02bbc006-a4a4-438f-9b6c-4382303f6b45
evga_kernel_driver-x64.sys 
Description
evga_kernel_driver-x64.sys is a vulnerable kernel driver from the KeServiceDescriptorTable/vulnerable-drivers repository. The driver exposes dangerous kernel primitives to usermode.
- UUID: 02bbc006-a4a4-438f-9b6c-4382303f6b45
- Created: 2026-04-17
- Author: Michael Haag
- Acknowledgement: | [@rainbowdynamix, @DbgPrint](https://twitter.com/@rainbowdynamix, @DbgPrint)
This download link contains the vulnerable driver!
Block evga_kernel_driver-x64.sys across your endpoints
Add this driver to your block policy in minutes with MagicSword, threat-driven application control. Free for up to 100 endpoints.
Start Blocking for FreeCommands
sc.exe create evga_kernel_driver-x64 binPath=C:\windows\temp\evga_kernel_driver-x64.sys type=kernel && sc.exe start evga_kernel_driver-x64
| Use Case | Privileges | Operating System |
|---|---|---|
| Elevate privileges | kernel | Windows 10 |
Detections
YARA 🏹
Expand
with header and size limitation
without header and size limitation
for renamed driver files
Resources
Known Vulnerable Samples
| Property | Value |
|---|---|
| Filename | evga_kernel_driver-x64.sys |
| Creation Timestamp | 2020-07-20 05:45:05 |
| MD5 | 8dc9504fb5eda1a354971bacffe61ccc |
| SHA1 | da66b66dca5ea8689db903ec23e98f2c881de6f8 |
| SHA256 | 33da2ce240b4559cc6e847d56c5fbeaa3d644ec160841920ea0a098dcee28d0e |
| Authentihash MD5 | e69a79ab53de2dfc3db057f9a4196fc2 |
| Authentihash SHA1 | a8d16fed8999033126d60c656a3ba359dfaa559f |
| Authentihash SHA256 | 5cb98f5d5ebd97fa1d2d6ed7d0d1ed28eced93ef5ceaa2005243eeaf3f4d6f9d |
| RichPEHeaderHash MD5 | 07b8576ea913efc5f8aea722d83b8fda |
| RichPEHeaderHash SHA1 | 83e81864d8a86e55de808e536a40a2c71929d18e |
| RichPEHeaderHash SHA256 | 2ead0e23d7eb86abe16df2f02e0514a5f0253e5cb133aae6d74eeb3b01cd573c |
| Description | EVGA Low-Level Driver |
| Product | EVGA Low-Level Driver |
Certificates
Expand
Certificate 61204db4000000000027
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 8e3ffc222fbcebdbb8b23115ab259be7 |
| ToBeSigned (TBS) SHA1 | ee20bff28ffe13be731c294c90d6ded5aae0ec0e |
| ToBeSigned (TBS) SHA256 | 59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821 |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA |
| ValidFrom | 2011-04-15 19:45:33 |
| ValidTo | 2021-04-15 19:55:33 |
| Signature | 208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 61204db4000000000027 |
| Version | 3 |
Certificate 02514c8d86cb848efcde67e83bd082a3
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | c4ad1ba50c41fe2ce881cdbc6cf8ccb8 |
| ToBeSigned (TBS) SHA1 | 7a35772a9a92658e2cb85112f8b87a032d17a32e |
| ToBeSigned (TBS) SHA256 | 3dcc0438c793ba8124cdff8eaa528360a4828d0ba5ac9ea55d89ff89ce2432a6 |
| Subject | JURISDICTION_OF_INCORPORATION_C=TW, BUSINESS_CATEGORY=Private Organization, serialNumber=29087808, C=TW, L=New Taipei City, O=EVGA Corp., CN=EVGA Corp. |
| ValidFrom | 2019-02-25 00:00:00 |
| ValidTo | 2022-05-18 12:00:00 |
| Signature | 3111a3699804e7e2390d061d1e144be91f48ed491df62b96d66e11147494e050135c42786fd087b63b0a4fc4ae2f4c3c80e6fee5c9881ba2ad8d3d533911d10861f7348bbe4f037a754cf1fb3e60c3da17f841a7229d67ced3f6a06fb6e94493912da8de77fdfed6fd0b4b49bc75f9adf047aceb88962210ce8fd89666211065e52b37e8fee167b21fee0d92056f0e01de9ec13bdda85de417db79526fce9921994433bdcb2294ce51bb9449fd2f47e34a092ec7ed0e4a9319df8ebdc4bca1736bc5c9e9e8ac2fb4437b5d42148ebf1669bc90db483a2b231d359ed9d83ed5b96a714a43ffbdb54828fb70dc04ff1da4ae2c33d132edc964273c889b7c083296 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 02514c8d86cb848efcde67e83bd082a3 |
| Version | 3 |
