82eee73e-156e-4344-b975-babbf0bc131f
PGRHostControl.sys 
Description
PGRHostControl.sys is a signed kernel driver distributed by FLIR Integrated Imaging Solutions, Inc. (formerly Point Grey Research). The driver exposes multiple privileged IOCTL handlers that can be accessed without sufficient authorization checks, allowing user-controlled requests to map arbitrary physical memory through \Device\PhysicalMemory and provides unrestricted I/O port read and write primitives via the x86 IN/OUT instructions. These capabilities can be abused to access physical RAM, interact directly with hardware registers, access MMIO regions, and potentially facilitate local privilege escalation or post-exploitation activity. Due to the absence of adequate access controls around highly privileged operations, the driver constitutes a Bring Your Own Vulnerable Driver (BYOVD) primitive.
- UUID: 82eee73e-156e-4344-b975-babbf0bc131f
- Created: 2026-06-06
- Author: rhaym
This download link contains the vulnerable driver!
Block PGRHostControl.sys across your endpoints
Add this driver to your block policy in minutes with MagicSword, threat-driven application control. Free for up to 100 endpoints.
Start Blocking for FreeCommands
sc.exe create PGRHostControl binPath=C:\windows\temp\PGRHostControl.sys type=kernel && sc.exe start PGRHostControl
| Use Case | Privileges | Operating System |
|---|---|---|
| Arbitrary physical memory mapping and I/O port access for BYOVD-based activities. | kernel | Windows 10, Windows 11 |
Detections
YARA 🏹
Expand
with header and size limitation
without header and size limitation
for renamed driver files
Resources
Known Vulnerable Samples
| Property | Value |
|---|---|
| Filename | PGRHostControl.sys |
| Creation Timestamp | 2020-06-03 00:30:34 |
| MD5 | f0e46578a7fed41c88ec64fdc11d2a72 |
| SHA1 | 8d733095ac1cfcd799f58be3b8a25800f31e6fe2 |
| SHA256 | 4b0e9834dd672e4ce81464d8887c71f9a0942140557cd0ad321da9a1aa849959 |
| Authentihash MD5 | c7228cdc3b7057bfe4b4656aea5ae6f0 |
| Authentihash SHA1 | 671f7a5e44856b3a785ad7824812435f43a1b73f |
| Authentihash SHA256 | 4cdfc6a5ad52d7459157a8cdc44006ce005009cfaabf8fd2939a1636fbcb4985 |
| RichPEHeaderHash MD5 | 56a3644a67f57f2f231b904c32d4f221 |
| RichPEHeaderHash SHA1 | d42c6a2a1ae6b002fcf7dadb0f4cfd63499688b7 |
| RichPEHeaderHash SHA256 | a8669ff30b6e353427208e03068c32d14b51ad37fa81e1ccab839e6fb1dd82aa |
| Company | Point Grey Research |
| Description | PGRHostControl Driver |
| Product | PGRHostControl.sys |
| OriginalFilename | PGRHostControl.sys |
Certificates
Expand
Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | d0785ad36e427c92b19f6826ab1e8020 |
| ToBeSigned (TBS) SHA1 | 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 |
| ToBeSigned (TBS) SHA256 | c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 |
| ValidFrom | 2012-12-21 00:00:00 |
| ValidTo | 2020-12-30 23:59:59 |
| Signature | 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 7e93ebfb7cc64e59ea4b9a77d406fc3b |
| Version | 3 |
Certificate 0ecff438c8febf356e04d86a981b1a50
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | e9d38360b914c8863f6cba3ee58764d3 |
| ToBeSigned (TBS) SHA1 | 4cba8eae47b6bf76f20b3504b98b8f062694a89b |
| ToBeSigned (TBS) SHA256 | 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 |
| ValidFrom | 2012-10-18 00:00:00 |
| ValidTo | 2020-12-29 23:59:59 |
| Signature | 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0ecff438c8febf356e04d86a981b1a50 |
| Version | 3 |
Certificate 27711c3570371347537ae6ee4e57b661
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | d9dfdb622891c49fa46b79878e48c71c |
| ToBeSigned (TBS) SHA1 | bcdb7468d2c97a1dbd249463cd507876360d19ad |
| ToBeSigned (TBS) SHA256 | 0bcefb610559bc8824149086643610a90665a95f191e55b125210b20379804fd |
| Subject | C=CA, ST=British Columbia, L=Richmond, O=FLIR Integrated Imaging Solutions, Inc., CN=FLIR Integrated Imaging Solutions, Inc. |
| ValidFrom | 2020-01-03 00:00:00 |
| ValidTo | 2023-01-06 23:59:59 |
| Signature | 44f6cfdaa2e6be7a213c801c18bf385e33201e9111d22b48b3a332ac55593f161fd707bd34ad7c7a22e889a53ed065a918ab5c08da4bd36a6b5423f6a3f576510bf8145837c0357602c9af7c04e761e69aaf479eaefdc432de69f3ee394b834e4868ce8d81c0ab645098febd55c3c4e28c9de0c77f1090a29773de1399ffa921b88d4edf44a50fc8d1b8b3bef09aa22461721408445992c5908c6d6b18c14f19fbc4c2ea65d89b7df0595bdecaf55dab3d96e8f96d910e4edea2139ceff7d9819058829eab30c53b4ab21df680acf4fe6777f6cf4c45c94891739b0ed0bf2d00ef0db5bb0ee2db5c1c1a59c4439e76873c3165d8b76a2ed35f1bbd67e624a988 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | False |
