e6338692-90e0-41b1-9481-a47e0df144ad

fidpcidrv.sys

We were not able to verify the hash of this driver successfully, it has not been confirmed.

Description

fidpcidrv.sys is a vulnerable driver and more information will be added as found.

  • UUID: e6338692-90e0-41b1-9481-a47e0df144ad
  • Created: 2023-01-09
  • Author: Michael Haag

Block fidpcidrv.sys across your endpoints

Add this driver to your block policy in minutes with MagicSword, threat-driven application control. Free for up to 100 endpoints.

Start Blocking for Free

Commands

sc.exe create fidpcidrv.sys binPath=C:\windows\temp\fidpcidrv.sys type=kernel && sc.exe start fidpcidrv.sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Renamed

for renamed driver files

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules

    • Known Vulnerable Samples

    PropertyValue
    Filenamefidpcidrv.sys
    Creation Timestamp
    MD5
    SHA1
    SHA256
    Authentihash MD5
    Authentihash SHA108596732304351b311970ff96b21f451f23b1e25
    Authentihash SHA2567b7e0e1453e733050b586a6fac91883dbb85ae0775c84c4ceb967cfc9b4efd10

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand
    PropertyValue
    Filenamefidpcidrv.sys
    Creation Timestamp
    MD5
    SHA1
    SHA256
    Authentihash MD5
    Authentihash SHA108596732304351b311970ff96b21f451f23b1e25
    Authentihash SHA2567b7e0e1453e733050b586a6fac91883dbb85ae0775c84c4ceb967cfc9b4efd10

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand
    PropertyValue
    Filenamefidpcidrv.sys
    Creation Timestamp
    MD5
    SHA1
    SHA256
    Authentihash MD5
    Authentihash SHA14789b910023a667bee70ff1f1a8f369cffb10fe8
    Authentihash SHA2567fb0f6fc5bdd22d53f8532cb19da666a77a66ffb1cf3919a2e22b66c13b415b7

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand
    PropertyValue
    Filenamefidpcidrv.sys
    Creation Timestamp
    MD5
    SHA1
    SHA256
    Authentihash MD5
    Authentihash SHA14789b910023a667bee70ff1f1a8f369cffb10fe8
    Authentihash SHA2567fb0f6fc5bdd22d53f8532cb19da666a77a66ffb1cf3919a2e22b66c13b415b7

    Imports

    Expand

    Imported Functions

    Expand

    Exported Functions

    Expand

    Sections

    Expand

    Signature

    Expand

    source

    last_updated: 2026-04-14