bradwillman
Members
-
Joined
-
Last visited
Reputation Activity
-
Several times now, Microsoft Defender for Endpoint has identified the following file as malware and has quaratined it:
Filename:
pulsewayhardware.sys
Hashes:
Hash SHA1
d25340ae8e92a6d29f599fef426a2bc1b5217299
Hash SHA256
11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
Threat:
Winring0
Defender engine version
1.1.25050.6
Defender Mocamp version
4.18.25040.2
VirusTotal link:
https://www.virustotal.com/gui/file/11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
Detection
VirusTotal detection ratio
2/72
Malware detected
VulnerableDriver:WinNT/Winring0
Object details
File size
14.54 KB
Is PE
true
Issuer
GlobalSign ObjectSign CA
Signer
Noriyuki MIYAZAKI
PE metadata
Original name
WinRing0.sys
Company
OpenLibSys.org
Product
WinRing0
Description
WinRing0
File prevalence
Organization devices5
Organization cloud apps0
Worldwide devices10k+
Worldwide observed devices
Time
First seen
Mar 3, 2013 6:00:43 AM
Last seen
Jun 13, 2025 5:47:56 AM
Is this an actual Pulseway file and has anyone else experienced this on any of their agents? What other info can I provide?
And before anyone asks, I only deploy agents from the SaaS Pulseway server instance.
Thanks,
Bart B.