Closed devwhatsapp closed 6 years ago
C:\vbox>tdl Tsugumi.sys Turla Driver Loader v1.1.2 started (c) 2016 - 2017 TDL Project Supported x64 OS : 7 and above
Ldr: Windows v6.1 build 7601 Ldr: Warning, VirtualBox software installed, conflicts are possible - is this normal ? Ldr: Active VirtualBox found in system, attempt unload it SCM: VBoxUSBMon driver unloaded SCM: VBoxDrv driver unloaded SCM: Vulnerable driver loaded and opened Ldr: Kernel base = 0xFFFFF80002C01000 Ldr: Input driver file loaded at 0x000000013F560000 Ldr: Loading ntoskrnl.exe Ldr: ntoskrnl.exe loaded at 0x0000000140000000 Ldr: ExAllocatePoolWithTag 0xFFFFF80002DAC0E0 Ldr: PsCreateSystemThread 0xFFFFF80002F1EAF4 Ldr: ZwClose 0xFFFFF80002C79DC0 Ldr: Shellcode allocated at 0x00000000000F0000 Ldr: Default bootstrap shellcode selected Ldr: Resolving kernel import Ldr: Executing exploit Ldr: OpenLdr.u.Out.pvImageBase = 0xFFFFFA8004A56080 Ldr: SUP_IOCTL_LDR_LOAD, success Shellcode mapped at 0xFFFFFA8004A56080, size = 0x00008000 Driver image mapped at 0xFFFFFA8004A5639E Ldr: SUP_IOCTL_SET_VM_FOR_FAST call complete Ldr: SUP_IOCTL_FAST_DO_NOP Ldr: SUP_IOCTL_LDR_FREE SCM: Unloading vulnerable driver SCM: Vulnerable driver successfully unloaded Ldr: Original driver restored is this normal ?
Yes
hfiref0x
commented
6 years ago hfiref0x
commented
6 years ago
C:\vbox>tdl Tsugumi.sys Turla Driver Loader v1.1.2 started (c) 2016 - 2017 TDL Project Supported x64 OS : 7 and above
Ldr: Windows v6.1 build 7601 Ldr: Warning, VirtualBox software installed, conflicts are possible - is this normal ? Ldr: Active VirtualBox found in system, attempt unload it SCM: VBoxUSBMon driver unloaded SCM: VBoxDrv driver unloaded SCM: Vulnerable driver loaded and opened Ldr: Kernel base = 0xFFFFF80002C01000 Ldr: Input driver file loaded at 0x000000013F560000 Ldr: Loading ntoskrnl.exe Ldr: ntoskrnl.exe loaded at 0x0000000140000000 Ldr: ExAllocatePoolWithTag 0xFFFFF80002DAC0E0 Ldr: PsCreateSystemThread 0xFFFFF80002F1EAF4 Ldr: ZwClose 0xFFFFF80002C79DC0 Ldr: Shellcode allocated at 0x00000000000F0000 Ldr: Default bootstrap shellcode selected Ldr: Resolving kernel import Ldr: Executing exploit Ldr: OpenLdr.u.Out.pvImageBase = 0xFFFFFA8004A56080 Ldr: SUP_IOCTL_LDR_LOAD, success Shellcode mapped at 0xFFFFFA8004A56080, size = 0x00008000 Driver image mapped at 0xFFFFFA8004A5639E Ldr: SUP_IOCTL_SET_VM_FOR_FAST call complete Ldr: SUP_IOCTL_FAST_DO_NOP Ldr: SUP_IOCTL_LDR_FREE SCM: Unloading vulnerable driver SCM: Vulnerable driver successfully unloaded Ldr: Original driver restored is this normal ?