File name:

zadig-2.7.com

Full analysis: https://app.any.run/tasks/2625b14f-bd10-4f08-a863-b1649bd8cebc
Verdict: Malicious activity
Analysis date: December 28, 2023, 23:30:25
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

1CF73FE426FF2BD8C51AD6CB582BA3BA

SHA1:

D4B1E692623BE068E22C16BEC751172A46BB9EE2

SHA256:

AC29BCF79ABBF989F056956FA478E8FD7A339764401467C4A052BF30E7549A49

SSDEEP:

98304:qGFJ02qZOnFSWI2tU5m665CHBRys1ijWIJ/CWujGCsrGG9nKAxoGQLtZ5e6wNzwY:8eol9LElka

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Creates a writable file in the system directory

      • drvinst.exe (PID: 844)

  • SUSPICIOUS

    • Reads settings of System Certificates

      • zadig-2.7.com.exe (PID: 2024)

    • Adds/modifies Windows certificates

      • zadig-2.7.com.exe (PID: 2024)

    • Reads the Internet Settings

      • zadig-2.7.com.exe (PID: 2024)
      • rundll32.exe (PID: 2636)

    • Drops a system driver (possible attempt to evade defenses)

      • zadig-2.7.com.exe (PID: 2024)

    • Creates files in the driver directory

      • drvinst.exe (PID: 844)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 844)

  • INFO

    • Checks supported languages

      • zadig-2.7.com.exe (PID: 2024)
      • installer_x86.exe (PID: 1972)
      • drvinst.exe (PID: 2336)
      • drvinst.exe (PID: 2624)
      • drvinst.exe (PID: 844)

    • Drops the executable file immediately after the start

      • zadig-2.7.com.exe (PID: 2024)
      • drvinst.exe (PID: 844)
      • installer_x86.exe (PID: 1972)

    • Process drops legitimate windows executable

      • zadig-2.7.com.exe (PID: 2024)
      • drvinst.exe (PID: 844)
      • installer_x86.exe (PID: 1972)

    • Reads the computer name

      • zadig-2.7.com.exe (PID: 2024)
      • installer_x86.exe (PID: 1972)
      • drvinst.exe (PID: 844)
      • drvinst.exe (PID: 2336)
      • drvinst.exe (PID: 2624)

    • Reads the machine GUID from the registry

      • zadig-2.7.com.exe (PID: 2024)
      • installer_x86.exe (PID: 1972)
      • drvinst.exe (PID: 844)

    • Creates files in the program directory

      • zadig-2.7.com.exe (PID: 2024)

    • Create files in a temporary directory

      • zadig-2.7.com.exe (PID: 2024)
      • installer_x86.exe (PID: 1972)
      • rundll32.exe (PID: 2468)

    • Adds/modifies Windows certificates

      • drvinst.exe (PID: 844)

    • Creates files or folders in the user directory

      • rundll32.exe (PID: 2468)

    • Manual execution by a user

      • explorer.exe (PID: 1792)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (64.2)
.dll | Win32 Dynamic Link Library (generic) (15.6)
.exe | Win32 Executable (generic) (10.6)
.exe | Generic Win/DOS Executable (4.7)
.exe | DOS Executable Generic (4.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:11:01 14:39:15+01:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 5148672
InitializedDataSize: 32768
UninitializedDataSize: 1675264
EntryPoint: 0x681870
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 2.7.765.0
ProductVersionNumber: 2.7.765.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Unknown (0009)
CharacterSet: Unicode
CompanyName: akeo.ie
FileDescription: Zadig
FileVersion: 2.7.765
InternalName: Zadig
LegalCopyright: © 2010-2021 Pete Batard (GPL v3)
LegalTrademarks: https://www.gnu.org/copyleft/gpl.html
OriginalFileName: zadig.exe
ProductName: Zadig
ProductVersion: 2.7.765
Comments: http://libwdi.akeo.ie
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
50
Monitored processes
10
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start zadig-2.7.com.exe installer_x86.exe no specs explorer.exe no specs drvinst.exe no specs drvinst.exe no specs drvinst.exe no specs rundll32.exe no specs dinotify.exe no specs rundll32.exe no specs zadig-2.7.com.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
844DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{2d89095c-2843-5c10-4e8f-74449880206d}\WinUSB_Generic_Device.inf" "0" "694de428f" "000005B8" "WinSta0\Default" "00000338" "208" "C:\Users\admin\usb_driver"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1792"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1972"C:\Users\admin\usb_driver\installer_x86.exe" "WinUSB_Generic_Device.inf"C:\Users\admin\usb_driver\installer_x86.exezadig-2.7.com.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\usb_driver\installer_x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\newdev.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
2024"C:\Users\admin\AppData\Local\Temp\zadig-2.7.com.exe" C:\Users\admin\AppData\Local\Temp\zadig-2.7.com.exe
explorer.exe
User:
admin
Company:
akeo.ie
Integrity Level:
HIGH
Description:
Zadig
Exit code:
0
Version:
2.7.765
Modules
Images
c:\users\admin\appdata\local\temp\zadig-2.7.com.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2036"C:\Users\admin\AppData\Local\Temp\zadig-2.7.com.exe" C:\Users\admin\AppData\Local\Temp\zadig-2.7.com.exeexplorer.exe
User:
admin
Company:
akeo.ie
Integrity Level:
MEDIUM
Description:
Zadig
Exit code:
3221226540
Version:
2.7.765
Modules
Images
c:\users\admin\appdata\local\temp\zadig-2.7.com.exe
c:\windows\system32\ntdll.dll
2336DrvInst.exe "1" "200" "PCI\VEN_1AF4&DEV_1002&SUBSYS_00051AF4&REV_00\3&13c0b0c5&0&28" "" "" "6db87dc0b" "00000300" "000005F8" "000005FC"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
3758096899
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2468rundll32.exe C:\Windows\system32\newdev.dll,pDiDeviceInstallNotification \\.\pipe\PNP_Device_Install_Pipe_1.{c3cbb465-b78a-4bea-bf36-e5d0b86ff739} "(null)"C:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
2572"C:\Windows\System32\dinotify.exe" pnpui.dll,SimplifiedDINotificationC:\Windows\System32\dinotify.exerundll32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Device Installation
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dinotify.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\pnpui.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
2624DrvInst.exe "1" "200" "ACPI\QEMU0002\3&13c0b0c5&0" "" "" "60c67bb57" "00000550" "00000620" "00000624"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
3758096899
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2636rundll32.exe C:\Windows\system32\newdev.dll,pDiDeviceInstallNotification \\.\pipe\PNP_Device_Install_Pipe_1.{e0952e1b-18cb-45a7-b16c-9f1840864c74} "(null)"C:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
Total events
10 941
Read events
10 827
Write events
67
Delete events
47

