b6873d69-affe-431b-9ba8-459391386603

ControlCenter.sys :inline

Description

ControlCenter.sys is a vulnerable kernel driver from the KeServiceDescriptorTable/vulnerable-drivers repository. The driver exposes dangerous kernel primitives to usermode.

  • UUID: b6873d69-affe-431b-9ba8-459391386603
  • Created: 2026-04-17
  • Author: Michael Haag
  • Acknowledgement: | [@rainbowdynamix, @DbgPrint](https://twitter.com/@rainbowdynamix, @DbgPrint)

Download

This download link contains the vulnerable driver!

Block ControlCenter.sys across your endpoints

Add this driver to your block policy in minutes with MagicSword, threat-driven application control. Free for up to 100 endpoints.

Start Blocking for Free

Commands

sc.exe create ControlCenter binPath=C:\windows\temp\ControlCenter.sys type=kernel && sc.exe start ControlCenter
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://github.com/magicsword-io/LOLDrivers/issues/325
  • https://github.com/KeServiceDescriptorTable/vulnerable-drivers

    • Known Vulnerable Samples

    PropertyValue
    FilenameControlCenter.sys
    Creation Timestamp2017-01-17 00:13:27
    MD56a784b693da28eb0eb3e8c6e233c0bbd
    SHA199d26b558c423ea4bedd0e1ec38b8e590dc3d98a
    SHA2560b12eb25db68d8714ba52583597ed20e5fab2f6e82dcd0bcb23161acb4a9a126
    Authentihash MD55c94cbd66c876dc641be098068f08696
    Authentihash SHA1f30a1544a07bd8945e9084f78b6aa4571caa726f
    Authentihash SHA2564d7dbc8ef64367eb41cd553adc1590467a506f99e9953998205007d902aa4784
    RichPEHeaderHash MD5e80baba6376227bd3196a296bb19525a
    RichPEHeaderHash SHA1fa7101ff973d43cf49a856601d21dde5964af23d
    RichPEHeaderHash SHA256cf92aa1e59d0a5c810deea625bc296abcbc4815ab42257d57759f8cd27ea9cf3
    CompanyQuanta
    DescriptionControlCenter.sys
    ProductControl Center Driver
    OriginalFilenameControlCenter.sys

    Download

    Certificates

    Expand
    Certificate 23b31f4a44d00cfadba6a5457b4303f8
    FieldValue
    ToBeSigned (TBS) MD557e4ae2bed0dad82d6f00d72a0719707
    ToBeSigned (TBS) SHA19e19fde077b28bfb8e6ad5f98f3f26873643b2b7
    ToBeSigned (TBS) SHA256b6feda7090f8057b3eb51d71986204fb5ff4d758c0d1f8ae571187cffcceafee
    SubjectC=TW, ST=Taiwan, L=Tao Yuan Shien, O=Quanta Computer Inc., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Quanta Computer Inc.
    ValidFrom2013-09-25 00:00:00
    ValidTo2014-10-25 23:59:59
    Signature4a1a42beb73347563030c956dbc76f03d1b899a682804cb8e298b8e06ec4303b1516d3e1f264b93020b410db3ce8e7f296a9b1765e1f9cf19ef03123b4b59b44951ea376d1f8900bfbefd688f4e9c340736943fcd9d09acec5557d01318a30831c14f310d7ac42e8bd0c88ce5103dc560c86b01876f4ae893eae187dda925318a701bbb908193b2e22d08081c97eb341a4c5e04289645a19d239971ecf5bbccc497a972bdbe40dff521fbb9ddb9e380bd9b20eb7cb3509a8a0259fab9a07e8538a19d79d5bfce6349528c38dd8de08f815f799952e26be132939344da30fcced3798c564144094bdcfe62334b3fc37dac14dbabbf17ccd7bca552cf526557982
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber23b31f4a44d00cfadba6a5457b4303f8
    Version3
    Certificate 611993e400000000001c
    FieldValue
    ToBeSigned (TBS) MD578a717e082dcc1cda3458d917e677d14
    ToBeSigned (TBS) SHA14a872e0e51f9b304469cd1dedb496ee9b8b983a4
    ToBeSigned (TBS) SHA256317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
    ValidFrom2011-02-22 19:25:17
    ValidTo2021-02-22 19:35:17
    Signature812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611993e400000000001c
    Version3
    Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
    FieldValue
    ToBeSigned (TBS) MD5b30c31a572b0409383ed3fbe17e56e81
    ToBeSigned (TBS) SHA14843a82ed3b1f2bfbee9671960e1940c942f688d
    ToBeSigned (TBS) SHA25603cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber5200e5aa2556fc1a86ed96c9d44b33c7
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • MmUnmapIoSpace
    • MmMapIoSpace
    • IofCompleteRequest
    • IoCreateSymbolicLink
    • IoDeleteDevice
    • KeInitializeMutex
    • KeBugCheckEx
    • RtlInitUnicodeString
    • IoCreateDevice
    • IoDeleteSymbolicLink
    • __C_specific_handler
    • HalSetBusDataByOffset
    • HalGetBusDataByOffset

