e6338692-90e0-41b1-9481-a47e0df144ad

fidpcidrv.sys

We were not able to verify the hash of this driver successfully, it has not been confirmed.

Description

fidpcidrv.sys is a vulnerable driver and more information will be added as found.

UUID: e6338692-90e0-41b1-9481-a47e0df144ad
Created: 2023-01-09
Author: Michael Haag
Acknowledgement: |

Commands

sc.exe create fidpcidrv.sys binPath=C:\windows\temp\fidpcidrv.sys type=kernel &amp;&amp; sc.exe start fidpcidrv.sys

Use Case	Privileges	Operating System
Elevate privileges	kernel	Windows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources

https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules

Known Vulnerable Samples

Property	Value
Filename	fidpcidrv.sys
Creation Timestamp
MD5
SHA1	08596732304351b311970ff96b21f451f23b1e25
SHA256

Imports

Expand

Imported Functions

Expand

Exported Functions

Expand

Sections

Expand

Signature

Expand

Property	Value
Filename	fidpcidrv.sys
Creation Timestamp
MD5
SHA1	7838fb56fdab816bc1900a4720eea2fc9972ef7a
SHA256

Imports

Expand

Imported Functions

Expand

Exported Functions

Expand

Sections

Expand

Signature

Expand

Property	Value
Filename	fidpcidrv.sys
Creation Timestamp
MD5
SHA1	4789b910023a667bee70ff1f1a8f369cffb10fe8
SHA256

Imports

Expand

Imported Functions

Expand

Exported Functions

Expand

Sections

Expand

Signature

Expand

Property	Value
Filename	fidpcidrv.sys
Creation Timestamp
MD5
SHA1	eeff4ec4ebc12c6acd2c930dc2eaaf877cfec7ec
SHA256

Imports

Expand

Imported Functions

Expand

Exported Functions

Expand

Sections

Expand

Signature

Expand

source

last_updated: 2024-04-09