da6709ab-3b7a-445d-9a47-e8b4141d4133
hp64vision.sys 
Description
hp64vision.sys is a vulnerable kernel driver from the KeServiceDescriptorTable/vulnerable-drivers repository. The driver exposes dangerous kernel primitives to usermode.
- UUID: da6709ab-3b7a-445d-9a47-e8b4141d4133
- Created: 2026-04-17
- Author: Michael Haag
- Acknowledgement: | [@rainbowdynamix, @DbgPrint](https://twitter.com/@rainbowdynamix, @DbgPrint)
This download link contains the vulnerable driver!
Commands
sc.exe create hp64vision binPath=C:\windows\temp\hp64vision.sys type=kernel && sc.exe start hp64vision
| Use Case | Privileges | Operating System |
|---|---|---|
| Elevate privileges | kernel | Windows 10 |
Detections
YARA 🏹
Expand
with header and size limitation
without header and size limitation
for renamed driver files
Resources
Known Vulnerable Samples
| Property | Value |
|---|---|
| Filename | hp64vision.sys |
| Creation Timestamp | 2012-06-15 14:12:12 |
| MD5 | 4e6def72f97b0b8ee66637e41cdd1599 |
| SHA1 | eba70d4d113474e71e07dbc7a7d400bc47d52e41 |
| SHA256 | c1e11e2012216b54b2aad1be37b469d328f39b09352c66e8c74e6032ec858b96 |
| Authentihash MD5 | 824c49f1e385d85acc863d6da754f176 |
| Authentihash SHA1 | 808defb0d9ef0f75f3cc5da831af2c6755d5b739 |
| Authentihash SHA256 | 96966130b8e6fd63eb036c9229e4c9aa515dc0ac00fa90ab61d55991db106d55 |
| RichPEHeaderHash MD5 | d63356aa51f4cfa29351af9866fd9a08 |
| RichPEHeaderHash SHA1 | c740cbfbed0c21a3ae1ecd4a862f055a6a9bf1d7 |
| RichPEHeaderHash SHA256 | 676b3e6258aa084f93f1208895e9569420b4b3f3fe25083ba809f58ef4957414 |
| Company | Windows (R) Codename Longhorn DDK provider |
| Description | hpvhd 64bit support driver |
| Product | HP Vision Hardware Diagnostics |
| OriginalFilename | hp64vision.sys |
Certificates
Expand
Certificate 79a2a585f9d1154213d9b83ef6b68ded
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | e6d820afb23af20a65cf0b03247ea05e |
| ToBeSigned (TBS) SHA1 | 7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7 |
| ToBeSigned (TBS) SHA256 | 7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27 |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G3 |
| ValidFrom | 2012-05-01 00:00:00 |
| ValidTo | 2012-12-31 23:59:59 |
| Signature | 1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 79a2a585f9d1154213d9b83ef6b68ded |
| Version | 3 |
Certificate 47bf1995df8d524643f7db6d480d31a4
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 518d2ea8a21e879c942d504824ac211c |
| ToBeSigned (TBS) SHA1 | 21ce87d827077e61abddf2beba69fde5432ea031 |
| ToBeSigned (TBS) SHA256 | 1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7 |
| Subject | C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA |
| ValidFrom | 2003-12-04 00:00:00 |
| ValidTo | 2013-12-03 23:59:59 |
| Signature | 4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 47bf1995df8d524643f7db6d480d31a4 |
| Version | 3 |
Certificate 611993e400000000001c
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 78a717e082dcc1cda3458d917e677d14 |
| ToBeSigned (TBS) SHA1 | 4a872e0e51f9b304469cd1dedb496ee9b8b983a4 |
| ToBeSigned (TBS) SHA256 | 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8 |
| Subject | C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5 |
| ValidFrom | 2011-02-22 19:25:17 |
| ValidTo | 2021-02-22 19:35:17 |
| Signature | 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611993e400000000001c |
