Static | ZeroBOX

PE Compile Time

2024-03-29 21:40:17

PDB Path

C:\Users\andreu\Downloads\saturn-mapper-main\saturn-mapper-main\x64\Release\saturn map_Release.pdb

PE Imphash

f02bee0fac461a90ea2c05877e833237

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000105af 0x00010600 6.23590523871
.rdata 0x00012000 0x00011280 0x00011400 5.71879919785
.data 0x00024000 0x00000db0 0x00000600 3.50249446457
.pdata 0x00025000 0x00000d38 0x00000e00 4.82075548724
.rsrc 0x00026000 0x000001e8 0x00000200 4.7681311517
.reloc 0x00027000 0x00000108 0x00000200 3.13853382216

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00026060 0x00000188 LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x140012030 CloseHandle
0x140012038 GetProcAddress
0x140012040 GetCurrentProcessId
0x140012048 GetModuleHandleA
0x140012058 GetTempPathW
0x140012060 FormatMessageA
0x140012068 GetCurrentThreadId
0x140012070 CreateFileW
0x140012078 VirtualAlloc
0x140012080 DeviceIoControl
0x140012088 Sleep
0x140012090 VirtualFree
0x140012098 GetLocaleInfoEx
0x1400120a0 FindClose
0x1400120a8 FindFirstFileW
0x1400120b0 GetFileAttributesExW
0x1400120b8 AreFileApisANSI
0x1400120c0 GetLastError
0x1400120c8 GetModuleHandleW
0x1400120d8 WideCharToMultiByte
0x1400120e0 ReleaseSRWLockExclusive
0x1400120e8 AcquireSRWLockExclusive
0x1400120f0 WakeAllConditionVariable
0x140012100 RtlCaptureContext
0x140012108 RtlLookupFunctionEntry
0x140012110 RtlVirtualUnwind
0x140012118 UnhandledExceptionFilter
0x140012120 GetCurrentProcess
0x140012128 TerminateProcess
0x140012138 QueryPerformanceCounter
0x140012140 GetSystemTimeAsFileTime
0x140012148 InitializeSListHead
0x140012150 IsDebuggerPresent
0x140012158 LocalFree
Library ADVAPI32.dll:
0x140012000 RegCloseKey
0x140012008 RegDeleteTreeW
0x140012010 RegCreateKeyW
0x140012018 RegOpenKeyW
0x140012020 RegSetKeyValueW
Library MSVCP140.dll:
0x140012278 ??1_Lockit@std@@QEAA@XZ
0x140012280 ??0_Lockit@std@@QEAA@H@Z
Library ntdll.dll:
0x140012598 NtQuerySystemInformation
0x1400125a0 RtlInitUnicodeString
Library VCRUNTIME140_1.dll:
0x1400123b8 __CxxFrameHandler4
Library VCRUNTIME140.dll:
0x140012358 __current_exception
0x140012360 _CxxThrowException
0x140012368 __C_specific_handler
0x140012370 __std_terminate
0x140012378 wcsstr
0x140012380 __std_exception_destroy
0x140012388 memcmp
0x140012390 memcpy
0x140012398 memset
0x1400123a0 __std_exception_copy
0x1400123a8 memmove
Library api-ms-win-crt-stdio-l1-1-0.dll:
0x1400124e0 _set_fmode
0x1400124e8 _fseeki64
0x1400124f0 fread
0x1400124f8 fsetpos
0x140012508 __p__commode
0x140012510 fputc
0x140012518 setvbuf
0x140012520 fgetpos
0x140012528 fwrite
0x140012530 ungetc
0x140012538 fflush
0x140012540 fgetc
0x140012548 fclose
Library api-ms-win-crt-utility-l1-1-0.dll:
0x140012580 srand
0x140012588 rand
Library api-ms-win-crt-filesystem-l1-1-0.dll:
0x1400123c8 _lock_file
0x1400123d0 _wremove
0x1400123d8 _unlock_file