Modification events

(PID) Process:(2024) zadig-2.7.com.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2024) zadig-2.7.com.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F75A6A96D7DAF418B4454431892B42F5C0F76327
Operation:writeName:Blob
Value:
030000000100000014000000F75A6A96D7DAF418B4454431892B42F5C0F7632702000000010000004C0000001C0000000000000001000000200000000000000000000000020000006C006900620077006400690020006B0065007900200063006F006E007400610069006E006500720000000000000000000B000000010000000E0000006C006900620077006400690000002000000001000000DB050000308205D7308203BFA00302010202102B442671E828509D4715DF163ED8C644300D06092A864886F70D0101050500305D315B305906035504031E52005500530042005C004D0053005F0043004F004D0050005F00570049004E00550053004200200028006C006900620077006400690020006100750074006F00670065006E0065007200610074006500640029301E170D3233313232383233333133335A170D3239303130313030303030305A305D315B305906035504031E52005500530042005C004D0053005F0043004F004D0050005F00570049004E00550053004200200028006C006900620077006400690020006100750074006F00670065006E006500720061007400650064002930820222300D06092A864886F70D01010105000382020F003082020A0282020100EE1D79E90E4D7AA6B638A34FC8B6CA5B7514A3F817867681642291D853CEF0C7C3ECEEED6871D9DB3A3A8552A83AE1FE175BB89B9D0E0DF87CD1CED55834837541F5D2040BA124AB3C9D3D0E04DE020BEFBBD75154BC3FC632A06170F254271D8251D52F30C2E58D4879FE5AE1D5DB4DDA182897150E097D69698FF10BAC1233758A52D63A95B89934AE5DEF2998BD5318BFF5BCEC2C05ED559C6D9D3BEAAC15F78B29F93DD21CDB9E70BBF843EC13F53A46BD62B72D96AE10AB219BD12E8F120D98F6AFFAD244B08735AC41402C78F47CB7ECEACA1DE2BD51BD426B9B2035A8829AE41C435137128C2E78FE4DD79351202A45A0A20268D1EB7DA54CBD2CDD9341FE87A2A66EA8D02F9093BCC3A528852D32E54DCE4A131B9AC9EA41A77C8B3F8C2F18BBF2F9E6DD201A1352C2FEF0C43519B59159F50D719E7ADF05DCA5A7FC121663A0C695EB99FB2E39F103984C4D0EFD165A152AA2741BB6E48098CE200C8B069D8A933FE297A0D11CF4FEA56B827427B2D5DE1EAECE3911BB78C13F6D150E98E13F01C91F60DDBCED522533A4E046F2B18615D5519B27FE0470D1A564C67C3AED7A0263E2B7DEBF75F6A6243BBF3738BA23293D8069B16E3F10E3C74AC4C9290D6B130B7B5BCB91BF3896E56087495DCA0DCC104FC3A6B244D050474CE4E86E87628030D46E3CE3D0ECF01E63B06BAD40996B36C9828ADEB35F81FAD4190203010001A3819230818F30160603551D250101FF040C300A06082B0601050507030330340603551D07042D302B812943726561746564206279206C69627764692028687474703A2F2F6C69627764692E616B656F2E696529303F0603551D2004383036303406082B060105050702013028302606082B06010505070201161A687474703A2F2F6C69627764692D6370732E616B656F2E696500300D06092A864886F70D010105050003820201003BF61471A7EF5CF4518314BB9619ECDF4D9D5B9A197A4F04C7FA6BA14BFC6E926A381ECEC2E72D1C9C995E15D2C000566D381CA7FC32DCBD543E29D3DA2F9AEEC4B0A12CD0CEE3A06E217AE4F3607B7257D0090B673700BC9CE7DE6F4BDDAFB6A3533E9B736A17B512F9280AD87BEA8CB476A287C85EDF0A8B90A571FB87E2B5B3051004BC619FBCF6A2F560BF836E5F106031C20243DF9A73E1C5ADB80EDF196640B4E4AF4E96FFC8E12BA01AE6250A89AEBDF60C67BEF55BB975D87B860F6B28C60564B1F7E09DC1D37525EE07C