33dd7e8e727742a2111481531581c0aa2cda0338e22cfdbad3"
},
"ValidFrom": "2006-05-23 17:00:51",
"ValidTo": "2016-05-23 17:10:51",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2",
"SerialNumber": "112169417a1c3ef46a301f99385f50680fa0",
"Version": 1
}
],
"SignerInfo": ""
}
last_updated: 2024-09-26