Library api-ms-win-crt-string-l1-1-0.dll:
0x140012558 _wcsicmp
0x140012560 _stricmp
Library api-ms-win-crt-time-l1-1-0.dll:
0x140012570 _time64
Library api-ms-win-crt-runtime-l1-1-0.dll:
0x140012438 _initialize_onexit_table
0x140012448 _c_exit
0x140012450 _cexit
0x140012458 __p___wargv
0x140012460 __p___argc
0x140012470 exit
0x140012478 _initterm_e
0x140012480 _initterm
0x140012498 _configure_wide_argv
0x1400124a0 _crt_atexit
0x1400124a8 _set_app_type
0x1400124b0 _seh_filter_exe
0x1400124b8 abort
0x1400124c0 _exit
0x1400124c8 terminate
Library api-ms-win-crt-heap-l1-1-0.dll:
0x1400123e8 malloc
0x1400123f0 _set_new_mode
0x1400123f8 _callnewh
0x140012400 free
Library api-ms-win-crt-locale-l1-1-0.dll:
0x140012410 _configthreadlocale
0x140012418 ___lc_codepage_func
Library api-ms-win-crt-math-l1-1-0.dll:
0x140012428 __setusermatherr

!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
fD94Au
fF94@u
UAVAWH
|$ UATAUAVAWH
A_A^A]A\]
D$pHcH
D$pHcH
D$pHcH
@USWAVH
HcL$0H
@SUVAVH
)H;\$(r`H
|$ UAVAWH
H9;vcI
|$ UAVAWH
\$ UVWAVAWH
0A_A^_^]
@SUAUAV
A^A]][
|$ UATAUAVAWH
HcD$pH
A_A^A]A\]
@SUVWAVH
L90u"H
0A^_^][
@SWAWH
A__[H
@UVAVH
0A^^]H
WATAUAVAWH
0A_A^A]A\_
SVWATAUAVAWH
PA_A^A]A\_^[
D$@8D$Pu-
D$A8D$Qu"
D$J8D$Zu
D$K8D$[u
@SUVWAVH
pA^_^][
D$@8D$Pu-
D$A8D$Qu"
D$J8D$Zu
D$K8D$[u
@SUVWAVH
pA^_^][
D$@8D$Pu-
D$A8D$Qu"
D$J8D$Zu
D$K8D$[u
@SUVWAVH
pA^_^][
D$@8D$Pu-
D$A8D$Qu"
D$J8D$Zu
D$K8D$[u
@SUVWAVH
pA^_^][
D$@8D$Pu-
D$A8D$Qu"
D$J8D$Zu
D$K8D$[u
@SUVWAVH
A^_^][
D$P8D$`u-
D$Q8D$au"
D$Z8D$ju
D$[8D$ku
@SUVWAVH
pA^_^][
D$@8D$Pu-
D$A8D$Qu"
D$J8D$Zu
D$K8D$[u
UVWAVAWH
pA_A^_^]
D$@8D$Pu-
D$A8D$Qu"
D$J8D$Zu
D$K8D$[u
@SUVWAVH
pA^_^][
D$@8D$Pu-
D$A8D$Qu"
D$J8D$Zu
D$K8D$[u
D$@8D$Pu-
D$A8D$Qu"
D$J8D$Zu
D$K8D$[u
@SUVWAVH
pA^_^][
D$@8D$Pu-
D$A8D$Qu"
D$J8D$Zu
D$K8D$[u
D$@8D$Pu-
D$A8D$Qu"
D$J8D$Zu
D$K8D$[u
UVWAVAWH
pA_A^_^]
D$@8D$Pu-
D$A8D$Qu"
D$J8D$Zu
D$K8D$[u
UVWAVAWH
pA_A^_^]
D$@8D$Pu-
D$A8D$Qu"
D$J8D$Zu
D$K8D$[u
@SUVAWH
(A_^][
(A_^][
@SUVAVH
(A^^][
(A^^][
@SUVAWH
(A_^][
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
WATAUAVAWH
0A_A^A]A\_
t$ UWATAVAWH
A_A^A\_]
|$ UATAUAVAWH
A_A^A]A\]
VWATAVAWH
@A_A^A\_^
VWATAVAWH
@A_A^A\_^
@SVAVH
@UVWAUH
8A]_^]
@SVATAWH
8A_A\^[
t$ UWATAVAWH
A_A^A\_]
\$ UWAVH
HcL$PH
HcL$PH
UVWATAUAVAWH
A_A^A]A\_^]
H97t-H
l$ VWATAVAWH
0A_A^A\_^
@SUVWAVH
pA^_^][
D$@8D$Pu-
D$A8D$Qu"
D$J8D$Zu
D$K8D$[u
VWATAVAWH
0A_A^A\_^
VWATAVAWH
0A_A^A\_^
gfffffffH
UVWATAUAVAWH
A_A^A]A\_^]
@SVAVAWH
(A_A^^[
@SVWATAUAVAWH
>HkL$H8H
`A_A^A]A\_^[
@WATAUAWH
8A_A]A\_
@SVWATAUAVAWH
gfffffffH
fffffff
gfffffffH
`A_A^A]A\_^[
l$ VWAVH
gfffffffH
fffffff
t$ UWAVH
D$@HcH
D$@HcH
D$@HcH
D$@HcH
D$@HcH
D$@HcH
D$@HcH
D$@HcH
@SVAVH
VWATAVAWH
@A_A^A\_^
l$pI;W
@SUVATAVH
A^A\^][
WAVAWH
t$ UWAVH
u/HcH<H
bad allocation
Unknown exception
bad array new length
string too long
bad cast
ntoskrnl.exe
[!] Failed to ClearWdFilterDriverList
WdFilter.sys
[Saturn] WdFilter.sys not loaded, clear skipped
xxx????xx
[!] Failed to find WdFilter RuntimeDriversList
