8d14d798-338f-471e-bacb-6d9371c0f529

dbutil.sys

We were not able to verify the hash of this driver successfully, it has not been confirmed.

Description

dbutil.sys is a vulnerable driver and more information will be added as found.

  • UUID: 8d14d798-338f-471e-bacb-6d9371c0f529
  • Created: 2023-01-09
  • Author: Michael Haag

Block dbutil.sys across your endpoints

Add this driver to your block policy in minutes with MagicSword, threat-driven application control. Free for up to 100 endpoints.

Start Blocking for Free

Commands

sc.exe create dbutil.sys binPath=C:\windows\temp\dbutil.sys type=kernel && sc.exe start dbutil.sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules

    • Known Vulnerable Samples

    PropertyValue
    Filenamedbutil.sys
    Creation Timestamp
    MD5
    SHA1
    SHA256
    Authentihash MD5
    Authentihash SHA1485c0b9710a196c7177b99ee95e5ddb35b26ddd1
    Authentihash SHA25696ee751f7c38731e97773e07e0f13f4dd361af9aaa1d30b41652c2e6efc3fb3e

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand
    PropertyValue
    Filenamedbutil.sys
    Creation Timestamp
    MD5
    SHA1
    SHA256
    Authentihash MD5
    Authentihash SHA1485c0b9710a196c7177b99ee95e5ddb35b26ddd1
    Authentihash SHA25696ee751f7c38731e97773e07e0f13f4dd361af9aaa1d30b41652c2e6efc3fb3e

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand
    PropertyValue
    Filenamedbutil.sys
    Creation Timestamp
    MD5
    SHA1
    SHA256
    Authentihash MD5
    Authentihash SHA1e3c1dd569aa4758552566b0213ee4d1fe6382c4b
    Authentihash SHA256fe4270a61dbed978c28b2915fcc2826d011148dcb7533fa8bd072ddce5944cef

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand
    PropertyValue
    Filenamedbutil.sys
    Creation Timestamp
    MD5
    SHA1
    SHA256
    Authentihash MD5
    Authentihash SHA1e3c1dd569aa4758552566b0213ee4d1fe6382c4b
    Authentihash SHA256fe4270a61dbed978c28b2915fcc2826d011148dcb7533fa8bd072ddce5944cef

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand

    source

    last_updated: 2026-05-04