Drop any file to identify it
No upload. No signup. No sending your file halfway across the internet.
We tell you what it is, right here in your browser.
Drop it!
Let go to identify this file.
Couldn't identify this file
Need to convert it? fwip it →
SYS files are Windows kernel-mode drivers — code that runs with the highest privileges the operating system offers. They control hardware (graphics cards, network adapters, storage controllers), implement file systems, provide antivirus hooks, and manage core system functions. A buggy SYS file doesn't crash an application — it crashes the entire system (blue screen of death).
You'll find SYS files in `C:\Windows\System32\drivers\`. They're loaded at boot or when their hardware is detected. Windows Driver Model (WDM) and the newer Windows Driver Framework (WDF) govern how they interact with the kernel. Regular users should never need to modify or delete SYS files manually.
SYS files are a common malware vector because kernel-mode access bypasses most security controls. A malicious driver can hide processes, intercept network traffic, and survive reboots. Windows 10/11 requires driver signing (Microsoft-approved signature) to load kernel drivers, but some malware exploits vulnerable signed drivers to bypass this protection.