xx????xxx
[!] Failed to find WdFilter RuntimeDriversCount
xxx?x?xx???????????x
xxx?xx?x???????????x
[!] Failed to find WdFilter MpFreeDriverInfoEx
[!] Failed to remove from RuntimeDriversArray
[!] DriverInfo Magic is invalid, new wdfilter version?, driver info will not be released to prevent bsod
[Saturn] WdFilterDriverList Cleaned:
x????xxxxxxxx????xxxxxxxxx????xxxxxxxx
PAGELK
xxxxxxxxx????xxxxxxx
xx????x???x?x????xxxxxxx????x
MmAllocatePagesForMdl
MmMapLockedPagesSpecifyCache
MmProtectMdlSystemAddress
MmUnmapLockedPages
MmFreePagesFromMdl
ExAllocatePoolWithTag
ExFreePool
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
xxxxxx????xxxxx????xxx????xxxxx????x????xx?x
xxxxxx
xxx????xxxxx????xxx????x????x
[Saturn] PiDDBLock Ptr 0x
[Saturn] PiDDBCacheTable Ptr 0x
[Saturn] Found Table Entry = 0x
ci.dll
xxx????x?xxxxxxx
ntdll.dll
NtAddAtom
!This program cannot be run in DOS mode.
h.rdata
H.data
.pdata
|$ uG3
D$L/vf
l$Ht$H
l$Ht&f
D$(tEH
Nal Windows Driver Unload: IoDeleteDevice NOT called: NULL DeviceObject
Nal Windows Driver Unload: Leaving...
Nal Windows Driver Unload: Starting
Nal Windows DriverAddDevice: done
Nal Windows DriverIoCreateSymbolicLink failed. Status = 0x%x
Nal Windows DriverIoCreateDevice failed. Status = 0x%0x
Nal Windows DriverAddDevice: entered
Nal Windows DriverCreate: Leaving
Nal Windows DriverCreate: Starting
Nal Windows DriverClose: Leaving
Nal Windows DriverClose: Starting
NalDeviceControl: InputBuffer was NULL
Nal Windows DriverDeviceControl: Invalid IOCTL code 0x%0x
NAL_ENABLE_DEBUG_PRINT_FUNCID: FunctionData is NULL
NAL_KKMEMCPY_FUNCID: One of the buffers was NULL
NAL_KUMEMCPY_FUNCID: One of the buffers was NULL
NAL_KMEMSET_FUNCID: One of the buffers was NULL
Kernel:
_NalWinGetUserAddress: Unable to allocate MDL
_NalWinGetUserAddress: Address To Free = 0x%p
_NalWinGetUserAddress: MmMapLockedPages failed. Freeing MDL
_NalWinGetUserAddress: KernelLevelAddress = 0x%p
PAGE_SIZE * (65535 - sizeof(MDL)) / sizeof(ULONG_PTR) = %d
_NalWinGetUserAddress: Using memory map table slot %d - Length %d
NalUnmapAddress: Unmapping non-usermode mapped address 0x%p, Length %d
NalUnmapAddressEx: Address not found in table - not unmapping 0x%p, Length %d
NalUnmapAddressEx: Global_WinMemoryMapTable[i].AddressToFree = %p
NalUnmapAddressEx: Unmapping OriginalMemoryMapped
NalUnmapAddressEx: Skipped MmUnmapLockedPages - AddressToFree or Mdl was NULL
NalUnmapAddressEx: Calling MmUnmapLockedPages
NalUnmapAddressEx: Slot %d matched
NalUnmapAddressEx: Global_WinMemoryMapTable[%d].MappedAddress = 0x%p == 0x%p
NalUnmapAddressEx: Looking to unmap 0x%p, Length %d, ProcessId %d
_NalAllocateMemoryNonPaged - MmAllocateContiguousMemory failed
_NalAllocateMemoryNonPaged - VirtualAddress = 0x%p
_NalAllocateMemoryNonPaged - MmMapLockedPages failed. Freeing MDL
_NalFreeMemoryNonPagedEx: Memory entry 0x%p is not entered into the table. Not freeing anything.
