poortry2.sys
POORTRY variant
poortry2.sys is a variant of POORTRY, the WHQL-signed kernel malware publicly disclosed by SentinelOne and Mandiant in December 2022. Same toolkit as poortry.sysDriverpoortry.sysPOORTRY: Microsoft-signed kernel malwareOpen plate → and poortry1.sysDriverpoortry1.sysPOORTRY variantOpen plate →, distributed under multiple filenames. See the poortry.sys entry for the full story.
Not a legitimate vendor driver. Presence is evidence on the public record, not a verdict, but unlike most entries in this catalog there is no 'innocent why it's here' explanation.
poortry2.sys is listed as malicious on the public LOLDrivers project. One distinct binary hash matching this filename is on record.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “poortry2.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/poortry2-sys
