acpi.sys - Malicious (88/100) - DriverShield Analysis
Analysis of acpi.sys: malicious verdict, risk score 88/100. 2 YARA matches, 8/76 multi-engine detections. SHA256 58a74dceb2022cd8. Kernel imports, IOCTL codes, MITRE ATT&CK, and code-signing details.
acpi.sys - Analysis Report
DriverShield analyzed the Windows kernel driver acpi.sys and assigned a verdict of Malicious with a composite risk score of 88/100, indicating malicious indicators (80-100 band).
| Verdict | Malicious (88/100) |
| YARA matches | 2 |
| Multi-engine detections | 8 / 76 |
| File size | 82848 bytes |
| Code-signing signer | Symantec Time Stamping Services CA - G2 |
| Analyzed | 2026-03-22 |
| SHA256 | 58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495 |
| SHA1 | 05c0c49e8bcf11b883d41441ce87a2ee7a3aba1d |
| MD5 | 43830326cd5fae66f5508e27cbec39a0 |
The full report includes the kernel Import Address Table, extracted IOCTL dispatch codes, YARA rule names, MITRE ATT&CK technique mapping, and the Authenticode certificate chain. See the analysis methodology for how the risk score is computed, or browse the driver database for related samples.
Related:
Other drivers signed by Symantec Time Stamping Services CA - G2 · Browse the full driver database · CVE library · code signing atlas · BYOVD research index · security glossary
DriverShield © 2025-2026 · Terms · Privacy · Contact