NalMmapAddressEx: *VirtualAddress = 0x%p (mapped to user)
NalMmapAddressEx: *VirtualAddress = 0x%p (not mapped to user)
NalMmapAddressEx: Vaddress = 0x%p
Translated
Looking for match for %d/%d/%d
_NalReadPciDeviceCount found %d devices (%d)
c:\users\cloudbuild\337244\sdk\nal\src\winnt_wdm\driver\windriverpci_i.c
FillKernelContext: VirtualAddress: %p
_NalHasInterruptOccurred returning %s
NalResolveOsSpecificIoctl: FuctionId = %d
NalResolveOsSpecificIoctl: NAL_WIN_IS_ADAPTER_IN_USE_FUNCID FunctionData is NULL
NalResolveOsSpecificIoctl: NAL_WIN_ADAPTER_IN_USE_FUNCID FunctionData is NULL
NalResolveOsSpecificIoctl: NAL_WIN_DRIVER_GET_REF_COUNT_FUNCID FunctionData is NULL
NalResolveOsSpecificIoctl: NAL_WIN_OS_DEVICE_FUNCID FunctionData is NULL
NalResolveOsSpecificIoctl: NAL_WIN_FREE_DEV_CONTEXT_FUNCID FunctionData is NULL
NalResolveOsSpecificIoctl: NAL_WIN_ALLOC_DEV_CONTEXT_FUNCID FunctionData is NULL
NalResolveOsSpecificIoctl: NAL_WIN_GET_SYMBOLIC_NAME_FUNCID FunctionData is NULL
NalResolveOsSpecificIoctl: NAL_WIN_GET_PDO_POINTER_FUNCID FunctionData is NULL
NalOsSpecificIoctl: FunctionId = %d
c:\users\cloudbuild\337244\sdk\nal\src\winnt_wdm\driver\objfre_wnet_AMD64\amd64\iqvw64e.pdb
Nal Windows Driver DriverEntry: Completed
Nov 14 2013
Nal Windows Driver Loaded -- Compiled %s %s
07:22:40
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
ExAllocatePoolWithTag
ExFreePoolWithTag
MmGetPhysicalAddress
DbgPrint
strncpy
vsprintf
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmUnmapIoSpace
MmUnmapLockedPages
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmMapIoSpace
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
IoBuildSynchronousFsdRequest
KeInitializeEvent
ZwClose
RtlFreeAnsiString
strstr
RtlUnicodeStringToAnsiString
ZwEnumerateValueKey
ZwOpenKey
wcsncpy
IoGetDeviceObjectPointer
IoGetDeviceInterfaces
ObReferenceObjectByPointer
KeBugCheckEx
ntoskrnl.exe
KeStallExecutionProcessor
KeQueryPerformanceCounter
HAL.dll
Western Cape1
Durbanville1
Thawte1
Thawte Certification10
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.10
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
120517000000Z
150530235959Z0
Oregon1
Hillsboro1
Intel Corporation1>0<
5Digital ID Class 3 - Microsoft Software Validation v21
LAN Access Division1
Intel Corporation0
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.10
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
VeriSign, Inc.10
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.10
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
image/gif0!00
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.10
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
131114152322Z0#
Dt-^fW
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
generic
system
exists
[Saturn] Callback example called
vector too long
unknown error
wasn't found
[Saturn] Dependency
[Saturn] Failed to resolve import
[Saturn] Can't create service key
[Saturn] Can't create 'ImagePath' registry value
[Saturn] Can't create 'Type' registry value
RtlAdjustPrivilege
NtLoadDriver
Fatal error: failed to acquire SE_LOAD_DRIVER_PRIVILEGE. Make sure you are running as administrator.
