998ed67c-9c20-46ef-a6ba-abc606b540b9

rtkiow8x64.sys :inline :inline

Description

Confirmed vulnerable driver from Microsoft Block List

  • UUID: 998ed67c-9c20-46ef-a6ba-abc606b540b9
  • Created: 2023-07-22
  • Author: Michael Haag
  • Acknowledgement: |

DownloadBlock

Use CasePrivilegesOperating System
Elevate privilegeskernelWindows

Detections

YARA 🏹

Expand

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c

    • CVE

    • Known Vulnerable Samples

    PropertyValue
    Filename
    Creation Timestamp2020-07-09 03:28:49
    MD5480f2ca1679056019dbc8abece3fa3cb
    SHA198ceed786f79288becc08c3b82c57e8d4bfa1bca
    SHA256b205835b818d8a50903cf76936fcf8160060762725bd74a523320cfbd091c038
    Authentihash MD520a4f355e1fcd46af497d46edcd2c092
    Authentihash SHA199afa3bb2fc89de858bc705495ec51f0571bc767
    Authentihash SHA256516f0bbbc1b47ec2d83cc51be104920899193e2784a45b835fe68f864af1733b
    RichPEHeaderHash MD5cd1e23f2655cfcbe9a7cc179aa127afe
    RichPEHeaderHash SHA1686481f672f39383cdea14b1d7976b97eb3020ed
    RichPEHeaderHash SHA2566a7198e2cf3b0e2d52587a6995559794e6191593e34509a4faa8fe9282c11959
    CompanyRealtek
    DescriptionRealtek IO Driver
    ProductRealtek IO Driver
    OriginalFilenamertkiow8x64.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 04df4d56733ae38d598ea004dd2d9c51
    FieldValue
    ToBeSigned (TBS) MD5d969341c77d84b74180d7c0bbd1758f7
    ToBeSigned (TBS) SHA113ff0fcb6faef6cc0d764891fd83ff75b222a2b0
    ToBeSigned (TBS) SHA2568cc799dc0170de639334d3a3112d2d2b8629fdc98844cb4d6d6c6dc0776bb8fe
    Subject??=TW, ??=Private Organization, serialNumber=22671299, C=TW, L=HSINCHU, O=Realtek Semiconductor Corp., CN=Realtek Semiconductor Corp.
    ValidFrom2020-01-09 00:00:00
    ValidTo2020-09-15 12:00:00
    Signature622ab6660f0bb6b692dbbfe701f462a2f59e43a039ed1bf699a2e55c1871b0d24036819d02f456b8b5903628c5cf7094cd138332eed3e985232c30c7b3bb7c0640f06bb230d5c1eccd4e13d2377c168df20895c77a8c87b44c6200f6f06bc3bc40b285efa3f855f75c7ff3518dfb299c638b5d560fb94d3e97eea3a29a7524a0c1192311571fd06905346264c6d6c8336e08cb34d9ee7440677b92aa061981364db6bb67b4d3479041e85c7b4e31e009f3d315b75c6c50d8cefe6b63475ac598505235fe9c5f69bee61d70940d47ac10a760e3eac26e268f21508b5e567e6d92c5b1ba9b1de5ebc9da9ac472d6ca33dae12b01fca6113e6e8082bd00a3a33840
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber04df4d56733ae38d598ea004dd2d9c51
    Version3
    Certificate 03019a023aff58b16bd6d5eae617f066
    FieldValue
    ToBeSigned (TBS) MD5a752afee44f017e8d74e3f3eb7914ae3
    ToBeSigned (TBS) SHA18eca80a6b80e9c69dcef7745748524afb8019e2d
    ToBeSigned (TBS) SHA25682560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1
    SubjectC=US, O=DigiCert, CN=DigiCert Timestamp Responder
    ValidFrom2014-10-22 00:00:00
    ValidTo2024-10-22 00:00:00
    Signature9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber03019a023aff58b16bd6d5eae617f066
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3
    Certificate 06fdf9039603adea000aeb3f27bbba1b
    FieldValue
    ToBeSigned (TBS) MD54e5ad189638cf52ba9cd881d4d44668c
    ToBeSigned (TBS) SHA1cdc115e98d798b33904c820d63cc1e1afc19251d
    ToBeSigned (TBS) SHA25637560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1
    ValidFrom2006-11-10 00:00:00
    ValidTo2021-11-10 00:00:00
    Signature46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber06fdf9039603adea000aeb3f27bbba1b
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • KfRaiseIrql
    • MmMapIoSpace
    • MmUnmapIoSpace
    • RtlInitUnicodeString
    • MmGetSystemRoutineAddress
    • KeSetSystemAffinityThreadEx
    • KeQueryActiveProcessors
    • ExAllocatePoolWithTag
    • ExFreePoolWithTag
    • ExCreateCallback
    • ExRegisterCallback
    • ExUnregisterCallback
    • MmBuildMdlForNonPagedPool
    • MmMapLockedPagesSpecifyCache
    • KeLowerIrql
    • IoAllocateMdl
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • IoDeleteSymbolicLink
    • IoFreeMdl
    • IoRegisterShutdownNotification
    • IoUnregisterShutdownNotification
    • IoWMIRegistrationControl
    • ObfDereferenceObject
    • ZwClose
    • ZwOpenKey
    • ZwQueryValueKey
    • __C_specific_handler
    • ZwCreateKey
    • MmUnmapLockedPages
    • _vsnprintf
    • ZwSetSecurityObject
    • IoDeviceObjectType
    • IoCreateDevice
    • ObOpenObjectByPointer
    • RtlGetDaclSecurityDescriptor
    • RtlGetGroupSecurityDescriptor
    • RtlGetOwnerSecurityDescriptor
    • RtlGetSaclSecurityDescriptor
    • SeCaptureSecurityDescriptor
    • _snwprintf
    • RtlLengthSecurityDescriptor
    • SeExports
    • RtlCreateSecurityDescriptor
    • _wcsnicmp
    • wcschr
    • RtlAbsoluteToSelfRelativeSD
    • RtlAddAccessAllowedAce
    • RtlLengthSid
    • IoIsWdmVersionAvailable
    • RtlSetDaclSecurityDescriptor
    • ZwSetValueKey
    • RtlFreeUnicodeString
    • KeStallExecutionProcessor

