271ace20-2f68-4695-9579-0d4de8cb4fe6

GameDriverX64.sys :inline

Description

GameDriverX64.sys is a signed game driver reported in public DragonForce intrusion tradecraft as an abused vulnerable driver.

  • UUID: 271ace20-2f68-4695-9579-0d4de8cb4fe6
  • Created: 2026-06-16
  • Author: Michael Haag
  • Acknowledgement: | tobias-richter323

Download

This download link contains the vulnerable driver!

Block GameDriverX64.sys across your endpoints

Add this driver to your block policy in minutes with MagicSword, threat-driven application control. Free for up to 100 endpoints.

Start Blocking for Free

Commands

sc.exe create GameDriverX64 binPath=C:\windows\temp\GameDriverX64.sys type=kernel && sc.exe start GameDriverX64
Use CasePrivilegesOperating System
Load a vulnerable signed kernel driverkernelWindows 10, Windows 11

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://www.security.com/blog-post/dragonforce-msteams-backdoor
  • https://github.com/magicsword-io/LOLDrivers/issues/360

    • CVE

  • CVE-2025-61155

    • Known Vulnerable Samples

    PropertyValue
    FilenameGameDriverX64.sys
    Creation Timestamp
    MD5cb34be5126520f4c402be3c6f09e11cf
    SHA17edbc5d18449fabd1ac214fa3959ea5a9e330a12
    SHA256b6628d201c2a68d2a3de2a87de7a5acfe21b101a97928e1c8d5c82102d967383
    PublisherShanghai Yuelong IE Culture Technology Co., Ltd.
    Date07:08 AM 08/10/2023
    DescriptionGameDriverX64
    ProductGameDriverX64
    OriginalFilenameGameDriverX64.sys

    Download

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand

    source

    last_updated: 2026-06-16