52955eb1-8cf4-41f3-b998-5e2e6d3aa258

Windows_CPU_Temperature_Component.sys :inline

Description

Windows_CPU_Temperature_Component.sys is a vulnerable kernel driver from the KeServiceDescriptorTable/vulnerable-drivers repository. The driver exposes dangerous kernel primitives to usermode.

  • UUID: 52955eb1-8cf4-41f3-b998-5e2e6d3aa258
  • Created: 2026-04-17
  • Author: Michael Haag
  • Acknowledgement: | [@rainbowdynamix, @DbgPrint](https://twitter.com/@rainbowdynamix, @DbgPrint)

Download

This download link contains the vulnerable driver!

Block Windows_CPU_Temperature_Component.sys across your endpoints

Add this driver to your block policy in minutes with MagicSword, threat-driven application control. Free for up to 100 endpoints.

Start Blocking for Free

Commands

sc.exe create Windows_CPU_Temperature_Component binPath=C:\windows\temp\Windows_CPU_Temperature_Component.sys type=kernel && sc.exe start Windows_CPU_Temperature_Component
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://github.com/magicsword-io/LOLDrivers/issues/325
  • https://github.com/KeServiceDescriptorTable/vulnerable-drivers

    • Known Vulnerable Samples

    PropertyValue
    FilenameWindows_CPU_Temperature_Component.sys
    Creation Timestamp2019-01-20 20:09:42
    MD53215e7615124e528f039bc02872789e9
    SHA10a642db605ce0d393dadc945afb11609e407f8d2
    SHA2564cea52c32579869d0209f18ced0b9cc9ad8f86cac29e0fb63b3d60eb64801bda
    Authentihash MD594a672ff56b28d340a26a985a1f56ea6
    Authentihash SHA1f4963744672fd85f4cae30ef1f1d3c9bef317a27
    Authentihash SHA256590822bd1b935237555d2d03e0535e835cfac71c0cf9dbbc4b0c8061e4106049
    RichPEHeaderHash MD51472665604fe2c6c202077ecf6c1365f
    RichPEHeaderHash SHA1da5b1a822055714c3c432f44120771fd5b56f9c1
    RichPEHeaderHash SHA2563ab219821835b9557e278eae5845c84b2d87e07a7aaaaa1ddb64f3a1c8962e83
    CompanyGuangzhou Shirui Electronics
    Descriptionseewo - Windows CPU Temperature Component
    ProductWindows CPU Temperature Component

