47a351ee-8abe-40d8-bc2b-557390fa0945

Lv561av.sys

We were not able to verify the hash of this driver successfully, it has not been confirmed.

Description

Lv561av.sys is a vulnerable driver and more information will be added as found.

  • UUID: 47a351ee-8abe-40d8-bc2b-557390fa0945
  • Created: 2023-01-09
  • Author: Michael Haag
  • Acknowledgement: |

Download

This download link contains the vulnerable driver!

Commands

sc.exe create Lv561av.sys binPath=C:\windows\temp\Lv561av.sys type=kernel && sc.exe start Lv561av.sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
  • https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules

    • Known Vulnerable Samples

    PropertyValue
    FilenameLv561av.sys
    Creation Timestamp2009-04-30 16:43:07
    MD5b47dee29b5e6e1939567a926c7a3e6a4
    SHA1351cbd352b3ec0d5f4f58c84af732a0bf41b4463
    SHA256e86cb77de7b6a8025f9a546f6c45d135f471e664963cf70b381bee2dfd0fdef4
    Authentihash MD592a9fa0ebbb45b600397611e247710b1
    Authentihash SHA1ed3e97c7290768216c5b3abbd4a29dde856eb3c7
    Authentihash SHA256c54ffa9a32cd99972ca905dcf99e20f8429e3cfd45bc1ddf4f9af8b3ed688c88
    RichPEHeaderHash MD5336f1265144cabe54117b2a5a2feaa61
    RichPEHeaderHash SHA1a7929a374484ec35507a4aed4fde1fe68da65590
    RichPEHeaderHash SHA2563ae3d9dea9a6862c021e9cb564ce10ce270d868c008af55453bb6b23e1c065a7
    CompanyLogitech Inc.
    DescriptionLogitech Video Driver
    ProductLogitech Webcam Software
    OriginalFilenameLv561av.sys

    Download

    Certificates

    Expand
    Certificate 3825d7faf861af9ef490e726b5d65ad5
    FieldValue
    ToBeSigned (TBS) MD5d6c7684e9aaa508cf268335f83afe040
    ToBeSigned (TBS) SHA118066d20ad92409c567cdfde745279ff71c75226
    ToBeSigned (TBS) SHA256a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2
    ValidFrom2007-06-15 00:00:00
    ValidTo2012-06-14 23:59:59
    Signature50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber3825d7faf861af9ef490e726b5d65ad5
    Version3
    Certificate 47bf1995df8d524643f7db6d480d31a4
    FieldValue
    ToBeSigned (TBS) MD5518d2ea8a21e879c942d504824ac211c
    ToBeSigned (TBS) SHA121ce87d827077e61abddf2beba69fde5432ea031
    ToBeSigned (TBS) SHA2561ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7
    SubjectC=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA
    ValidFrom2003-12-04 00:00:00
    ValidTo2013-12-03 23:59:59
    Signature4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47bf1995df8d524643f7db6d480d31a4
    Version3
    Certificate 4191a15a3978dfcf496566381d4c75c2
    FieldValue
    ToBeSigned (TBS) MD541011f8d0e7c7a6408334ca387914c61
    ToBeSigned (TBS) SHA1c7fc1727f5b75a6421a1f95c73bbdb23580c48e5
    ToBeSigned (TBS) SHA25688dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA
    ValidFrom2004-07-16 00:00:00
    ValidTo2014-07-15 23:59:59
    Signatureae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber4191a15a3978dfcf496566381d4c75c2
    Version3
    Certificate 0d843ade545afbd252e70cc6e845b7
    FieldValue
    ToBeSigned (TBS) MD5a8ed17ee17bb413e7f807a9a396f77c8
    ToBeSigned (TBS) SHA1b9f8c47034179c10cb6c090f205efe612695f77a
    ToBeSigned (TBS) SHA2566c9d684c51cdda92c44c28668bf0d82181511895a145a6ee3aae508fcb5c2468
    SubjectC=US, ST=California, L=Fremont, O=Logitech Inc, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Corp Signing Cert, CN=Logitech Inc
    ValidFrom2008-10-16 00:00:00
    ValidTo2009-10-18 23:59:59
    Signature7396fd0ff8c118ba1edfe61826659c9a4d1caba239a7bb9164af558e6fc65912775dd0bac6f416c6c96c9564305e96c1b145aa763efe80899d84da79088af91a2c4bcff47a7189b3cd60046333c40f990889440f834b085078dcb3c58ced4ef1bef5c2f7bbbfc8c77e6a96a28783a7fb009b0d7c20675834596910c97c14e27a0ff0b9af89cd6f2f8d7b450dbe59db6b5738bed3f2b6740cb0a8ee8afa3fadd4bf11f3553ea047d8d7d3188d63418ed6f0da617e7c4a4044e385e57fcf716eee853aa0a003356c64c93293ef5eb1f7133e8cd72146051f16e031f369e76a955316195d1c62540ec376bdfb60d68bf2718b33355d282c032bcd955b9f794141e5
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber0d843ade545afbd252e70cc6e845b7
    Version3
    Certificate 610c120600000000001b
    FieldValue
    ToBeSigned (TBS) MD553c41bc1164e09e0cd1617a5bf913efd
    ToBeSigned (TBS) SHA193c03aac8951d494ecd5696b1c08658541b18727
    ToBeSigned (TBS) SHA25640bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b
    SubjectC=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
    ValidFrom2006-05-23 17:01:29
    ValidTo2016-05-23 17:11:29
    Signature01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber610c120600000000001b
    Version3

