NetFlt.sys We were not able to verify the hash of this driver successfully, it has not been confirmed.
Description NetFlt.sys is a vulnerable driver and more information will be added as found.
UUID : 30d6c39c-1d93-4101-8dd3-322ff0ab7fb3Created : 2023-01-09Author : Michael HaagBlock NetFlt.sys across your endpoints Add this driver to your block policy in minutes with MagicSword, threat-driven application control. Free for up to 100 endpoints.
Start Blocking for Free Commands sc.exe create NetFlt.sys binPath=C:\windows\temp\NetFlt.sys type=kernel && sc.exe start NetFlt.sys
Use Case Privileges Operating System Elevate privileges kernel Windows 10
Detections Sigma 🛡️ Expand Names
detects loading using name only
Hashes
detects loading using hashes only
Resources https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules Known Vulnerable Samples Imports Expand Imported Functions Expand Exported Functions Expand Sections Expand Signature Expand Download
Certificates Expand Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b Field Value ToBeSigned (TBS) MD5 d0785ad36e427c92b19f6826ab1e8020 ToBeSigned (TBS) SHA1 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 ToBeSigned (TBS) SHA256 c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff Subject C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 ValidFrom 2012-12-21 00:00:00 ValidTo 2020-12-30 23:59:59 Signature 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 7e93ebfb7cc64e59ea4b9a77d406fc3b Version 3
Certificate 0ecff438c8febf356e04d86a981b1a50 Field Value ToBeSigned (TBS) MD5 e9d38360b914c8863f6cba3ee58764d3 ToBeSigned (TBS) SHA1 4cba8eae47b6bf76f20b3504b98b8f062694a89b ToBeSigned (TBS) SHA256 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 Subject C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 ValidFrom 2012-10-18 00:00:00 ValidTo 2020-12-29 23:59:59 Signature 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 0ecff438c8febf356e04d86a981b1a50 Version 3
Certificate 06ac27b7c8985c4d40006b362e4b42ef Field Value ToBeSigned (TBS) MD5 b4f984fa296ebed6a2de0fd41e3a8943 ToBeSigned (TBS) SHA1 1ef4fb65a78f8986bf07cbfadf337c0b7adfa0b9 ToBeSigned (TBS) SHA256 7d0c90a2709a9f0286d90e509680b02696769a960da897dfadeb8d6ecd8b86eb Subject C=CN, ST=, L=, O=, OU=, CN= ValidFrom 2017-07-12 00:00:00 ValidTo 2019-10-11 23:59:59 Signature 66054a913dde7f2816a209d078362671f9f875b38df2c564fb60288eab00536e96b19b4226330797a4b17376b096a952ac9694328cf09ad080e169ec1e1f04c22f87fa8c61fa54f1398316b2b5e2854009a06af391bbfa7d887b89f9d321ee930d3c5b9fcf0fc9cb6d5dfd77526470968d6fcc224052d891b90618b3830a798150235d4b72535accdec987e46c3469906266bf4705f4c2730e6fad70210172bd85a6f6c5a8e976d3ba1601592e5e421f7cf18e1fecb1f0e1eae8d2d7b4de6de5d4e3c88fbfe90ae699239765d24e9232e5b74a20ab25d0911069017f004cc5a4a492dacef0adffb6ee796e359f6f5f6d6692eaedd9ef71071da40577cbadd79b SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority False SerialNumber 06ac27b7c8985c4d40006b362e4b42ef Version 3
Certificate 611993e400000000001c Field Value ToBeSigned (TBS) MD5 78a717e082dcc1cda3458d917e677d14 ToBeSigned (TBS) SHA1 4a872e0e51f9b304469cd1dedb496ee9b8b983a4 ToBeSigned (TBS) SHA256 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8 Subject C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5 ValidFrom 2011-02-22 19:25:17 ValidTo 2021-02-22 19:35:17 Signature 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 611993e400000000001c Version 3
Certificate 5200e5aa2556fc1a86ed96c9d44b33c7 Field Value ToBeSigned (TBS) MD5 b30c31a572b0409383ed3fbe17e56e81 ToBeSigned (TBS) SHA1 4843a82ed3b1f2bfbee9671960e1940c942f688d ToBeSigned (TBS) SHA256 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9 Subject C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA ValidFrom 2010-02-08 00:00:00 ValidTo 2020-02-07 23:59:59 Signature 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3 SignatureAlgorithmOID 1.2.840.113549.1.1.5 IsCertificateAuthority True SerialNumber 5200e5aa2556fc1a86ed96c9d44b33c7 Version 3
Imports Expand Imported Functions Expand KeBugCheckEx ZwOpenKey ZwClose ZwQueryValueKey IofCompleteRequest ExFreePoolWithTag ExAllocatePoolWithTag _vsnprintf MmMapLockedPagesSpecifyCache KeAcquireSpinLockRaiseToDpc DbgPrint KeAcquireSpinLockAtDpcLevel KeReleaseSpinLockFromDpcLevel KeReleaseSpinLock RtlInitUnicodeString NdisInitializeEvent NdisRegisterDeviceEx NdisDeregisterDeviceEx NdisFSendNetBufferLists NdisFIndicateReceiveNetBufferLists NdisFReturnNetBufferLists NdisFIndicateStatus NdisWaitEvent NdisFCancelSendNetBufferLists NdisFSendNetBufferListsComplete NdisSetEvent NdisResetEvent NdisRetreatNetBufferDataStart NdisAdvanceNetBufferDataStart NdisFSetAttributes NdisFDeregisterFilterDriver NdisAllocateMemoryWithTagPriority NdisFRegisterFilterDriver NdisFreeMemory Exported Functions Expand Sections Expand .text .rdata .data .pdata INIT .rsrc Signature Expand source
last_updated: 2026-05-04