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc

    Signature

    Expand
    {
  "Certificates": [
    {
      "CertificateType": "Leaf (Code Signing)",
      "IsCA": false,
      "IsCertificateAuthority": false,
      "IsCodeSigning": true,
      "SerialNumber": "23b31f4a44d00cfadba6a5457b4303f8",
      "Signature": "4a1a42beb73347563030c956dbc76f03d1b899a682804cb8e298b8e06ec4303b1516d3e1f264b93020b410db3ce8e7f296a9b1765e1f9cf19ef03123b4b59b44951ea376d1f8900bfbefd688f4e9c340736943fcd9d09acec5557d01318a30831c14f310d7ac42e8bd0c88ce5103dc560c86b01876f4ae893eae187dda925318a701bbb908193b2e22d08081c97eb341a4c5e04289645a19d239971ecf5bbccc497a972bdbe40dff521fbb9ddb9e380bd9b20eb7cb3509a8a0259fab9a07e8538a19d79d5bfce6349528c38dd8de08f815f799952e26be132939344da30fcced3798c564144094bdcfe62334b3fc37dac14dbabbf17ccd7bca552cf526557982",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=TW, ST=Taiwan, L=Tao Yuan Shien, O=Quanta Computer Inc., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Quanta Computer Inc.",
      "TBS": {
        "MD5": "57e4ae2bed0dad82d6f00d72a0719707",
        "SHA1": "9e19fde077b28bfb8e6ad5f98f3f26873643b2b7",
        "SHA256": "b6feda7090f8057b3eb51d71986204fb5ff4d758c0d1f8ae571187cffcceafee",
        "SHA384": "8a7d1738aded5302ed5ae8f3352b6edc4cba4cc6534bf3844bb693f3f943c349f710170d5c7f22f38e4c6893b3707236"
      },
      "ValidFrom": "2013-09-25 00:00:00",
      "ValidTo": "2014-10-25 23:59:59",
      "Version": 3
    },
    {
      "CertificateType": "CA",
      "IsCA": true,
      "IsCertificateAuthority": true,
      "IsCodeSigning": false,
      "SerialNumber": "611993e400000000001c",
      "Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
      "TBS": {
        "MD5": "78a717e082dcc1cda3458d917e677d14",
        "SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
        "SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
        "SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
      },
      "ValidFrom": "2011-02-22 19:25:17",
      "ValidTo": "2021-02-22 19:35:17",
      "Version": 3
    },
    {
      "CertificateType": "CA",
      "IsCA": true,
      "IsCertificateAuthority": true,
      "IsCodeSigning": true,
      "SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
      "Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
      "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
      "Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
      "TBS": {
        "MD5": "b30c31a572b0409383ed3fbe17e56e81",
        "SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
        "SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
        "SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
      },
      "ValidFrom": "2010-02-08 00:00:00",
      "ValidTo": "2020-02-07 23:59:59",
      "Version": 3
    }
  ],
  "CertificatesInfo": "",
  "Signer": [
    {
      "Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
      "SerialNumber": "23b31f4a44d00cfadba6a5457b4303f8",
      "Version": 1
    }
  ],
  "SignerInfo": ""
}

    source

    last_updated: 2026-04-20