[Saturn] NtLoadDriver Status 0x
NtUnloadDriver
[Saturn] NtUnloadDriver Status 0x
[Saturn] Driver Unload Failed!!
RSDSU2vy
C:\Users\andreu\Downloads\saturn-mapper-main\saturn-mapper-main\x64\Release\saturn map_Release.pdb
.text$di
.text$mn
.text$mn$00
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCL
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$voltmd
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.tls$ZZZ
.xdata
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.data$rs
.pdata
.rsrc$01
.rsrc$02
VirtualFree
DeviceIoControl
VirtualAlloc
CreateFileW
GetCurrentThreadId
GetModuleHandleA
CloseHandle
GetProcAddress
GetCurrentProcessId
SetUnhandledExceptionFilter
GetTempPathW
KERNEL32.dll
RegOpenKeyW
RegCreateKeyW
RegDeleteTreeW
RegCloseKey
RegSetKeyValueW
ADVAPI32.dll
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
MSVCP140.dll
NtQuerySystemInformation
RtlInitUnicodeString
ntdll.dll
__CxxFrameHandler4
__std_exception_destroy
__std_exception_copy
wcsstr
__std_terminate
__C_specific_handler
_CxxThrowException
__current_exception
__current_exception_context
memset
VCRUNTIME140_1.dll
VCRUNTIME140.dll
fflush
_wremove
fclose
_unlock_file
_lock_file
fwrite
fgetpos
setvbuf
_stricmp
_time64
ungetc
fsetpos
_fseeki64
_invalid_parameter_noinfo_noreturn
_get_stream_buffer_pointers
_wcsicmp
___lc_codepage_func
malloc
_callnewh
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
_set_fmode
__p___argc
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-utility-l1-1-0.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-time-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
LocalFree
FormatMessageA
GetLocaleInfoEx
FindClose
FindFirstFileW
GetFileAttributesExW
AreFileApisANSI
GetLastError
GetModuleHandleW
GetFileInformationByHandleEx
WideCharToMultiByte
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
memcmp
memcpy
memmove
.?AVbad_alloc@std@@
.?AVbad_cast@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVruntime_error@std@@
.?AVsystem_error@std@@
.?AVfilesystem_error@filesystem@std@@
.?AV_System_error@std@@
.?AVtype_info@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AV?$basic_ofstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AVerror_category@std@@
.?AV_System_error_category@std@@
.?AV_Generic_error_category@std@@
.?AV?$basic_ifstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
!x-sys-default-locale
\\.\Nal
[Saturn] \Device\Nal is already in use. Restart PC and try again.
