← All drivers
malicious
Driver

wintapix.sys

WINTAPIX kernel-mode loader

From Unknown (catalogued as malicious)
Status
On a known malicious list
Known variants
3 distinct hashes
Field notes

WinTapix.sys (WINTAPIX) is a malicious kernel driver documented by Fortinet's FortiGuard Labs in 2023 as a loader used in targeted intrusions in the Middle East. It is on the malicious list, not the vulnerable one.

Unlike the hardware and gaming drivers in this guide, it is not part of any legitimate product. Vera notes it as evidence on the public record; the meaning still belongs to the people with the full context of where the file came from.

What the record shows

wintapix.sys is listed as malicious on the public LOLDrivers project. 3 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.

What this means, plainly
Presence is not proof of misuse. This filename matches a public malicious list. Vera notes it as evidence on a record; the meaning still belongs to the people with the context.
Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “wintapix.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/wintapix-sys