wantd_2.sys
Daxin variant
wantd_2.sys is a variant of the Daxin rootkit backdoor. See the wantd.sysDriverwantd.sysDaxin rootkit -- WAN Transport Driver variantOpen plate → and daxin_blank.sysDriverdaxin_blank.sysDaxin rootkit backdoorOpen plate → entries for the full story.
Not a legitimate vendor driver. Presence indicates a targeted intrusion.
wantd_2.sys is listed as malicious on the public LOLDrivers project. One distinct binary hash matching this filename is on record.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “wantd_2.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/wantd-2-sys
