5281b4b4-1b96-4261-8a1f-5fa22ba44d53
BS_RVSIO64.sys 
Description
BS_RVSIO64.sys is a vulnerable kernel driver from the KeServiceDescriptorTable/vulnerable-drivers repository. The driver exposes dangerous kernel primitives to usermode.
- UUID: 5281b4b4-1b96-4261-8a1f-5fa22ba44d53
- Created: 2026-04-17
- Author: Michael Haag
- Acknowledgement: | [@rainbowdynamix, @DbgPrint](https://twitter.com/@rainbowdynamix, @DbgPrint)
This download link contains the vulnerable driver!
Block BS_RVSIO64.sys across your endpoints
Add this driver to your block policy in minutes with MagicSword, threat-driven application control. Free for up to 100 endpoints.
Start Blocking for FreeCommands
sc.exe create BS_RVSIO64 binPath=C:\windows\temp\BS_RVSIO64.sys type=kernel && sc.exe start BS_RVSIO64
| Use Case | Privileges | Operating System |
|---|---|---|
| Elevate privileges | kernel | Windows 10 |
Detections
YARA 🏹
Expand
with header and size limitation
without header and size limitation
for renamed driver files
Resources
Known Vulnerable Samples
| Property | Value |
|---|---|
| Filename | BS_RVSIO64.sys |
| Creation Timestamp | 2023-05-08 04:50:03 |
| MD5 | 559e3b07626f694b64576c96599d6955 |
| SHA1 | 2f4124d3d81898585d2ca5c09d5333636f64217a |
| SHA256 | a8aae612727320db096b337a45bf3cd31b5f9702ef6c4747dd2aaa74ff6badb7 |
| Authentihash MD5 | 5424dcfdef8f8cd603d2fd73669769a8 |
| Authentihash SHA1 | 72f7bb507240f5febfd1598cf0beb54473c53b7f |
| Authentihash SHA256 | 02f753c1688c4f398e1e1ed47384791fef6628bde58f740448f8e0751b321b85 |
| RichPEHeaderHash MD5 | fa3d25060a1ec2f8199a8bba2d045991 |
| RichPEHeaderHash SHA1 | ad2b349c74d3ed46f9becdf406543a042bc9aa42 |
| RichPEHeaderHash SHA256 | 248bdbea478bce55d40dfffeec5d164dd8018c12791b03ef33306faa402a261c |
| Company | BIOSTAR Group |
| Description | I/O Interface driver file |
| Product | BIOSTAR I/O driver |
| OriginalFilename | BS_RVSIO64.sys |
Certificates
Expand
Certificate 3300000058e7c589c068dca727000000000058
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | d83c9268bb1f35e4ea0f81b7b876b4f8 |
| ToBeSigned (TBS) SHA1 | 6a784e02bf67f5791a85567716aa2d0fd701fcd0 |
| ToBeSigned (TBS) SHA256 | 00dab92fcb3753ac06147a6d8888b5731877d84979e3f178f572e3a1dff33fa8 |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher |
| ValidFrom | 2022-06-07 18:08:07 |
| ValidTo | 2023-06-01 18:08:07 |
| Signature | 4c967b89d7f96aa22dbaa9eee6cdc8dad16669620cd9c5c84bf3ca1ec4eaa4a67df9fafb84ba75fcec635f0a3d484541d890d65542406e5792504ecb8fd428068837b11d8e9d4cdb503608d0842dea48428247b46364746dc86b79cdc3379acb229e67b749ed31d3c6bcc88624bff3e066355d59b7ef9e715d3c3270506d1e794959edd8df2572505c15876ac0f42ed0d05f70214f50fb109627ab192b217d6a2bf503fe35811f6ffcf0585ae508c37589dc8015eea615f36ea2f1105c0f677a6758cb4898b57458cab4fc2e1c60f8af32baf51cb41b775e79815713693db878a935b1fb8232232310bba545e57c74d63a406968c36818974ea1e425839b83e81c94897f1b896d2974e32ff5a47f8bcefdebfde84a4d01c5918bf98aececb8edb2ef9dc697054676a10c04313f3a131469c978f2e7839f11a28e436936cc07e227fd705becbb54ba67c2eeaaa025658811de22f37e4ce51109c10ed94a65583cc4e4024432cedf41b3b18b175360b1f4e12a0cc9d562e7fabd80bacb78a74e9262a9a46c3d0a7757f71e4202522cb70d9591c77e1a4b0ca24739a9cef78f7d2fb376c4cf56a35b58deb7dba458bee058254bc3883ba356c79f458815e3bbcac600b063594db47ffdbb215783bf5c38c74a1fc6271a093aab79b4cf253c14b1eeb89f9c607d7956203166fa4420482b52ab4f3bd3f0e6bda4a13a018f0ecdb0a0 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 3300000058e7c589c068dca727000000000058 |
| Version | 3 |
Certificate 330000000d690d5d7893d076df00000000000d
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 83f69422963f11c3c340b81712eef319 |
| ToBeSigned (TBS) SHA1 | 0c5e5f24590b53bc291e28583acb78e5adc95601 |
| ToBeSigned (TBS) SHA256 | d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae |
| Subject | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014 |
| ValidFrom | 2014-10-15 20:31:27 |
| ValidTo | 2029-10-15 20:41:27 |
| Signature | 96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 330000000d690d5d7893d076df00000000000d |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- HAL.dll