    Download

    Certificates

    Expand
    Certificate 08ad40b260d29c4c9f5ecda9bd93aed9
    FieldValue
    ToBeSigned (TBS) MD55d8003a64dfa5a4d88365da1566038cb
    ToBeSigned (TBS) SHA179465b56bc7ad55a37bdf633943da8bfc84db228
    ToBeSigned (TBS) SHA25684bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332
    SubjectC=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
    ValidFrom2021-04-29 00:00:00
    ValidTo2036-04-28 23:59:59
    Signature3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e
    SignatureAlgorithmOID1.2.840.113549.1.1.12
    IsCertificateAuthorityTrue
    SerialNumber08ad40b260d29c4c9f5ecda9bd93aed9
    Version3
    Certificate 099ede31beb50c82c547b68ecf141785
    FieldValue
    ToBeSigned (TBS) MD51fac3ecb3e5e32f18362891c42ffebfb
    ToBeSigned (TBS) SHA17cb0c4e9addde5b784bd67f2ee922f6a51e7748b
    ToBeSigned (TBS) SHA2564f1fdbb319d6edc0514f9abf82ef59e1f35ba2c5bdcdbe12479f94210c95e97e
    SubjectJURISDICTION_OF_INCORPORATION_C=CN, JURISDICTION_OF_INCORPORATION_SP=Guangdong Province, JURISDICTION_OF_INCORPORATION_L=Guangzhou, BUSINESS_CATEGORY=Private Organization, serialNumber=914401016756828477, C=CN, ST=Guangdong Province, L=Guangzhou, O=Guangzhou Shirui Electronics Co., Ltd., OU=IT Dept, CN=Guangzhou Shirui Electronics Co., Ltd.
    ValidFrom2023-02-06 00:00:00
    ValidTo2025-09-16 23:59:59
    Signature42014c6c7e9753716e84d868d1fda3541294c3f2f808ee4460501fbd56124c29af1ce246669f0a8fd3f98bb4b46aa7763931992d5aaf453727143c494a4ea9e47e7489c4c84898dc19023297ce2b2817265680ab667e865039fc4d1caad393159dd2cacd3f7e5eb8dae0b7433277e5aa134813b4ce9a9194f6f9d992aae0efb357658ccfdf14d121f35dc220169200aa66491c9c9c97399cc907c3811f1725bc66159a0739f9edd5019cddb3b4b1b9ae7dab3c5d73a5152cd1314b5e221f8f08e5d6092ead3f84cd4ad26ab9884061930ef7771d68c07f8b04f0d06dfb181d80072eb34ebf2d69f67c44482e39e8985e545daa17fcf43332c49e97f48d707dc4deadeaec2f56fad9cba67c8551c5abdf81916e2e185cf3b8cc90afe5e58938ed49669d16d673876632cf46b0fe4584ab66a55e0fbc6779df1c00d2ea318459f6da394d96f8410cd0d68aa2b067cfbd861b350294c3c630dc253e56d02beeb15d8b0c9b522f9abd9c550a6a9075b8d14b8cc7eb6b56100b82892c4019b2112505dfa550dd769829f3ed072695b12e944194331449e8401008203bd7ead8b1150c9925971e1070b712c0855e2c182af2f1ba2c3333e2313edb28c9ce3b74508131574c90bbda129949880ff0c2338123d5743b1229dd4658198fe302e2894d20bd34d5597deb83828eee1716fadd45d26e03bfe612dc96952314d8b1dc0e1a4c6b
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber099ede31beb50c82c547b68ecf141785
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • IofCompleteRequest
    • IoCreateDevice
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • MmUnmapIoSpace
    • _vsnwprintf
    • __C_specific_handler
    • KeBugCheckEx
    • MmMapIoSpace
    • IoDeleteSymbolicLink
    • RtlInitUnicodeString
    • HalSetBusDataByOffset
    • HalGetBusDataByOffset

