amifldrv64.sys
AMI BIOS flashing driver
AMIFLDRV64.sys is a BIOS-flashing driver from American Megatrends, used by many OEM firmware-update tools. Presence on a current system usually indicates a recent BIOS update or a vendor utility that handles them.
It is on the LOLDrivers list because of the very low-level access BIOS updates require: the same primitives that let a firmware update happen are what attackers want when they are trying to persist below the operating system. Firmware-research vendors have published broad surveys of this whole class of update drivers (Phoenix's WinFlash, AMI's family, vendor variants) and they all share the property that they are useful to whoever can load them.
If the driver is on your system after a BIOS update, that is expected. If your OEM has a current BIOS update utility, use it; if Windows blocks the older flashing tool, that is the Vulnerable Driver Blocklist doing its job.
amifldrv64.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 14 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “amifldrv64.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/amifldrv64-sys