    Imports

    Expand
    • NTOSKRNL.exe
    • ntoskrnl.exe
    • HAL.DLL
    • USBD.SYS
    • ks.sys

    Imported Functions

    Expand
    • KeWaitForSingleObject
    • IoBuildSynchronousFsdRequest
    • ZwWriteFile
    • ExFreePool
    • RtlQueryRegistryValues
    • RtlInitAnsiString
    • RtlCompareMemory
    • ExAllocatePoolWithTag
    • KeReleaseMutex
    • ZwClose
    • KeDelayExecutionThread
    • DbgPrint
    • RtlFreeUnicodeString
    • ObfDereferenceObject
    • ZwCreateFile
    • KeSetPriorityThread
    • ObReferenceObjectByHandle
    • RtlInitUnicodeString
    • PsCreateSystemThread
    • KeSetEvent
    • KeResetEvent
    • RtlWriteRegistryValue
    • KeInitializeMutex
    • swprintf
    • RtlAnsiStringToUnicodeString
    • KeInitializeEvent
    • sprintf
    • PsTerminateSystemThread
    • IoIsWdmVersionAvailable
    • RtlUnicodeStringToInteger
    • IoOpenDeviceRegistryKey
    • ZwQueryValueKey
    • ExDeleteNPagedLookasideList
    • KeAcquireSpinLockRaiseToDpc
    • vsprintf
    • ExInitializeNPagedLookasideList
    • ExpInterlockedPushEntrySList
    • KeReleaseSpinLock
    • ExpInterlockedPopEntrySList
    • ExDeletePagedLookasideList
    • DbgBreakPoint
    • ExQueryDepthSList
    • ExInitializePagedLookasideList
    • ZwOpenKey
    • ZwCreateKey
    • ZwSetValueKey
    • KeBugCheckEx
    • ExAllocatePool
    • IoAllocateWorkItem
    • IoQueueWorkItem
    • IoFreeWorkItem
    • IoAllocateDriverObjectExtension
    • IoGetDriverObjectExtension
    • ExInterlockedInsertTailList
    • ExInterlockedRemoveHeadList
    • IoAllocateIrp
    • IoReleaseRemoveLockEx
    • IoInitializeRemoveLockEx
    • KeInitializeTimerEx
    • KeInitializeDpc
    • KeCancelTimer
    • IoAcquireRemoveLockEx
    • IoReleaseRemoveLockAndWaitEx
    • KeSetTimerEx
    • IoFreeIrp
    • IoReleaseCancelSpinLock
    • IoAcquireCancelSpinLock
    • IoGetAttachedDeviceReference
    • KeInitializeSemaphore
    • IoCancelIrp
    • KeReleaseSemaphore
    • KeSetTimer
    • KeAcquireSpinLockAtDpcLevel
    • KeReleaseSpinLockFromDpcLevel
    • IofCompleteRequest
    • IoInitializeIrp
    • IofCallDriver
    • ExInterlockedInsertHeadList
    • _snwprintf
    • IoCreateSynchronizationEvent
    • ObReferenceObjectByPointer
    • ExEventObjectType
    • KeClearEvent
    • RtlGUIDFromString
    • IoBuildDeviceIoControlRequest
    • IoGetDeviceInterfaces
    • wcsrchr
    • RtlCompareUnicodeString
    • IoGetDeviceObjectPointer
    • PoRequestPowerIrp
    • KeWaitForMultipleObjects
    • __C_specific_handler
    • PsGetCurrentProcessId
    • KeQueryPerformanceCounter
    • USBD_ParseConfigurationDescriptorEx
    • USBD_CreateConfigurationRequestEx
    • KsGenerateEvents
    • KsGetNextSibling
    • KsGetFirstChild
    • KsInitializeDriver
    • KsGetDeviceForDeviceObject
    • KsGetPinFromIrp
    • KsGetObjectFromFileObject
    • KsCreateFilterFactory
    • KsRemoveItemFromObjectBag
    • _KsEdit
    • KsGetFilterFromIrp
    • KsAddItemToObjectBag
    • KsGetDevice
    • KsStreamPointerSetStatusCode