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • .gfids
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
  "Certificates": [
    {
      "CertificateType": "CA",
      "IsCA": true,
      "IsCertificateAuthority": true,
      "IsCodeSigning": true,
      "SerialNumber": "08ad40b260d29c4c9f5ecda9bd93aed9",
      "Signature": "3a23443d8d0876ee8fbc3a99d356e0021aa5f84834f32cb6e67466f79472b100caaf6c302713129e90449f4bfd9ea37c26d537bc3a5d486d95d53f49f427bb16814550fd9cbdb685e0767e3771cb22f75aaa90cff5936ae3eb20d1d55079889a8a8ac1b6bda148187edcd8801a111918cd61998156f6c9e376e7c4e41b5f43f83e94ff76393d9ed499cf4add28eb5f26a1955848d51afed7273ffd90d17686dd1cb0605cf30da8eee089a1bd39e1384eda6ebb369dfbe521535ac3cae96af1a23edb43b833c84f38149299f5ddce546dd95d02141f40337c03e295b2c221757352cb46d8c4341ca2a54b8dcd6f76372c853f1ace26e918be9007b0437f9588208270f0cccaeffd29355c1f893855f7378a8b09a1cb0be9311aff2e195c3971e1be9ca70a06d62667b792e64e5fde7aac49cf2ea47492addb3ca49c861fe3c1561b2b23ff8fb5ea887b706be6a0bafd3a3f45a6c4e81691528b41c048844b964dab4440e38df01528ceedf11856072a2f10c40c08643c338fae288c3ccb8f880b0dbf3bf4ce1e7b8eefb5ebcbb7f07713e6e7283fac12aea52f226c41f9825c1566cc6c0ecac586c3f626330c074ba0d307026a6a4030484b34a85120bbad1b8508e2590d6dca05502bea4a1c9ea5fda0a71f0674e7f2d65290fdaf854821f9573bb49c03ed8645f4b4616ebf68e2266086eac8afa9fe941de7631b3a8656784e",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.12",
      "Subject": "C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1",
      "TBS": {
        "MD5": "5d8003a64dfa5a4d88365da1566038cb",
        "SHA1": "79465b56bc7ad55a37bdf633943da8bfc84db228",
        "SHA256": "84bdc82e2f2a7f7aaa782667dac556ffcb2b33240c1f9c0a00a3264526a98332",
        "SHA384": "65b1d4076a89ae273f57e6eeedecb3eae129b4168f76fa7671914cdf461d542255c59d9b85b916ae0ca6fc0fcf7a8e64"
      },
      "ValidFrom": "2021-04-29 00:00:00",
      "ValidTo": "2036-04-28 23:59:59",
      "Version": 3
    },
    {
      "CertificateType": "Leaf (Code Signing)",
      "IsCA": false,
      "IsCertificateAuthority": false,
      "IsCodeSigning": true,
      "SerialNumber": "099ede31beb50c82c547b68ecf141785",
      "Signature": "42014c6c7e9753716e84d868d1fda3541294c3f2f808ee4460501fbd56124c29af1ce246669f0a8fd3f98bb4b46aa7763931992d5aaf453727143c494a4ea9e47e7489c4c84898dc19023297ce2b2817265680ab667e865039fc4d1caad393159dd2cacd3f7e5eb8dae0b7433277e5aa134813b4ce9a9194f6f9d992aae0efb357658ccfdf14d121f35dc220169200aa66491c9c9c97399cc907c3811f1725bc66159a0739f9edd5019cddb3b4b1b9ae7dab3c5d73a5152cd1314b5e221f8f08e5d6092ead3f84cd4ad26ab9884061930ef7771d68c07f8b04f0d06dfb181d80072eb34ebf2d69f67c44482e39e8985e545daa17fcf43332c49e97f48d707dc4deadeaec2f56fad9cba67c8551c5abdf81916e2e185cf3b8cc90afe5e58938ed49669d16d673876632cf46b0fe4584ab66a55e0fbc6779df1c00d2ea318459f6da394d96f8410cd0d68aa2b067cfbd861b350294c3c630dc253e56d02beeb15d8b0c9b522f9abd9c550a6a9075b8d14b8cc7eb6b56100b82892c4019b2112505dfa550dd769829f3ed072695b12e944194331449e8401008203bd7ead8b1150c9925971e1070b712c0855e2c182af2f1ba2c3333e2313edb28c9ce3b74508131574c90bbda129949880ff0c2338123d5743b1229dd4658198fe302e2894d20bd34d5597deb83828eee1716fadd45d26e03bfe612dc96952314d8b1dc0e1a4c6b",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
      "Subject": "JURISDICTION_OF_INCORPORATION_C=CN, JURISDICTION_OF_INCORPORATION_SP=Guangdong Province, JURISDICTION_OF_INCORPORATION_L=Guangzhou, BUSINESS_CATEGORY=Private Organization, serialNumber=914401016756828477, C=CN, ST=Guangdong Province, L=Guangzhou, O=Guangzhou Shirui Electronics Co., Ltd., OU=IT Dept, CN=Guangzhou Shirui Electronics Co., Ltd.",
      "TBS": {
        "MD5": "1fac3ecb3e5e32f18362891c42ffebfb",
        "SHA1": "7cb0c4e9addde5b784bd67f2ee922f6a51e7748b",
        "SHA256": "4f1fdbb319d6edc0514f9abf82ef59e1f35ba2c5bdcdbe12479f94210c95e97e",
        "SHA384": "ebd8834b77600e86187ce6f9f9bb6cf9bddd95e5d2ae478c3ff935bcece1d4ca8db7e3c0e87f77985060a8d475669bff"
      },
      "ValidFrom": "2023-02-06 00:00:00",
      "ValidTo": "2025-09-16 23:59:59",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, O=DigiCert, Inc., CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1",
      "SerialNumber": "099ede31beb50c82c547b68ecf141785",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

    source

    last_updated: 2026-04-20