winhv.sys - Vulnerable (72/100) - DriverShield Analysis
Analysis of winhv.sys: vulnerable verdict, risk score 72/100. 1 YARA match. SHA256 1abe49124bb18500. Kernel imports, IOCTL codes, MITRE ATT&CK, and code-signing details.
winhv.sys - Analysis Report
DriverShield analyzed the Windows kernel driver winhv.sys and assigned a verdict of Vulnerable with a composite risk score of 72/100, indicating a known or likely vulnerability surface (60-79 band).
| Verdict | Vulnerable (72/100) |
| YARA matches | 1 |
| File size | 42504 bytes |
| Code-signing signer | Microsoft Windows |
| Analyzed | 2026-03-22 |
| SHA256 | 1abe49124bb185009368f0b8cd4c0c5b57802987580140de6dc826dee9de34ef |
| SHA1 | f0cb12aab46ec80e1a60fbf8acc6ebb954f7b2c4 |
| MD5 | 1588d61cf74fe332ac1a2080604b3db4 |
The full report includes the kernel Import Address Table, extracted IOCTL dispatch codes, YARA rule names, MITRE ATT&CK technique mapping, and the Authenticode certificate chain. See the analysis methodology for how the risk score is computed, or browse the driver database for related samples.
Related:
Other drivers signed by Microsoft Windows · Browse the full driver database · CVE library · code signing atlas · BYOVD research index · security glossary
DriverShield © 2025-2026 · Terms · Privacy · Contact