Certificate 03019a023aff58b16bd6d5eae617f066
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | a752afee44f017e8d74e3f3eb7914ae3 |
| ToBeSigned (TBS) SHA1 | 8eca80a6b80e9c69dcef7745748524afb8019e2d |
| ToBeSigned (TBS) SHA256 | 82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1 |
| Subject | C=US, O=DigiCert, CN=DigiCert Timestamp Responder |
| ValidFrom | 2014-10-22 00:00:00 |
| ValidTo | 2024-10-22 00:00:00 |
| Signature | 9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 03019a023aff58b16bd6d5eae617f066 |
| Version | 3 |
Certificate 03f1b4e15f3a82f1149678b3d7d8475c
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 83f5de89f641d0fbf60248e10a7b9534 |
| ToBeSigned (TBS) SHA1 | 382a73a059a08698d6eb98c87e1b36fc750933a4 |
| ToBeSigned (TBS) SHA256 | eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA (SHA2) |
| ValidFrom | 2012-04-18 12:00:00 |
| ValidTo | 2027-04-18 12:00:00 |
| Signature | 19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 03f1b4e15f3a82f1149678b3d7d8475c |
| Version | 3 |
Certificate 06fdf9039603adea000aeb3f27bbba1b
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 4e5ad189638cf52ba9cd881d4d44668c |
| ToBeSigned (TBS) SHA1 | cdc115e98d798b33904c820d63cc1e1afc19251d |
| ToBeSigned (TBS) SHA256 | 37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd |
| Subject | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1 |
| ValidFrom | 2006-11-10 00:00:00 |
| ValidTo | 2021-11-10 00:00:00 |
| Signature | 46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 06fdf9039603adea000aeb3f27bbba1b |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- HAL.dll
Imported Functions
Expand
- RtlInitUnicodeString
- IoDeleteDevice
- RtlCopyUnicodeString
- IoDeleteSymbolicLink
- IoRegisterShutdownNotification
- ExAllocatePoolWithTag
- IoUnregisterShutdownNotification
- _vsnwprintf
- IofCompleteRequest
- IoCreateSymbolicLink
- wcsrchr
- __C_specific_handler
- MmMapIoSpace
- MmUnmapIoSpace
- RtlFreeUnicodeString
- DbgPrint
- ExFreePoolWithTag
- _vsnprintf
- MmGetSystemRoutineAddress
- IoCreateDevice
- ZwClose
- ObOpenObjectByPointer
- ZwSetSecurityObject
- IoDeviceObjectType
- _snwprintf
- RtlLengthSecurityDescriptor
- SeCaptureSecurityDescriptor
- RtlCreateSecurityDescriptor
- RtlSetDaclSecurityDescriptor
- RtlAbsoluteToSelfRelativeSD
- IoIsWdmVersionAvailable
- SeExports
- wcschr
- _wcsnicmp
- RtlLengthSid
- RtlAddAccessAllowedAce
- RtlGetSaclSecurityDescriptor
- RtlGetDaclSecurityDescriptor
- RtlGetGroupSecurityDescriptor
- RtlGetOwnerSecurityDescriptor
- ZwOpenKey
- ZwCreateKey
- ZwQueryValueKey
- ZwSetValueKey
- KeBugCheckEx
- HalSetBusDataByOffset
- HalGetBusDataByOffset
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- PAGE
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "61204db4000000000027",
"Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
"TBS": {
"MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
"SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
"SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
"SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
},
"ValidFrom": "2011-04-15 19:45:33",
"ValidTo": "2021-04-15 19:55:33",
"Version": 3
},
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "02514c8d86cb848efcde67e83bd082a3",
"Signature": "3111a3699804e7e2390d061d1e144be91f48ed491df62b96d66e11147494e050135c42786fd087b63b0a4fc4ae2f4c3c80e6fee5c9881ba2ad8d3d533911d10861f7348bbe4f037a754cf1fb3e60c3da17f841a7229d67ced3f6a06fb6e94493912da8de77fdfed6fd0b4b49bc75f9adf047aceb88962210ce8fd89666211065e52b37e8fee167b21fee0d92056f0e01de9ec13bdda85de417db79526fce9921994433bdcb2294ce51bb9449fd2f47e34a092ec7ed0e4a9319df8ebdc4bca1736bc5c9e9e8ac2fb4437b5d42148ebf1669bc90db483a2b231d359ed9d83ed5b96a714a43ffbdb54828fb70dc04ff1da4ae2c33d132edc964273c889b7c083296",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "JURISDICTION_OF_INCORPORATION_C=TW, BUSINESS_CATEGORY=Private Organization, serialNumber=29087808, C=TW, L=New Taipei City, O=EVGA Corp., CN=EVGA Corp.",