[Saturn] Loading vulnerable driver, Name:
[Saturn] Can't find TEMP folder
[Saturn] Failed to create vulnerable driver file
[Saturn] Failed to register and start service for the vulnerable driver
[Saturn] Failed to load driver iqvw64e.sys
[Saturn] Failed to get ntoskrnl.exe
[Saturn] Failed to ClearPiDDBCacheTable
[Saturn] Failed to ClearKernelHashBucketList
[!] Failed to ClearMmUnloadedDrivers
[Saturn] Unloading vulnerable driver
[!] Error dumping shit inside the disk
[Saturn] Vul driver data destroyed before unlink
[Saturn] Failed to translate virtual address 0x
[Saturn] Failed to map IO space of 0x
[!] Failed to unmap IO space of physical address 0x
[!] Failed to find MmAllocateIndependentPagesEx
[!] Failed to find MmFreeIndependentPages
[!] Failed to find MmSetPageProtection
[!] Failed to find MmAlocatePagesForMdl
[!] Failed to find MmMapLockedPagesSpecifyCache
[!] Failed to find MmProtectMdlSystemAddress
[!] Failed to find MmUnmapLockedPages
[!] Failed to find MmFreePagesFromMdl
[!] Failed to find ExAllocatePool
[!] Failed to find device_object
[!] Failed to find driver_object
[!] Failed to find driver_section
[!] Failed to find driver name
[!] Failed to read driver name
[!] Failed to write driver name length
[Saturn] MmUnloadedDrivers Cleaned:
[!] Failed to find ExAcquireResourceExclusiveLite
[!] Failed to find ExReleaseResourceLite
[!] Failed to find RtlDeleteElementGenericTableAvl
[!] Failed to find RtlLookupElementGenericTableAvl
[Saturn] Warning PiDDBLock not found
[Saturn] PiDDBLock found with second pattern
[Saturn] Warning PiDDBCacheTable not found
[Saturn] Can't lock PiDDBCacheTable
[Saturn] PiDDBLock Locked
[Saturn] Not found in cache
[Saturn] Can't get prev entry
[Saturn] Can't get next entry
x[Saturn] Can't set next entry
[Saturn] Can't set prev entry
[Saturn] Can't delete from PiDDBCacheTable
[Saturn] PiDDBCacheTable Cleaned
[Saturn] No module address to find pattern
[Saturn] Can't find pattern, Too big section
[Saturn] Read failed in FindPatternAtKernel
[Saturn] Can't find pattern
[Saturn] Can't read module headers
[Saturn] Can't find section
[Saturn] Can't Find ci.dll module address
[Saturn] Can't Find g_KernelHashBucketList
[Saturn] Can't Find g_HashCacheLock
[Saturn] Can't Find g_HashCache relative address
[Saturn] g_KernelHashBucketList Found 0x
[Saturn] Can't lock g_HashCacheLock
[Saturn] g_HashCacheLock Locked
[Saturn] Failed to read first g_KernelHashBucketList entry!
[Saturn] Failed to release g_KernelHashBucketList lock!
[!] g_KernelHashBucketList looks empty!
[Saturn] Failed to read g_KernelHashBucketList entry text len!
[Saturn] Failed to read g_KernelHashBucketList entry text ptr!
[Saturn] Failed to read g_KernelHashBucketList entry text!
[Saturn] Found In g_KernelHashBucketList:
[Saturn] Failed to read g_KernelHashBucketList next entry ptr!
[Saturn] Failed to write g_KernelHashBucketList prev entry ptr!
[Saturn] Failed to clear g_KernelHashBucketList entry pool!
[Saturn] g_KernelHashBucketList Cleaned
[Saturn] Failed to read g_KernelHashBucketList next entry!
[Saturn] Failed to load ntdll.dll
[Saturn] Failed to get export ntdll.NtAddAtom
[Saturn] Failed to get export ntoskrnl.NtAddAtom
[Saturn] FAILED!: The code was already hooked!! another instance of saturn running?!
\??\Nal
\DosDevices\Nal
\Device\Nal
\REGISTRY\MACHINE\HARDWARE\RESOURCEMAP\PnP Manager\PnpManager
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Intel Corporation
FileDescription
Intel(R) Network Adapter Diagnostic Driver
FileVersion
1.03.0.7 built by: WinDDK
InternalName
iQVW64.SYS
LegalCopyright
Copyright (C) 2002-2013 Intel Corporation All Rights Reserved.
OriginalFilename
iQVW64.SYS
ProductName
Intel(R) iQVW64.SYS
ProductVersion
1.03.0.7
VarFileInfo
Translation
:..\drivers\Win64e\iqvw64e.SY
by 0x
[Saturn] Crash at addr 0x
[Saturn] Crash
[!] Incorrect Usage!
[Saturn] Usage: saturn.exe [--free][--mdl][--PassAllocationPtr] driver
or drag the .sys into saturn.exe
indPages
PassAllocationPtr
[Saturn] Free pool memory after usage enabled
[Saturn] Mdl memory usage enabled
[Saturn] Allocate Independent Pages mode enabled
[Saturn] Pass Allocation Ptr as first param enabled
doesn't exist
[Saturn] File
[Saturn] Failed to read image to memory
[Saturn] Too many allocation modes
[Saturn] Failed to map
[Saturn] Warning! failed to fully unload vulnerable driver
[Saturn] Successfully Mapped Driver.