    • KsPinGetReferenceClockInterface
    • KsPinAttemptProcessing
    • KsPinGetLeadingEdgeStreamPointer
    • KsStreamPointerGetIrp
    • KsStreamPointerClone
    • KsStreamPointerUnlock
    • KsStreamPointerDelete
    • KsStreamPointerAdvance
    • KsDefaultAddEventHandler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • PAGE
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
  "Certificates": [
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "3825d7faf861af9ef490e726b5d65ad5",
      "Signature": "50c54bc82480dfe40d24c2de1ab1a102a1a6822d0c831581370a820e2cb05a1761b5d805fe88dbf19191b3561a40a6eb92be3839b07536743a984fe437ba9989ca95421db0b9c7a08d57e0fad5640442354e01d133a217c84daa27c7f2e1864c02384d8378c6fc53e0ebe00687dda4969e5e0c98e2a5bebf8285c360e1dfad28d8c7a54b64dac71b5bbdac3908d53822a1338b2f8a9aebbc07213f44410907b5651c24bc48d34480eba1cfc902b414cf54c716a3805cf9793e5d727d88179e2c43a2ca53ce7d3df62a3ab84f9400a56d0a835df95e53f418b3570f70c3fbf5ad95a00e17dec4168060c90f2b6e8604f1ebf47827d105c5ee345b5eb94932f233",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services Signer , G2",
      "TBS": {
        "MD5": "d6c7684e9aaa508cf268335f83afe040",
        "SHA1": "18066d20ad92409c567cdfde745279ff71c75226",
        "SHA256": "a612fb22ce8be6dab75e47c98508f98496583e79c9c97b936a8caee9ea9f3fff",
        "SHA384": "35c249d6ad0261a6229b2a727067ac6ba32a5d24b30b9249051f748c7735fbe2ec2ef26a702c50df1790fbe32a65aee7"
      },
      "ValidFrom": "2007-06-15 00:00:00",
      "ValidTo": "2012-06-14 23:59:59",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "47bf1995df8d524643f7db6d480d31a4",
      "Signature": "4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA",
      "TBS": {
        "MD5": "518d2ea8a21e879c942d504824ac211c",
        "SHA1": "21ce87d827077e61abddf2beba69fde5432ea031",
        "SHA256": "1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7",
        "SHA384": "53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f"
      },
      "ValidFrom": "2003-12-04 00:00:00",
      "ValidTo": "2013-12-03 23:59:59",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "4191a15a3978dfcf496566381d4c75c2",
      "Signature": "ae3a17b84a7b55fa6455ec40a4ed494190999c89bcaf2e1dca7823f91c190f7feb68bc32d98838dedc3fd389b43fb18296f1a45abaed2e26d3de7c016e000a00a4069211480940f91c1879672324e0bbd5e150ae1bf50edde02e81cd80a36c524f9175558aba22f2d2ea4175882f63557d1e545a9559cad93481c05f5ef67ab5",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA",
      "TBS": {
        "MD5": "41011f8d0e7c7a6408334ca387914c61",
        "SHA1": "c7fc1727f5b75a6421a1f95c73bbdb23580c48e5",
        "SHA256": "88dd3952638ee82738c03168e6fd863fe4eab1059ee5e2926ad8cb587c255dc0",
        "SHA384": "a00aa5ed457c41e37967882644d63366bae014f03a986576d8514164d7027acf7d0b5e03d764db2558f60db148954459"
      },
      "ValidFrom": "2004-07-16 00:00:00",
      "ValidTo": "2014-07-15 23:59:59",
      "Version": 3
    },
    {
      "IsCertificateAuthority": false,
      "SerialNumber": "0d843ade545afbd252e70cc6e845b7",