| Version | 3 |
Certificate 44bc63ea9d7fb68cbcd9101f391ca145
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | a0f8c8cbd4fa8092c716b495ff085737 |
| ToBeSigned (TBS) SHA1 | 5ab3007b75b20480c103ca45e26658ecfecd6e1e |
| ToBeSigned (TBS) SHA256 | 4f2703371f9e2a7c6fb08a51089b6a1103cefe4412342171ccf8de8350af5742 |
| Subject | C=US, ST=Massachusetts, L=Andover, O=Hewlett,Packard Company, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Product Development IT2, CN=Hewlett,Packard Company |
| ValidFrom | 2011-11-16 00:00:00 |
| ValidTo | 2014-11-15 23:59:59 |
| Signature | e80c8debced6dad9da7cbdc73125a837f3240ff7ad9abc7674ba3401ba5eff9712a4b0790d456b01a304edd8aa31cc7d20c106884b66efe468dad7f9990cbbb6d06b6dc3b8e51f4c9d03815281b033b2d17e0a3678294a4f344d033da79243bf4a9ec426847cc8dc7d7bf7cf2bb3f1d5598c86930e411d0858ccb500958bb64a1a6bba2bb984cc360de1819515279badb51065b60a6d8bd98c5cfb8103caedda37bbc9407efef7afa98780367a68f1f0e9025e167dcaac65c25f0ed53223a14d35e45301667ea1a5b96024015a46f5289c178280c9bde6c41e3fd37dd84a57ea0390b7affeee917d45f1073926add306e8dc30f1477373143a265e22ef6f4067 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 44bc63ea9d7fb68cbcd9101f391ca145 |
| Version | 3 |
Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | b30c31a572b0409383ed3fbe17e56e81 |
| ToBeSigned (TBS) SHA1 | 4843a82ed3b1f2bfbee9671960e1940c942f688d |
| ToBeSigned (TBS) SHA256 | 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9 |
| Subject | C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA |
| ValidFrom | 2010-02-08 00:00:00 |
| ValidTo | 2020-02-07 23:59:59 |
| Signature | 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 5200e5aa2556fc1a86ed96c9d44b33c7 |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
- HAL.dll
Imported Functions
Expand
- KeReleaseSpinLock
- MmUnmapIoSpace
- MmBuildMdlForNonPagedPool
- IoFreeMdl
- MmGetPhysicalAddress
- MmMapLockedPagesSpecifyCache
- ExAllocatePool
- MmMapIoSpace
- IoDeleteDevice
- IofCompleteRequest
- IoCreateSymbolicLink
- IoCreateDevice
- DbgPrint
- IoAllocateMdl
- KeAcquireSpinLockRaiseToDpc
- KeBugCheckEx
- RtlInitUnicodeString
- IoDeleteSymbolicLink
- KeQueryTimeIncrement
- MmUnmapLockedPages
- __C_specific_handler
- HalGetBusDataByOffset
- HalSetBusDataByOffset
- KeQueryPerformanceCounter
Exported Functions
Expand
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- INIT
- .rsrc
Signature
Expand
{
"Certificates": [
{
"CertificateType": "Intermediate",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": false,
"SerialNumber": "79a2a585f9d1154213d9b83ef6b68ded",
"Signature": "1e98aa27b778b508b5c9726db7dfc00e98a635c488c9d2f66df14b1afbd5f92d99009ed1e79b8be13fbd39800c66cd07bc5c9854a694ba10d14e8babf56f65cc6709a2807c52e80e03d66b7ac60518ecc8ac427c072ca73d0866dc00edfd941d73f2729893b111d68fef8eeaacf496510cd08ddf31524f5eaf7da74a75e64ece2b9f292be7cf5d9f037e6e277b23ad622966af92e82ccebd9c7fdccd173c43c2093f7545c79ee4d7607f97c6e4aac769f5fccd74ac2cb048c1504e70561eb535d38ebeb1edacbdfe0cec857dd5bb856644195d9f93eb82ba639ed37c61ffc81bd923587f30a366a139265e92c33ccb3732faf5a38ddcd5b0a3e9253655d781fa",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G3",
"TBS": {
"MD5": "e6d820afb23af20a65cf0b03247ea05e",
"SHA1": "7a8f7c37453f99390ee1e94bb5d3d1cba3a0eea7",
"SHA256": "7e722dc40e6b9abf8c20aa4d887e34b6d2c6b8cbe53a055d49bf9f5e946e0d27",
