LOLDrivers
LOLDrivers copied to clipboard
Published
20 hours ago •
magicsword-io
magicsword-io
Duplicates within the data
While investigating the repository, I found a few things that need to be cleaned up. Based on the data displayed on loldrivers.io:
Duplicate hashes
| Tag | SHA256 | Category |
|---|---|---|
| ATSZIO.sys | 01e024cb14b34b6d525c642a710bfa14497ea20fd287c39ba404b10a8b143ece | Vulnerable driver |
| ATSZIO64.sys | 01e024cb14b34b6d525c642a710bfa14497ea20fd287c39ba404b10a8b143ece | Vulnerable driver |
| iqvw64e.sys | 4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b | Vulnerable driver |
| NalDrv.sys | 4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b | Vulnerable driver |
| mhyprot.sys | 509628b6d16d2428031311d7bd2add8d5f5160e9ecc0cd909f1e82bbbb3234d6 | Vulnerable driver |
| Mhyprot2.sys | 509628b6d16d2428031311d7bd2add8d5f5160e9ecc0cd909f1e82bbbb3234d6 | Vulnerable driver |
| BS_I2c64.sys | 55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a | Vulnerable driver |
| BS_I2cIo.sys | 55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a | Vulnerable driver |
| viragt64.sys | 58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495 | Vulnerable driver |
| viraglt64.sys | 58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495 | Vulnerable driver |
| BSMI.sys | 59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347 | Vulnerable driver |
| BSMIXP64.sys | 59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347 | Vulnerable driver |
| iscflashx64.sys | ce0a4430d090ba2f1b46abeaae0cb5fd176ac39a236888fa363bf6f9fd6036d9 | Vulnerable driver |
| iscflashx64.sys | ce0a4430d090ba2f1b46abeaae0cb5fd176ac39a236888fa363bf6f9fd6036d9 | Vulnerable driver |
The listed drivers have the same hash. In the case of Mhyprot2.sys, the driver is from mhyprot.sys. I have not checked the other examples.
Duplicate tags
In some cases, I found tags that were duplicated, and upon examination, found that they should be listed under "Known Vulnerable Samples" rather than as a single entry. This does not account for all the drivers listed, but I found that sharing them all might be more useful.
| Tag | SHA256 |
|---|---|
| amifldrv64.sys | 20f11a64bc4548f4edb47e3d3418da0f6d54a83158224b71662a6292bf45b5fb |
| amifldrv64.sys | 5e238d351e16d4909ca394f1db0326a60d33c9ac7b4d78aefcf17a6d9cc72be9 |
| asio.sys | 0ee5067ce48883701824c5b1ad91695998916a3702cf8086962fbe58af74b2d6 |
| AsIO.sys | 2da330a2088409efc351118445a824f11edbe51cf3d653b298053785097fe40e |
| asio64.sys | 2d36642135166bbb296624dca878925963c7da785e42e940f02d01beb7c477d5 |
| AsIO64.sys | b48a309ee0960da3caaaaf1e794e8c409993aeb3a2b64809f36b97aac8a1e62a |
| AsUpIO.sys | 8f23313adb35782adb0ba97fefbfbb8bbc5fc40ae272e07f6d4629a5305a3fa2 |
| AsUpIO.sys | b9a4e40a5d80fedd1037eaed958f9f9efed41eb01ada73d51b5dcd86e27e0cbf |