[Saturn] Can't allocate pages for mdl
[Saturn] Can't read the _MDL : byteCount
[Saturn] Couldn't allocate enough memory, cleaning up
[Saturn] Can't set mdl pages cache, cleaning up.
[Saturn] Can't change protection for mdl pages, cleaning up
[Saturn] Allocated pages for mdl
[Saturn] Error allocating independent pages
[Saturn] Failed to change page protections
[Saturn] Invalid format of PE image
[Saturn] Image is not 64 bit
[Saturn] Failed to allocate remote image in kernel
[Saturn] Image base has been allocated at 0x
bytes of PE Header
[Saturn] Skipped 0x
[Saturn] Failed to fix cookie
[Saturn] Failed to resolve imports
[Saturn] Failed to write local image to remote image
[Saturn] Calling DriverEntry 0x
[Saturn] Callback returns false, failed!
[Saturn] Failed to call driver entry
[Saturn] DriverEntry returned 0x
[Saturn] Freeing memory
[Saturn] Memory has been released
[Saturn] WARNING: Failed to free memory!
[Saturn] Load config directory wasn't found, probably StackCookie not defined, fix cookie skipped
[Saturn] StackCookie not defined, fix cookie skipped
[Saturn] StackCookie already fixed!? this probably wrong
[Saturn] Fixing stack cookie
SYSTEM\CurrentControlSet\Services\
ImagePath
\Registry\Machine\System\CurrentControlSet\Services\
[Saturn] Failed to get temp path
Antivirus Signature
Bkav Clean
Lionic Hacktool.Win32.DriverLoader.3!c
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win64.Backdoor.ch
ALYac Gen:Variant.Zusy.547793
Cylance unsafe
Zillya Tool.GameHackAGen.Win64.372
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005a17e41 )
Alibaba HackTool:Win32/DriverLoader.9902c556
K7GW Trojan ( 005a17e41 )
Cybereason Clean
Baidu Clean
VirIT Clean
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/GenKryptik.GWGN
APEX Malicious
Avast Win64:HacktoolX-gen [Trj]
Cynet Malicious (score: 99)
Kaspersky HEUR:HackTool.Win32.DriverLoader.gen
BitDefender Gen:Variant.Zusy.547793
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Variant.Zusy.547793
Tencent Malware.Win32.Gencirc.11c02f66
Sophos Mal/Generic-S
F-Secure Trojan.TR/Crypt.Agent.qkwfv
DrWeb Clean
VIPRE Gen:Variant.Zusy.547793
TrendMicro TROJ_GEN.R002C0XDQ24
Trapmine Clean
FireEye Gen:Variant.Zusy.547793
Emsisoft Gen:Variant.Zusy.547793 (B)
Paloalto generic.ml
GData Gen:Variant.Zusy.547793
Jiangmin Clean
Webroot Clean
Varist W64/ABRisk.TMEJ-5390
Avira TR/Crypt.Agent.qkwfv
MAX malware (ai score=85)
Antiy-AVL HackTool/Win64.Gamehack.q
Kingsoft Win32.HackTool.DriverLoader.gen
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Zusy.D85BD1
SUPERAntiSpyware Clean
ZoneAlarm HEUR:HackTool.Win32.DriverLoader.gen
Microsoft Clean
Google Detected
AhnLab-V3 Trojan/Win.Generic.R629364
Acronis Clean
McAfee Artemis!9272B18FF6B2
TACHYON Clean
VBA32 Clean
Malwarebytes Malware.AI.3685322397
Panda Clean
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0XDQ24
Rising HackTool.GameHack!8.59E (TFE:5:Rc0CEp43z0D)
Yandex Clean
Ikarus Trojan.Win64.Krypt
MaxSecure Trojan.Malware.202002184.susgen
Fortinet W64/GameHack_AGen.O!tr
BitDefenderTheta Clean
AVG Win64:HacktoolX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike Clean
alibabacloud HackTool:Win/DriverLoader.gen
No IRMA results available.