home

zef.sys

Zillya Event Filter

ALLIT Service, LLC.

It runs as a Windows file system device driver named “zef”.
Publisher:
ALLIT Service, LLC.  (signed and verified)

Product:
Zillya Event Filter

Description:
Events filter driver

Version:
1.0.0.7

MD5:
fd574cd9228ee82d2a3b1451af300906

SHA-1:
54186027fb42e890ba513bc4436e8f56d2a897a2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/3/2024 12:31:29 AM UTC  (today)

File size:
47.2 KB (48,296 bytes)

Product version:
1.0.0.7

Copyright:
Copyright © 2016

Original file name:
EventsFilterDriver.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\zef.sys

Digital Signature
Signed by:
ALLIT Service, LLC.

Authority:
COMODO CA Limited

Valid from:
7/23/2015 12:00:00 AM

Valid to:
7/22/2016 11:59:59 PM

Subject:
CN="ALLIT Service, LLC.", O="ALLIT Service, LLC.", STREET="Avtozavodskaya, 54/19", L=Kyiv, S=Kyivska, PostalCode=04114, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AF2C6A74C06580EE78DA3F0A9EC6FECC

File PE Metadata
Compilation timestamp:
4/1/2016 7:44:54 AM

OS version:
6.3

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
12.0

CTPH (ssdeep):
768:jdFw2JdOqONLAT1ww/1Zd8P7CDqrIRek3I/SbGyKvi3j9XuJO:YAdaNLU1ww/1Zd8P2wOwQ/Kvi3qO

Entry address:
0xC0D4

Entry point:
8B, FF, 55, 8B, EC, E8, 06, 00, 00, 00, 5D, E9, 1C, FF, FF, FF, 8B, FF, 55, 8B, EC, 51, 51, A1, E4, A0, 40, 00, B9, 4E, E6, 40, BB, 85, C0, 74, 04, 3B, C1, 75, 18, 0F, 31, 35, E4, A0, 40, 00, 89, 55, FC, A3, E4, A0, 40, 00, 75, 07, 8B, C1, A3, E4, A0, 40, 00, F7, D0, A3, E0, A0, 40, 00, 8B, E5, 5D, C3, 5C, 00, 44, 00, 65, 00, 76, 00, 69, 00, 63, 00, 65, 00, 5C, 00, 45, 00, 56, 00, 46, 00, 49, 00, 4C, 00, 54, 00, 00, 00, 5C, 00, 44, 00, 6F, 00, 73, 00, 44, 00, 65, 00, 76, 00, 69, 00, 63, 00, 65, 00, 73, 00...
 
[+]

Code size:
34 KB (34,816 bytes)

Driver
Display name:
zef

Type:
File system 'filter' driver (FileSystemDriver)

Group:
FSFilter Activity Monitor

Depends on:
FltMgr


Scan zef.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.