Back to binalyze.com

Module List

Overview

Evidence: Module List Description: List ESXi Modules Category: System Platform: esxi Short Name: modlist Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

ESXi kernel modules extend hypervisor functionality with device drivers, storage adapters, and system services. Loaded modules represent active kernel components and can include malicious kernel-mode rootkits or unauthorized driver installations that compromise hypervisor security.

Data Collected

This collector gathers structured data about module list.

Module List Data

Field
Description
Example

AccessTime

Access Time

2023-10-15 14:30:25+03:00

AccessCount

Access Count

123

URL

URL

Example value

Browser

Browser

Example value

Title

Title

Example value

VisitDuration

Visit Duration

Example value

Referrer

Referrer

Example value

TypedCount

Typed Count

123

IsHidden

Is Hidden

true

TransitionType

Transition Type

Example value

VisitID

Visit ID

123

TransitionQualifiers

Transition Qualifiers

Example value

User

User

Example value

Profile

Profile

Example value

HistoryFilePath

History File Path

Example value

Collection Method

This collector parses loaded kernel module information, extracting module names, descriptions, versions, vendor information, license types, load addresses, module sizes, and dependency relationships for each currently loaded VMkernel module.

Forensic Value

Module analysis reveals unauthorized kernel extensions, detects known malicious modules, validates driver integrity, and identifies unsigned or suspicious kernel components. Comparing module lists against baselines helps discover rootkits, backdoors, or compromised drivers that operate at the highest privilege level.

PreviousKernel InfoNextMultipathing Info

Last updated

Was this helpful?