"SHA384": "7e14609969a388d38d227df1dbb9ce086c9a820142c94fd1a28ef2835a8aa528aef4c6399bce344d79adb5f3dad86afa"
},
"ValidFrom": "2012-05-01 00:00:00",
"ValidTo": "2012-12-31 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "47bf1995df8d524643f7db6d480d31a4",
"Signature": "4a6bf9ea58c2441c318979992b96bf82ac01d61c4ccdb08a586edf0829a35ec8ca9313e704520def47272f0038b0e4c9934e9ad4226215f73f37214f703180f18b3887b3e8e89700fecf55964e24d2a9274e7aaeb76141f32acee7c9d95eddbb2b853eb59db5d9e157ffbeb4c57ef5cf0c9ef097fe2bd33b521b1b3827f73f4a",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., CN=VeriSign Time Stamping Services CA",
"TBS": {
"MD5": "518d2ea8a21e879c942d504824ac211c",
"SHA1": "21ce87d827077e61abddf2beba69fde5432ea031",
"SHA256": "1ec3b4f02e03930a470020e0e48d24b84678bb558f46182888d870541f5e25c7",
"SHA384": "53e346bbde23779a5d116cc9d86fdd71c97b1f1b343439f8a11aa1d3c87af63864bb8488a5aeb2d0c26a6a1e0b15f03f"
},
"ValidFrom": "2003-12-04 00:00:00",
"ValidTo": "2013-12-03 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": false,
"SerialNumber": "611993e400000000001c",
"Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
"TBS": {
"MD5": "78a717e082dcc1cda3458d917e677d14",
"SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
"SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
"SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
},
"ValidFrom": "2011-02-22 19:25:17",
"ValidTo": "2021-02-22 19:35:17",
"Version": 3
},
{
"CertificateType": "Leaf (Code Signing)",
"IsCA": false,
"IsCertificateAuthority": false,
"IsCodeSigning": true,
"SerialNumber": "44bc63ea9d7fb68cbcd9101f391ca145",
"Signature": "e80c8debced6dad9da7cbdc73125a837f3240ff7ad9abc7674ba3401ba5eff9712a4b0790d456b01a304edd8aa31cc7d20c106884b66efe468dad7f9990cbbb6d06b6dc3b8e51f4c9d03815281b033b2d17e0a3678294a4f344d033da79243bf4a9ec426847cc8dc7d7bf7cf2bb3f1d5598c86930e411d0858ccb500958bb64a1a6bba2bb984cc360de1819515279badb51065b60a6d8bd98c5cfb8103caedda37bbc9407efef7afa98780367a68f1f0e9025e167dcaac65c25f0ed53223a14d35e45301667ea1a5b96024015a46f5289c178280c9bde6c41e3fd37dd84a57ea0390b7affeee917d45f1073926add306e8dc30f1477373143a265e22ef6f4067",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, ST=Massachusetts, L=Andover, O=Hewlett,Packard Company, OU=Digital ID Class 3 , Microsoft Software Validation v2, OU=Product Development IT2, CN=Hewlett,Packard Company",
"TBS": {
"MD5": "a0f8c8cbd4fa8092c716b495ff085737",
"SHA1": "5ab3007b75b20480c103ca45e26658ecfecd6e1e",
"SHA256": "4f2703371f9e2a7c6fb08a51089b6a1103cefe4412342171ccf8de8350af5742",
"SHA384": "f28f76ac93762daa95e7731b8401f010ef622974221bc227d6561e3dc3ea57e2680b96c39b4bde658d41c343583ff5c3"
},
"ValidFrom": "2011-11-16 00:00:00",
"ValidTo": "2014-11-15 23:59:59",
"Version": 3
},
{
"CertificateType": "CA",
"IsCA": true,
"IsCertificateAuthority": true,
"IsCodeSigning": true,
"SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
"Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
"TBS": {
"MD5": "b30c31a572b0409383ed3fbe17e56e81",
"SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
"SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
"SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
},
"ValidFrom": "2010-02-08 00:00:00",
"ValidTo": "2020-02-07 23:59:59",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
"SerialNumber": "44bc63ea9d7fb68cbcd9101f391ca145",
"Version": 1
}
],
"SignerInfo": ""
}
last_updated: 2026-04-20
