wmilib.sys - Clean (8/100) - DriverShield Analysis
Analysis of wmilib.sys: clean verdict, risk score 8/100. 0 YARA matches. SHA256 f40b867e02980863. Kernel imports, IOCTL codes, MITRE ATT&CK, and code-signing details.
wmilib.sys - Analysis Report
DriverShield analyzed the Windows kernel driver wmilib.sys and assigned a verdict of Clean with a composite risk score of 8/100, indicating no notable risk signals (0-29 band).
| Verdict | Clean (8/100) |
| YARA matches | 0 |
| File size | 19472 bytes |
| Code-signing signer | Microsoft Windows |
| Analyzed | 2026-03-22 |
| SHA256 | f40b867e02980863b618e42779d220c0b848e7c256d8ed91c15e11c4a84a0dde |
| SHA1 | c05d81a5128c0034511459f5dfc593e5aabc1f85 |
| MD5 | 44424fd39aa0f9934e555552d2b7389b |
The full report includes the kernel Import Address Table, extracted IOCTL dispatch codes, YARA rule names, MITRE ATT&CK technique mapping, and the Authenticode certificate chain. See the analysis methodology for how the risk score is computed, or browse the driver database for related samples.
Related:
Other drivers signed by Microsoft Windows · Browse the full driver database · CVE library · code signing atlas · BYOVD research index · security glossary
DriverShield © 2025-2026 · Terms · Privacy · Contact