| aswArPot.sys | 0b2ad05939b0aabbdc011082fad7960baa0c459ec16a2b29f37c1fa31795a46d |
| aswArPot.sys | 4b5229b3250c8c08b98cb710d6c056144271de099a57ae09f5d2097fc41bd4f1 |
| atillk64.sys | 38bb9751a3a1f072d518afe6921a66ee6d5cf6d25bc50af49e1925f20d75d4d7 |
| atillk64.sys | 5c04c274a708c9a7d993e33be3ea9e6119dc29527a767410dbaf93996f87369a |
| ATSZIO.sys | 01e024cb14b34b6d525c642a710bfa14497ea20fd287c39ba404b10a8b143ece |
| ATSZIO.sys | 0da746e49fd662be910d0e366934a7e02898714eaaa577e261ab40eb44222b5c |
| BS_HWMIo64.sys | 60c6f4f34c7319cb3f9ca682e59d92711a05a2688badbae4891b1303cd384813 |
| bs_hwmio64.sys | 6dafd15ee2fbce87fef1279312660fc399c4168f55b6e6d463bf680f1979adcf |
| BS_I2cIo.sys | 42e170a7ab1d2c160d60abfc906872f9cfd0c2ee169ed76f6acb3f83b3eeefdb |
| BS_I2cIo.sys | 55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a |
| bs_rcio64.sys | 73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e |
| BS_RCIO64.sys | d205286bffdf09bc033c09e95c519c1c267b40c2ee8bab703c6a2d86741ccd3e |
| CorsairLLAccess64.sys | 000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b |
| CorsairLLAccess64.sys | 29a90ae1dcee66335ece4287a06482716530509912be863c85a2a03a6450a5b6 |
| cpuz.sys | 0d3790af5f8e5c945410929e31d06144a471ac82f828afe89a4758a5bbeb7f9f |
| cpuz.sys | eaa5dae373553024d7294105e4e07d996f3a8bd47c770cdf8df79bf57619a8cd |
| DirectIo.sys | 2b186926ed815d87eaf72759a69095a11274f5d13c33b8cc2b8700a1f020be1d |
| DirectIo.sys | 4422851a0a102f654e95d3b79c357ae3af1b096d7d1576663c027cfbc04abaf9 |
| directio.sys | e6a7a497010579fde69cd52bed8de28db610c33bbc5ce0774459dcf64657b802 |
| directio64.sys | 092349aebdac28294dbad1656759d8461f362d1a36b01054dccf861d97beadf0 |
| directio64.sys | d84e3e250a86227c64a96f6d5ac2b447674ba93d399160850acb2339da43eae5 |
| ElbyCDIO.sys | 238046cfe126a1f8ab96d8b62f6aa5ec97bab830e2bae5b1b6ab2d31894c79e4 |
| elbycdio.sys | eea53103e7a5a55dc1df79797395a2a3e96123ebd71cdd2db4b1be80e7b3f02b |
| eneio64.sys | 38c18db050b0b2b07f657c03db1c9595febae0319c746c3eede677e21cd238b0 |
| EneIo64.sys | 9fc29480407e5179aa8ea41682409b4ea33f1a42026277613d6484e5419de374 |
| GameTerSafe.sys | 3e9b62d2ea2be50a2da670746c4dbe807db9601980af3a1014bcd72d0248d84c |
| gametersafe.sys | e2ec3b2a93c473d88bfdf2deb1969d15ab61737acc1ee8e08234bc5513ee87ea |
| gdrv.sys | 092d04284fdeb6762e65e6ac5b813920d6c69a5e99d110769c5c1a78e11c5ba0 |
| gdrv.sys | 31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427 |
| GLCKIO2.sys | 3a5ec83fe670e5e23aef3afa0a7241053f5b6be5e6ca01766d6b5f9177183c25 |
| GLCKIO2.sys | e5b0772be02e2bc807804874cf669e97aa36f5aff1f12fa0a631a3c7b4dd0dc8 |
| GVCIDrv64.sys | 42f0b036687cbd7717c9efed6991c00d4e3e7b032dc965a2556c02177dfdad0f |
| gvcidrv64.sys | a2353030d4ea3ad9e874a0f7ff35bbfa10562c98c949d88cabab27102bbb8e48 |
