RootKit module of ZxShell RAT used by Emissary Panda (APT27), of which there is a relatively recent sample.
This rootkit is a very simple, it does not employ any uber fancy methods or something. The name of the driver is “autochk.sys” – that’s why we’ll call it the autochk rootkit.
The rootkit implements 2 functionalities:
Access to sensitive information