wintapix.sys
WINTAPIX kernel-mode loader
WinTapix.sys (WINTAPIX) is a malicious kernel driver documented by Fortinet's FortiGuard Labs in 2023 as a loader used in targeted intrusions in the Middle East. It is on the malicious list, not the vulnerable one.
Unlike the hardware and gaming drivers in this guide, it is not part of any legitimate product. Vera notes it as evidence on the public record; the meaning still belongs to the people with the full context of where the file came from.
wintapix.sys is listed as malicious on the public LOLDrivers project. 3 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “wintapix.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/wintapix-sys