| HpPortIox64.sys | a4680fabf606d6580893434e81c130ff7ec9467a15e6534692443465f264d3c9 |
| HpPortIox64.sys | c5050a2017490fff7aa53c73755982b339ddb0fd7cef2cde32c81bc9834331c5 |
| hw.sys | 4880f40f2e557cff38100620b9aa1a3a753cb693af16cd3d95841583edcb57a8 |
| HW.sys | fd388cf1df06d419b14dedbeb24c6f4dff37bea26018775f09d56b3067f0de2c |
| iobitunlocker.sys | 7a1feb8649a5c0679e1073e6d8a02c8a6ebc5825f02999f16c9459284f1b198b |
| IObitUnlocker.sys | f85cca4badff17d1aa90752153ccec77a68ad282b69e3985fdc4743eaea85004 |
| iscflashx64.sys | ce0a4430d090ba2f1b46abeaae0cb5fd176ac39a236888fa363bf6f9fd6036d9 |
| iscflashx64.sys | ce0a4430d090ba2f1b46abeaae0cb5fd176ac39a236888fa363bf6f9fd6036d9 |
| kEvP64.sys | 09b0e07af8b17db1d896b78da4dd3f55db76738ee1f4ced083a97d737334a184 |
| kEvP64.sys | 7462b7ae48ae9469474222d4df2f0c4f72cdef7f3a69a524d4fccc5ed0fd343f |
| LHA.sys | 23ba19352b1e71a965260bf4d5120f0200709ee8657ed381043bec9a938a1ade |
| LHA.sys | e75714f8e0ff45605f6fc7689a1a89c7dcd34aab66c6131c63fefaca584539cf |
| libnicm.sys | 00c02901472d74e8276743c847b8148be3799b0e3037c1dfdca21fa81ad4b922 |
| libnicm.sys | ab0925398f3fa69a67eacee2bbb7b34ac395bb309df7fc7a9a9b8103ef41ed7a |
| mhyprot.sys | 0c512b615eac374d4d494e3c36838d8e788b3dc2691bf27916f7f42694b14467 |
| mhyprot.sys | 509628b6d16d2428031311d7bd2add8d5f5160e9ecc0cd909f1e82bbbb3234d6 |
| mhyprot2.sys | 342cf884840fc2b48c96398f690a1801ed8ac1ea59305af9e3d070d13ef85601 |
| Mhyprot2.sys | 509628b6d16d2428031311d7bd2add8d5f5160e9ecc0cd909f1e82bbbb3234d6 |
| mhyprotrpg.sys | 8bf84bed9b5fa4576182c84d2f31679dc472acd0f83c9813498e9f71ed9fef3e |
| mhyprotrpg.Sys | f7d72d22cd4ad3e44fd617bdb4c90b9a884f4eb045688c0e3fb64dd33e033eaa |
| MsIo32.sys | 525d9b51a80ca0cd4c5889a96f857e73f3a80da1ffbae59851e0f51bdfb0b6cd |
| msio32.sys | c7d4943ddac34e1a38692c624d799e634ad4c4e3ae7e3bb2ae4cf0d8eb8985bc |
| MsIo64.sys | 0f035948848432bc243704041739e49b528f35c82a5be922d9e3b8a4c44398ff |
| MsIo64.sys | 43ba8d96d5e8e54cab59d82d495eeca730eeb16e4743ed134cdd495c51a4fc89 |
| netflt.sys | cf16a2218fc8a3b6fa5aa4a0bc6205792798078c380ccc7e5041476e0f1bc53d |
| NetFlt.sys | f8886a9c759e0426e08d55e410b02c5b05af3c287b15970175e4874316ffaf13 |
| NICM.SYS | 3a65d14fd3b1b5981084cdbd293dc6f4558911ea18dd80177d1e5b54d85bcaa0 |
| nicm.sys | 7a2cd1dc110d014165c001ce65578da0c0c8d7d41cc1fa44f974e8a82296fc25 |
| NICM.sys | dd4fedd5662122cbfe046a12e2137294ef1cb7822238d9e24eacc78f22f8e93d |
| nscm.sys | 28999af32b55ddb7dcfc26376a244aa2fe297233ce7abe4919a1aef2f7e2cee7 |
| nscm.sys | 76660e91f1ff3cb89630df5af4fe09de6098d09baa66b1a130c89c3c5edd5b22 |
| NTIOLib.sys | 09bedbf7a41e0f8dabe4f41d331db58373ce15b2e9204540873a1884f38bdde1 |
| NTIOLib.sys | 18776682fcc0c6863147143759a8d4050a4115a8ede0136e49a7cf885c8a4805 |
| nvflash.sys | 9368e51ec98e2ad20893a5fc21e6a8b20c5bee158d5c49ca58649cff84db9d68 |