"TBS": {
"MD5": "c4ad1ba50c41fe2ce881cdbc6cf8ccb8",
"SHA1": "7a35772a9a92658e2cb85112f8b87a032d17a32e",
"SHA256": "3dcc0438c793ba8124cdff8eaa528360a4828d0ba5ac9ea55d89ff89ce2432a6",
"SHA384": "e9f0ca0625459c587434d5be066c114aa984d8bf2e890e60b3ca5972ea374f2a211bf69b0278b73c44d409dd97ce4154"
},
"ValidFrom": "2019-02-25 00:00:00",
"ValidTo": "2022-05-18 12:00:00",
"Version": 3
},
{
"CertificateType": "Intermediate",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": false,
"SerialNumber": "03019a023aff58b16bd6d5eae617f066",
"Signature": "9d257e1b334db226815c9b86ce23200f8087e588ffffb1d46a2c31ed3a17197117cda91bbc5a1639009de36c84e45a40fbde06018c37fa9bb19d247efe20a457ad5bb79ab06026ea6957215d342f1f71b0839419056b359010a07b97c7f63fe7e21141a6bd62d9f0273d381d286f3a5209f0ec7062d3624bb0e073a692c0d38e31d82fe36d171306eee403b614abf38f43a7719d21dd14ca155d9241daf90f81d199740d26c40e7f1bb5f5a0f1c677062815e9d893e55516f0bb0aab1cdb5c482766c8a38b0a1ce595daaec42e59a061dddaf36da261e98a0b6dec1218bdf755544003922b6bc251c20a48afb0d46ee0f4140a3a1be38f3dcaaf6a8d7bdcd844",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert, CN=DigiCert Timestamp Responder",
"TBS": {
"MD5": "a752afee44f017e8d74e3f3eb7914ae3",
"SHA1": "8eca80a6b80e9c69dcef7745748524afb8019e2d",
"SHA256": "82560fa7efec30b5ff82af643e6f3bf3d46868bbd5e7d76f93db185e9e3553a1",
"SHA384": "e8b11408c88f877ade4ca51114a175fb5dfd2d18d2a66be547c1c9e080fa8f592c7870e30dfab1c04d234993dd0907f3"
},
"ValidFrom": "2014-10-22 00:00:00",
"ValidTo": "2024-10-22 00:00:00",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "03f1b4e15f3a82f1149678b3d7d8475c",
"Signature": "19334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA (SHA2)",
"TBS": {
"MD5": "83f5de89f641d0fbf60248e10a7b9534",
"SHA1": "382a73a059a08698d6eb98c87e1b36fc750933a4",
"SHA256": "eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf",
"SHA384": "4a25018683cabfb8ec2cad136334f37f33c89aa8540326322991d997c8adfb7faf06ab602ebd46630fe75fe3d2edc6b1"
},
"ValidFrom": "2012-04-18 12:00:00",
"ValidTo": "2027-04-18 12:00:00",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "06fdf9039603adea000aeb3f27bbba1b",
"Signature": "46503ec9b72824a7381db65b29af52cf52e93147ab565c7bd50d0b41b3efec751f7438f2b25c61a29c95c350e482b923d1ba3a8672ad3878ac755d1717347247859456d1ebbb368477cc24a5f3041955a9e7e3e7ab62cdfb8b2d90c2c0d2b594bd5e4fb105d20e3d1aa9145ba6863162a8a833e49b39a7c4f5ce1d7876942573e42aabcf9c764bed5fc24b16e44b704c00891efcc579bc4c1257fe5fe11ebc025da8fefb07384f0dc65d91b90f6745cdd683ede7920d8db1698c4ffb59e0230fd2aaae007cee9c420ecf91d727b716ee0fc3bd7c0aa0ee2c08558522b8eb181a4dfc2a21ad49318347957771dcb11b4b4b1c109c7714c19d4f2f5a9508291026",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID CA,1",
"TBS": {
"MD5": "4e5ad189638cf52ba9cd881d4d44668c",
"SHA1": "cdc115e98d798b33904c820d63cc1e1afc19251d",
"SHA256": "37560fb9d548ab62cc3ed4669a4ab74828b5a108e67e829937ffb2d10a5f78dd",
"SHA384": "173bfb77183785621ef15f43ea807338cea6a02e8183317d9ef050c7237adda3fa2a5bdcd5a4c96da9f2c55900675b9f"
},
"ValidFrom": "2006-11-10 00:00:00",
"ValidTo": "2021-11-10 00:00:00",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA (SHA2)",
"SerialNumber": "02514c8d86cb848efcde67e83bd082a3",
"Version": 1
}
],
"SignerInfo": ""
}
last_updated: 2026-04-20