Imported Functions
Expand
- KeInitializeSemaphore
- IoCreateSymbolicLink
- IoCreateDevice
- KeSetEvent
- MmUnmapIoSpace
- KeDelayExecutionThread
- PsCreateSystemThread
- IoStartNextPacket
- PsTerminateSystemThread
- ExEventObjectType
- MmMapIoSpace
- IoDeleteDevice
- ObReferenceObjectByHandle
- KeWaitForSingleObject
- KeReleaseSemaphore
- ObfDereferenceObject
- IoReleaseCancelSpinLock
- IoAcquireCancelSpinLock
- IoStartPacket
- IofCompleteRequest
- KeRemoveEntryDeviceQueue
- KeBugCheckEx
- RtlInitUnicodeString
- ZwClose
- IoDeleteSymbolicLink
- HalSetBusDataByOffset
- HalGetBusDataByOffset
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .rsrc
Signature
Expand
{
"Certificates": [
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "3300000058e7c589c068dca727000000000058",
"Signature": "4c967b89d7f96aa22dbaa9eee6cdc8dad16669620cd9c5c84bf3ca1ec4eaa4a67df9fafb84ba75fcec635f0a3d484541d890d65542406e5792504ecb8fd428068837b11d8e9d4cdb503608d0842dea48428247b46364746dc86b79cdc3379acb229e67b749ed31d3c6bcc88624bff3e066355d59b7ef9e715d3c3270506d1e794959edd8df2572505c15876ac0f42ed0d05f70214f50fb109627ab192b217d6a2bf503fe35811f6ffcf0585ae508c37589dc8015eea615f36ea2f1105c0f677a6758cb4898b57458cab4fc2e1c60f8af32baf51cb41b775e79815713693db878a935b1fb8232232310bba545e57c74d63a406968c36818974ea1e425839b83e81c94897f1b896d2974e32ff5a47f8bcefdebfde84a4d01c5918bf98aececb8edb2ef9dc697054676a10c04313f3a131469c978f2e7839f11a28e436936cc07e227fd705becbb54ba67c2eeaaa025658811de22f37e4ce51109c10ed94a65583cc4e4024432cedf41b3b18b175360b1f4e12a0cc9d562e7fabd80bacb78a74e9262a9a46c3d0a7757f71e4202522cb70d9591c77e1a4b0ca24739a9cef78f7d2fb376c4cf56a35b58deb7dba458bee058254bc3883ba356c79f458815e3bbcac600b063594db47ffdbb215783bf5c38c74a1fc6271a093aab79b4cf253c14b1eeb89f9c607d7956203166fa4420482b52ab4f3bd3f0e6bda4a13a018f0ecdb0a0",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher",
"TBS": {
"MD5": "d83c9268bb1f35e4ea0f81b7b876b4f8",
"SHA1": "6a784e02bf67f5791a85567716aa2d0fd701fcd0",
"SHA256": "00dab92fcb3753ac06147a6d8888b5731877d84979e3f178f572e3a1dff33fa8",
"SHA384": "75264b08d0862968698b184e6049337dbb3ddaab64c4cb71aaa8b990f10bc8b8660e2b1044da616784559b92f6b45280"
},
"ValidFrom": "2022-06-07 18:08:07",
"ValidTo": "2023-06-01 18:08:07",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "330000000d690d5d7893d076df00000000000d",
"Signature": "96b5c33b31f27b6ba11f59dd742c3764b1bca093f9f33347e9f95df21d89f4579ee33f10a3595018053b142941b6a70e5b81a2ccbd8442c1c4bed184c2c4bd0c8c47bcbd8886fb5a0896ae2c2fdfbf9366a32b20ca848a6945273f732332936a23e9fffdd918edceffbd6b41738d579cf8b46d499805e6a335a9f07e6e86c06ba8086725afc0998cdba7064d4093188ba959e69914b912178144ac57c3ae8eae947bcb3b8edd7ab4715bba2bc3c7d085234b371277a54a2f7f1ab763b94459ed9230cce47c099212111f52f51e0291a4d7d7e58f8047ff189b7fd19c0671dcf376197790d52a0fbc6c12c4c50c2066f50e2f5093d8cafb7fe556ed09d8a753b1c72a6978dcf05fe74b20b6af63b5e1b15c804e9c7aa91d4df72846782106954d32dd6042e4b61ac4f24636de357302c1b5e55fb92b59457a9243d7c4e963dd368f76c728caa8441be8321a66cde5485c4a0a602b469206609698dcd933d721777f886dac4772daa2466eab64682bd24e98fb35cc7fec3f136d11e5db77edc1c37e1f6a4a14f8b4a721c671866770cdd819a35d1fa09b9a7cc55d4d728e74077fa74d00fcdd682412772a557527cda92c1d8e7c19ee692c9f7425338208db38cc7cc74f6c3a6bc237117872fe55596460333e2edfc42de72cd7fb0a82256fb8d70c84a5e1c4746e2a95329ea0fecdb4188fd33bad32b2b19ab86d0543fbff0d0f",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"TBS": {
"MD5": "83f69422963f11c3c340b81712eef319",
"SHA1": "0c5e5f24590b53bc291e28583acb78e5adc95601",
"SHA256": "d8be9e4d9074088ef818bc6f6fb64955e90378b2754155126feebbbd969cf0ae",
"SHA384": "260ad59ba706420f68ba212931153bd89f760c464b21be55fba9d014fff322407859d4ebfb78ea9a3330f60dc9821a63"
},
"ValidFrom": "2014-10-15 20:31:27",
"ValidTo": "2029-10-15 20:41:27",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2014",
"SerialNumber": "3300000058e7c589c068dca727000000000058",
"Version": 1
}
],
"SignerInfo": ""
}
last_updated: 2026-04-20