| SerialNumber | 27711c3570371347537ae6ee4e57b661 |
| Version | 3 |
Certificate 3d78d7f9764960b2617df4f01eca862a
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 1f056ff7d5f874984dc605402b7cb042 |
| ToBeSigned (TBS) SHA1 | bdb348353a2203deb4b767914fa1bd7248dd728b |
| ToBeSigned (TBS) SHA256 | a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1 |
| Subject | C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 SHA256 Code Signing CA |
| ValidFrom | 2013-12-10 00:00:00 |
| ValidTo | 2023-12-09 23:59:59 |
| Signature | 13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.11 |
| IsCertificateAuthority | True |
| SerialNumber | 3d78d7f9764960b2617df4f01eca862a |
| Version | 3 |
Certificate 611993e400000000001c
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 78a717e082dcc1cda3458d917e677d14 |
| ToBeSigned (TBS) SHA1 | 4a872e0e51f9b304469cd1dedb496ee9b8b983a4 |
| ToBeSigned (TBS) SHA256 | 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8 |
| Subject | C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5 |
| ValidFrom | 2011-02-22 19:25:17 |
| ValidTo | 2021-02-22 19:35:17 |
| Signature | 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611993e400000000001c |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- HAL.dll
Imported Functions
Expand
- IoCreateDevice
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- ObReferenceObjectByHandle
- IofCompleteRequest
- ZwClose
- ZwOpenSection
- ZwMapViewOfSection
- ZwUnmapViewOfSection
- KeBugCheckEx
- ObfDereferenceObject
- RtlInitUnicodeString
- HalTranslateBusAddress
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"CertificateType": "Intermediate",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "27711c3570371347537ae6ee4e57b661",
"Signature": "44f6cfdaa2e6be7a213c801c18bf385e33201e9111d22b48b3a332ac55593f161fd707bd34ad7c7a22e889a53ed065a918ab5c08da4bd36a6b5423f6a3f576510bf8145837c0357602c9af7c04e761e69aaf479eaefdc432de69f3ee394b834e4868ce8d81c0ab645098febd55c3c4e28c9de0c77f1090a29773de1399ffa921b88d4edf44a50fc8d1b8b3bef09aa22461721408445992c5908c6d6b18c14f19fbc4c2ea65d89b7df0595bdecaf55dab3d96e8f96d910e4edea2139ceff7d9819058829eab30c53b4ab21df680acf4fe6777f6cf4c45c94891739b0ed0bf2d00ef0db5bb0ee2db5c1c1a59c4439e76873c3165d8b76a2ed35f1bbd67e624a988",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=CA, ST=British Columbia, L=Richmond, O=FLIR Integrated Imaging Solutions, Inc., CN=FLIR Integrated Imaging Solutions, Inc.",
"TBS": {
"MD5": "d9dfdb622891c49fa46b79878e48c71c",
"SHA1": "bcdb7468d2c97a1dbd249463cd507876360d19ad",
"SHA256": "0bcefb610559bc8824149086643610a90665a95f191e55b125210b20379804fd",
"SHA384": "42b450bb77113a35904ec1a2e9bde572a86aa817e624473c1244b0aa80943e21fe7b4c09c8e47fd019c9138cf3309a17"
},
"ValidFrom": "2020-01-03 00:00:00",
"ValidTo": "2023-01-06 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "3d78d7f9764960b2617df4f01eca862a",
"Signature": "13851a1e69a937f7a0bda4af7e1d6153fe9d8c5e0ca6751e781723ddfdec1a035539fb7195c7655aa78e30d2445a61db706fda2105c22e73ba49f1d193fe5dc9cd5e03e0899e3f741ed7f7388ba9d6cfbb352f3358a89256d1c84d3b82e6798416fc28b0b147f31da23eee87d9a67fa456a53fad842e29de7cbca8aaa33d0401eaba93a20e502229174c87e43a115fd6a425899b056b2fb4c9014c277b0bac190522a060153fdac9fb4d4c8ffb726777fd2794c7ba350e8849fe8dfd28af4a12bd0db39705de440c15fa362b03dcc15001f1a1115d14e5e2bd274b54be2b845e0fa6c374050aef97c38922b11f77f3bdcd43d4f14ca93fb58b84af64f2d01421",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.11",
"Subject": "C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 SHA256 Code Signing CA",
"TBS": {
"MD5": "1f056ff7d5f874984dc605402b7cb042",
"SHA1": "bdb348353a2203deb4b767914fa1bd7248dd728b",
"SHA256": "a08e79c386083d875014c409c13d144e0a24386132980df11ff59737c8489eb1",
"SHA384": "fa2729064b49e0d77540c1ee95d5f74acaf8eaf55197851a3a40383335f8113e51190bc48b552196edf8ac5cf0c89278"
},
"ValidFrom": "2013-12-10 00:00:00",
"ValidTo": "2023-12-09 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "611993e400000000001c",
"Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
"TBS": {
"MD5": "78a717e082dcc1cda3458d917e677d14",
"SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
"SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
"SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
},
"ValidFrom": "2011-02-22 19:25:17",
"ValidTo": "2021-02-22 19:35:17",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 SHA256 Code Signing CA",
"SerialNumber": "27711c3570371347537ae6ee4e57b661",
"Version": 1
}
],
"SignerInfo": ""
}
last_updated: 2026-06-16