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
  "Certificates": [
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "61204db4000000000027",
      "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
      "TBS": {
        "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
        "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
        "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
        "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
      },
      "ValidFrom": "2011-04-15 19:45:33",
      "ValidTo": "2021-04-15 19:55:33",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "04df4d56733ae38d598ea004dd2d9c51",
      "Signature": "622ab6660f0bb6b692dbbfe701f462a2f59e43a039ed1bf699a2e55c1871b0d24036819d02f456b8b5903628c5cf7094cd138332eed3e985232c30c7b3bb7c0640f06bb230d5c1eccd4e13d2377c168df20895c77a8c87b44c6200f6f06bc3bc40b285efa3f855f75c7ff3518dfb299c638b5d560fb94d3e97eea3a29a7524a0c1192311571fd06905346264c6d6c8336e08cb34d9ee7440677b92aa061981364db6bb67b4d3479041e85c7b4e31e009f3d315b75c6c50d8cefe6b63475ac598505235fe9c5f69bee61d70940d47ac10a760e3eac26e268f21508b5e567e6d92c5b1ba9b1de5ebc9da9ac472d6ca33dae12b01fca6113e6e8082bd00a3a33840",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "??=TW, ??=Private Organization, serialNumber=22671299, C=TW, L=HSINCHU, O=Realtek Semiconductor Corp., CN=Realtek Semiconductor Corp.",
      "TBS": {
        "MD5": "d969341c77d84b74180d7c0bbd1758f7",
        "SHA1": "13ff0fcb6faef6cc0d764891fd83ff75b222a2b0",
        "SHA256": "8cc799dc0170de639334d3a3112d2d2b8629fdc98844cb4d6d6c6dc0776bb8fe",
        "SHA384": "511153edeab984723234ccf6cece5240e80bfb0f0108edfb3408db6c3457f8a909098b81c048dcf4027392345315df7d"
      },
      "ValidFrom": "2020-01-09 00:00:00",
      "ValidTo": "2020-09-15 12:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "03019a023aff58b16bd6d5eae617f066",
      "Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
      "TBS": {
        "MD5": "a752afee44f017e8d74e3f3eb7914ae3",
        "SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
        "SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
        "SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
      },
      "ValidFrom": "2014-10-22 00:00:00",
      "ValidTo": "2024-10-22 00:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
      "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
      "TBS": {
        "MD5": "f92649915476229b093c211c2b18e6c4",
        "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
        "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
        "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
      },
      "ValidFrom": "2012-04-18 12:00:00",
      "ValidTo": "2027-04-18 12:00:00",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
      "Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
      "TBS": {
        "MD5": "4e5ad189638cf52ba9cd881d4d44668c",
        "SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
        "SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
        "SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
      },
      "ValidFrom": "2006-11-10 00:00:00",
      "ValidTo": "2021-11-10 00:00:00",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
      "SerialNumber": "04df4d56733ae38d598ea004dd2d9c51",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

    source

    last_updated: 2024-09-26