driverquery.exe

• File Path: C:\WINDOWS\SysWOW64\driverquery.exe
• Description: Queries the drivers on a system

Hashes

Type	Hash
MD5	5B3DF7FCA3A86AC5E9EB7B83D6C740B3
SHA1	CA42130E0CB7977189030342588871D5F6B96D35
SHA256	6CB57182340B1406C454731C6868DB9B5849E3972E38A4EB23503E38A73EC0EF
SHA384	B9DB576B7E7793FC544E4DBE90FBEF392E619BF05AE2E7A1800FBDC43E9B1302D2A80590E74D9B818469934EC338E492
SHA512	2F197306EFD8AC3948C529F012CE1AB728F6B26DDCF4EBF014BCE1009BAB83EFE7223BD375CB98E310F3593C111CC7BB5DDCCA3E95588BA5FB7846CE0C51CC45
SSDEEP	1536:QSJGAPcxy8Wev20yR2IKrPZcoR5QzDjtHLC14ImxhgtNu2:yAPgy8WDZePZckxvmxel
IMP	DC0B596DA001F9C34E67199BF225BDD8
PESHA1	ACDB3FC7FE330ABD2F326E21CB809CA0062C02CC
PE256	4B7B8BAFEFEF732A9F0EE756E8835DB166FD3C6BB78829328070B5AF250C1B41

Runtime Data

Usage (stdout):

DRIVERQUERY [/S system [/U username [/P [password]]]]
              [/FO format] [/NH] [/SI] [/V] 
Description:
    Enables an administrator to display a list of 
    installed device drivers.

Parameter List:
      /S     system           Specifies the remote system to connect to.

      /U     [domain\]user    Specifies the user context 
                              under which the command should execute.

      /P     [password]       Specify the password for the given 
                              user context.

      /FO    format           Specifies the type of output to display.
                              Valid values to be passed with the
                              switch are "TABLE", "LIST", "CSV".

      /NH                     Specifies that the "Column Header" 
                              should not be displayed. Valid for  
                              "TABLE" and "CSV" format only.

      /SI                     Provides information about signed drivers.

      /V                      Displays verbose output. Not valid 
                              for signed drivers.

      /?                      Displays this help message.

Examples:
    DRIVERQUERY
    DRIVERQUERY /FO CSV /SI
    DRIVERQUERY /NH
    DRIVERQUERY /S ipaddress /U user /V 
    DRIVERQUERY /S system /U domain\user /P password /FO LIST

Usage (stderr):

ERROR: Invalid argument/option - '--help'.
Type "DRIVERQUERY /?" for usage.

Loaded Modules:

Path
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\wow64.dll
C:\WINDOWS\System32\wow64base.dll
C:\WINDOWS\System32\wow64con.dll
C:\WINDOWS\System32\wow64cpu.dll
C:\WINDOWS\System32\wow64win.dll
C:\WINDOWS\SysWOW64\driverquery.exe

Signature

• Status: Signature verified.
• Serial: 33000002ED2C45E4C145CF48440000000002ED
• Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: drvqry.exe
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.22000.1 (WinBuild.160101.0800)
• Product Version: 10.0.22000.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 32-bit

File Scan

• VirusTotal Detections: 0/74
• VirusTotal Link: https://www.virustotal.com/gui/file/6cb57182340b1406c454731c6868db9b5849e3972e38a4eb23503e38a73ec0ef/detection

Additional Info*

*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.

---

driverquery

Enables an administrator to display a list of installed device drivers and their properties. If used without parameters, driverquery runs on the local computer.

Syntax

driverquery [/s <system> [/u [<domain>\]<username> [/p <password>]]] [/fo {table | list | csv}] [/nh] [/v | /si]

Parameters

Parameter	Description
/s <system>	Specifies the name or IP address of a remote computer. Do not use backslashes. The default is the local computer.
/u [<domain>]<username>	Runs the command with the credentials of the user account as specified by user or domain\user. By default, /s uses the credentials of the user who is currently logged on to the computer that is issuing the command. /u can’t be used unless /s is specified.
/p <password>	Specifies the password of the user account that is specified in the /u parameter. /p cannot be used unless /u is specified.
/fo table	Formats the output as a table. This is the default.
/fo list	Formats the output as a list.
/fo csv	Formats the output with comma-separated values.
/nh	Omits the header row from the displayed driver information. Not valid if the /fo parameter is set to list.
/v	Displays verbose output. /v is not valid for signed drivers.
/si	Provides information about signed drivers.
/?	Displays help at the command prompt.

Examples

To display a list of installed device drivers on the local computer, type:

driverquery

To display the output in a comma-separated values (CSV) format, type:

driverquery /fo csv

To hide the header row in the output, type:

driverquery /nh

To use the driverquery command on a remote server named server1 using your current credentials on the local computer, type:

driverquery /s server1

To use the driverquery command on a remote server named server1 using the credentials for user1 on the domain maindom, type:

driverquery /s server1 /u maindom\user1 /p p@ssw3d

Additional References

• Command-Line Syntax Key

---

MIT License. Copyright (c) 2020-2021 Strontic.