DBUtil_2_3.sys - Malicious (88/100) - DriverShield Analysis
Analysis of DBUtil_2_3.sys: malicious verdict, risk score 88/100. 3 YARA matches, 8/76 multi-engine detections. SHA256 0296e2ce999e67c7. Kernel imports, IOCTL codes, MITRE ATT&CK, and code-signing details.
DBUtil_2_3.sys - Analysis Report
DriverShield analyzed the Windows kernel driver DBUtil_2_3.sys and assigned a verdict of Malicious with a composite risk score of 88/100, indicating malicious indicators (80-100 band).
| Verdict | Malicious (88/100) |
| YARA matches | 3 |
| Multi-engine detections | 8 / 76 |
| File size | 14840 bytes |
| Code-signing signer | VeriSign Time Stamping Services Signer - G2 |
| Analyzed | 2026-03-23 |
| SHA256 | 0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5 |
| SHA1 | c948ae14761095e4d76b55d9de86412258be7afd |
| MD5 | c996d7971c49252c582171d9380360f2 |
The full report includes the kernel Import Address Table, extracted IOCTL dispatch codes, YARA rule names, MITRE ATT&CK technique mapping, and the Authenticode certificate chain. See the analysis methodology for how the risk score is computed, or browse the driver database for related samples.
Related:
Other drivers signed by VeriSign Time Stamping Services Signer - G2 · Browse the full driver database · CVE library · code signing atlas · BYOVD research index · security glossary
DriverShield © 2025-2026 · Terms · Privacy · Contact