dbb58de1-a1e5-4c7f-8fe0-4033502b1c63

asas.sys :inline

Description

Confirmed vulnerable driver from Microsoft Block List

  • UUID: dbb58de1-a1e5-4c7f-8fe0-4033502b1c63
  • Created: 2023-07-22
  • Author: Michael Haag
  • Acknowledgement: |

DownloadBlock

Use CasePrivilegesOperating System
Elevate privilegeskernelWindows

Detections

YARA 🏹

Expand

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c

    • CVE

    • Known Vulnerable Samples

    PropertyValue
    Filename
    Creation Timestamp2016-09-05 00:43:33
    MD5f5938db81d1e620b5c89ca0c5f157a33
    SHA1d10a054c6c3b1243cb13ff6648cd5de21a0b6548
    SHA2566165491e8391eac9c0e3b9a2a31e1692a567c16cbfa36d7a88c401ffae1f6c63
    Authentihash MD537458813b5115cbf06552da28fefbbbb
    Authentihash SHA11d1cafc73c97c6bcd2331f8777d90fdca57125a3
    Authentihash SHA256faa08cb609a5b7be6bfdb61f1e4a5e8adf2f5a1d2492f262483df7326934f5d4
    RichPEHeaderHash MD5b2f23c03be4553a744ff25735a80073c
    RichPEHeaderHash SHA12703d60c8f12df9d6adf5ae475bfeb1786486888
    RichPEHeaderHash SHA25646ffd109664b6694974986a39d508002d564434d60a0fb9f861401f2cb2c83f1

    Download

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteSymbolicLink
    • RtlInitUnicodeString
    • IofCompleteRequest
    • MmGetSystemRoutineAddress
    • IoCreateSymbolicLink
    • IoCreateDevice
    • IoDeleteDevice

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .data
    • .pdata
    • .info
    • INIT

    Signature

    Expand

    source

    last_updated: 2024-09-26