      "Signature": "7396fd0ff8c118ba1edfe61826659c9a4d1caba239a7bb9164af558e6fc65912775dd0bac6f416c6c96c9564305e96c1b145aa763efe80899d84da79088af91a2c4bcff47a7189b3cd60046333c40f990889440f834b085078dcb3c58ced4ef1bef5c2f7bbbfc8c77e6a96a28783a7fb009b0d7c20675834596910c97c14e27a0ff0b9af89cd6f2f8d7b450dbe59db6b5738bed3f2b6740cb0a8ee8afa3fadd4bf11f3553ea047d8d7d3188d63418ed6f0da617e7c4a4044e385e57fcf716eee853aa0a003356c64c93293ef5eb1f7133e8cd72146051f16e031f369e76a955316195d1c62540ec376bdfb60d68bf2718b33355d282c032bcd955b9f794141e5",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=US, ST=California, L=Fremont, O=Logitech Inc, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Corp Signing Cert, CN=Logitech Inc",
      "TBS": {
        "MD5": "a8ed17ee17bb413e7f807a9a396f77c8",
        "SHA1": "b9f8c47034179c10cb6c090f205efe612695f77a",
        "SHA256": "6c9d684c51cdda92c44c28668bf0d82181511895a145a6ee3aae508fcb5c2468",
        "SHA384": "8483e156d2dbbdad165800aae5f99b889a6696622da563f13552e07ef94d879e6fc3804936fada57e755cb1be7924001"
      },
      "ValidFrom": "2008-10-16 00:00:00",
      "ValidTo": "2009-10-18 23:59:59",
      "Version": 3
    },
    {
      "IsCertificateAuthority": true,
      "SerialNumber": "610c120600000000001b",
      "Signature": "01e446b33b457f7513877e5f43de468ecb8abdb64741bccccc7491d8ce395195a4a6b547c0efd2da7b8f5711f4328c7ccd3fee42da04214af7c843884a6f5cca14fc4bd19f4cbdd4556ecc02be0da6888f8609baa425bde8b0f0fa8b714e67b0cb82a8d78e55f737ebf03e88efe4e08afd1c6e2e61414875b4b02c1d28d8490fd715f02473253ccc880cde284c6554fe5eae8cea19ad2c51b29b3a47f53c80350117e24987d6544afb4bab07bcbf7d79cfbf35005cbb9ecffc82891b39a05197b6dec0b307ff449644c0342a195cabeef03bec294eb513c537857e75d5b4d60d066eb5d26c237167eaf1718eaf4e74aa0cf9ecbf4c58fa5e909b6d39cb86883f8b1ca81632d5fe6db9f1f8b3ead791f6364778c0272a15c768d6f4c5fc4f4ec8673f102d409ff11ec96148e7a703fc31730cf04688fe56da492995ef09daa3e5beef60ecd954a0599c28bd54ef66157f874c84dba60e95672e517b3439b641c28c846826dc240209e7818e0a972defeea7b998a60f818dc710b5e1ed982f486f53854964789bec5dac970b5526c3efba8dc8d1a52f5a7f936b611a339b18b8a26210de24ea76e12f43ebecdd7c12342489da2855aee5754e312b6763b6a8d7ab730a03cec5ea593fc7eb2a45aea8625b2f009939abb45f73c308ec80118f470e8f2a1343e191066255bbffba3da9a93d260faeca7d628b155589d694344dd665",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority",
      "TBS": {
        "MD5": "53c41bc1164e09e0cd1617a5bf913efd",
        "SHA1": "93c03aac8951d494ecd5696b1c08658541b18727",
        "SHA256": "40bddadac24dc61ca4fb5cab2a2bc5d876bc36808311039a7a3e1a4066f7489b",
        "SHA384": "f51d4e75ba638f7314cd59b8d6d45f3b34d35ce6986e9d205cd6f333e8e8d8e9c91f636e6bc84731b6661673f40963d8"
      },
      "ValidFrom": "2006-05-23 17:01:29",
      "ValidTo": "2016-05-23 17:11:29",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing 2004 CA",
      "SerialNumber": "0d843ade545afbd252e70cc6e845b7",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

    source

    last_updated: 2024-04-09