» znf.sys
Overview
Analysis
File Details

znf.sys

Windows Win 7 DDK driver

ALLIT Service, LLC.

File name:

znf.sys

Publisher:

Windows (R) Win 7 DDK provider (signed by ALLIT Service, LLC.)

Product:

Windows (R) Win 7 DDK driver

Description:

NetFilter SDK WFP Driver (WPP)

Version:

1.4.7.5

MD5:

0e0a1f0e3ccc98530612c22959c1c455

SHA-1:

aa72bec81ceab5852bee8acd7ccf155bae15fed6

SHA-256:

8b82fba32733d5a699e6fcc03ff84a434d255359cfdce08fd9237b110ada240d

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/27/2024 8:20:30 PM UTC (today)

File size:

57.8 KB (59,160 bytes)

Product version:

6.2.9200.20789

Original file name:

netfilter2.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\znf.sys

Digital Signature

Signed by:

ALLIT Service, LLC.

Authority:

COMODO CA Limited

Valid from:

12/21/2015 5:45:00 AM

Valid to:

1/1/2016 5:44:59 AM

Subject:

CN="ALLIT Service, LLC.", O="ALLIT Service, LLC.", STREET="Avtozavodskaya, 54/19", L=Kyiv, S=Kyivska, PostalCode=04114, C=UA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F27F5454FE3BDBD366ABF3C06DC63B1B

File PE Metadata

Compilation timestamp:

9/8/2015 5:43:51 PM

OS version:

6.2

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

11.0

CTPH (ssdeep):

768:+TJUtC4oLNBdoxlC4hIoUNNBi23wq0sBEZ0O3O/0bpMIxUs8CK08lPo1HX:bYoCToUNNBi6wqrBd/ApMIa2KrlPodX

Entry address:

0x9C50

Entry point:

48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, DA, 48, 8B, F9, E8, A3, 43, 00, 00, 48, 8B, D3, 48, 8B, CF, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, E9, 16, DC, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 79, 24, 00, 00, 75, 12, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 03, C2, 00, 00, 48, C1, C9, 10, E9, 08, 00, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, B9, 02, 00, 00, 00, CD, 29, CC, CC, CC, CC, CC, CC, CC, CC, CC, B9, 08, 00, 00, 00, CD, 29, CC... 
[+]

Entropy:

6.2599

Code size:

41.5 KB (42,496 bytes)

Scan znf.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.