| nvflash.sys | afdd66562dea51001c3a9de300f91fc3eb965d6848dfce92ccb9b75853e02508 |
| PCHunter.sys | 1b7fb154a7b7903a3c81f12f4b094f24a3c60a6a8cffca894c67c264ab7545fa |
| pchunter.sys | 3f20ac5dac9171857fc5791865458fdb6eac4fab837d7eabc42cb0a83cb522fc |
| RTCore64.sys | 01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd |
| RTCore64.sys | 03e0581432f5c8cc727a8aa387f5b69ff84d38d0df6f1226c19c6e960a81e1e9 |
| RwDrv.sys | 1e0eb0811a7cf1bdaf29d3d2cab373ca51eb8d8b58889ab7728e2d3aed244abe |
| rwdrv.sys | ea0b9eecf4ad5ec8c14aec13de7d661e7615018b1a3c65464bf5eca9bbf6ded3 |
| sandra.sys | 1aaf4c1e3cb6774857e2eef27c17e68dc1ae577112e4769665f516c2e8c4e27b |
| SANDRA.sys | 3e274df646f191d2705c0beaa35eeea84808593c3b333809f13632782e27ad75 |
| sfdrvx32.sys | 1e94d4e6d903e98f60c240dc841dcace5f9e8bbb0802e6648a49ab80c23318cb |
| sfdrvx32.sys | ad23d77a38655acb71216824e363df8ac41a48a1a0080f35a0d23aa14b54460b |
| TmComm.sys | 0909005d625866ef8ccd8ae8af5745a469f4f70561b644d6e38b80bccb53eb06 |
| TmComm.sys | cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64 |
| VBoxDrv.sys | 26f41e4268be59f5de07552b51fa52d18d88be94f8895eb4a16de0f3940cf712 |
| vboxdrv.sys | 78827fa00ea48d96ac9af8d1c1e317d02ce11793e7f7f6e4c7aac7b5d7dd490f |
| VBoxUSB.Sys | 6071db01b50c658cf78665c24f1d21f21b4a12d16bfcfaa6813bf6bbc4d0a1e8 |
| VBoxUSB.Sys | c509935f3812ad9b363754216561e0a529fc2d5b8e86bfa7302b8d149b7d04aa |
| viragt64.sys | 18deed37f60b6aa8634dda2565a0485452487d7bce88afb49301a7352db4e506 |
| viragt64.sys | 58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495 |
| vmdrv.sys | 32cccc4f249499061c0afa18f534c825d01034a1f6815f5506bf4c4ff55d1351 |
| vmdrv.sys | 5c0b429e5935814457934fa9c10ac7a88e19068fa1bd152879e4e9b89c103921 |
| windbg.sys | 139f8412a7c6fdc43dcfbbcdba256ee55654eb36a40f338249d5162a1f69b988 |
| windbg.sys | e1cb86386757b947b39086cc8639da988f6e8018ca9995dd669bdc03c8d39d7d |
| WinFlash64.sys | 316a27e2bdb86222bc7c8af4e5472166b02aec7f3f526901ce939094e5861f6d |
| WinFlash64.sys | 677c0b1add3990fad51f492553d3533115c50a242a919437ccb145943011d2bf |
| winio64.sys | 15fb486b6b8c2a2f1b067f48fba10c2f164638fe5e6cee618fb84463578ecac9 |
| winio64.sys | e1980c6592e6d2d92c1a65acad8f1071b6a404097bb6fcce494f3c8ac31385cf |
Tags
The last thing to mention is the "Category" column. Here drivers are marked as either: "Malicious, Vulnerable driver, Vulnerable driver". In some cases the singular displays multiple known vulnerable samples, while in other cases the plural contains only one known vulnerable sample.
Question
As for this issue, I'd like to submit some of these changes, but being new to this, the question is where to start. Would it be enough to edit the corresponding .yml files, or would it be necessary to edit the .md as well? Or what would be the recommended way (besides forking and so on)?
