4137ecf0-05e7-463a-94da-47b7259d4433

81.sys

We were not able to verify the hash of this driver successfully, it has not been confirmed.

Description

81.sys is a vulnerable driver and more information will be added as found.

  • UUID: 4137ecf0-05e7-463a-94da-47b7259d4433
  • Created: 2023-01-09
  • Author: Michael Haag
  • Acknowledgement: |

Commands

sc.exe create 81.sys binPath=C:\windows\temp\81.sys type=kernel && sc.exe start 81.sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
  • https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules

  • Known Vulnerable Samples

    PropertyValue
    Filename81.sys
    Creation Timestamp
    MD5
    SHA1faa870b0cb15c9ac2b9bba5d0470bd501ccd4326
    SHA256

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand

    PropertyValue
    Filename81.sys
    Creation Timestamp
    MD5
    SHA1aca8e53483b40a06dfdee81bb364b1622f9156fe
    SHA256

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand

    PropertyValue
    Filename81.sys
    Creation Timestamp
    MD5
    SHA105ac1c64ca16ab0517fe85d4499d08199e63df26
    SHA256

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand

    source

    last_updated: 2024-04-09