3A561912A70D21383EC2A4F4B86799634EEAC56081950D6716B12E238CC6747DE1A30017D3A42EDB17ED3BFB9908B0F17814516BD047D1C78F50089F6B92A079A233C7C9B246581535C89A8B4EB238D029DFEB59FD769F77BD530B68EA548F9A47A0295A82C9791BAE741C7A7B06E33378F71BEB0501A9EAEAA97D1F241C0C9A3416F3A73AF53DD83295868B87080DD2921DA48D758CEB6893C6255647FE09452D05FB8855E439AD54664FA4C04F2F513228E778CAE1C6686D96142703376F8C5EF0B6FFC38AB7BBE7303C8F899D66AF0D299197E5ADDE1B8A6610C6D2EBD36CE596AE221D9841C64FB3EE10C257695C48C1424BB4CF98BC87572ADE783100621A44D12846BDD5B68B4D0BC440540F735BE975AB78CCED0BF096B6E47445C93A16EAC1413BA73E3DD5D903754CEDC078F63
(PID) Process:(2024) zadig-2.7.com.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F75A6A96D7DAF418B4454431892B42F5C0F76327
Operation:delete keyName:(default)
Value:
(PID) Process:(2024) zadig-2.7.com.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F75A6A96D7DAF418B4454431892B42F5C0F76327
Operation:writeName:Blob
Value:
030000000100000014000000F75A6A96D7DAF418B4454431892B42F5C0F763272000000001000000DB050000308205D7308203BFA00302010202102B442671E828509D4715DF163ED8C644300D06092A864886F70D0101050500305D315B305906035504031E52005500530042005C004D0053005F0043004F004D0050005F00570049004E00550053004200200028006C006900620077006400690020006100750074006F00670065006E0065007200610074006500640029301E170D3233313232383233333133335A170D3239303130313030303030305A305D315B305906035504031E52005500530042005C004D0053005F0043004F004D0050005F00570049004E00550053004200200028006C006900620077006400690020006100750074006F00670065006E006500720061007400650064002930820222300D06092A864886F70D01010105000382020F003082020A0282020100EE1D79E90E4D7AA6B638A34FC8B6CA5B7514A3F817867681642291D853CEF0C7C3ECEEED6871D9DB3A3A8552A83AE1FE175BB89B9D0E0DF87CD1CED55834837541F5D2040BA124AB3C9D3D0E04DE020BEFBBD75154BC3FC632A06170F254271D8251D52F30C2E58D4879FE5AE1D5DB4DDA182897150E097D69698FF10BAC1233758A52D63A95B89934AE5DEF2998BD5318BFF5BCEC2C05ED559C6D9D3BEAAC15F78B29F93DD21CDB9E70BBF843EC13F53A46BD62B72D96AE10AB219BD12E8F120D98F6AFFAD244B08735AC41402C78F47CB7ECEACA1DE2BD51BD426B9B2035A8829AE41C435137128C2E78FE4DD79351202A45A0A20268D1EB7DA54CBD2CDD9341FE87A2A66EA8D02F9093BCC3A528852D32E54DCE4A131B9AC9EA41A77C8B3F8C2F18BBF2F9E6DD201A1352C2FEF0C43519B59159F50D719E7ADF05DCA5A7FC121663A0C695EB99FB2E39F103984C4D0EFD165A152AA2741BB6E48098CE200C8B069D8A933FE297A0D11CF4FEA56B827427B2D5DE1EAECE3911BB78C13F6D150E98E13F01C91F60DDBCED522533A4E046F2B18615D5519B27FE0470D1A564C67C3AED7A0263E2B7DEBF75F6A6243BBF3738BA23293D8069B16E3F10E3C74AC4C9290D6B130B7B5BCB91BF3896E56087495DCA0DCC104FC3A6B244D050474CE4E86E87628030D46E3CE3D0ECF01E63B06BAD40996B36C9828ADEB35F81FAD4190203010001A3819230818F30160603551D250101FF040C300A06082B0601050507030330340603551D07042D302B812943726561746564206279206C69627764692028687474703A2F2F6C69627764692E616B656F2E696529303F0603551D2004383036303406082B060105050702013028302606082B06010505070201161A687474703A2F2F6C69627764692D6370732E616B656F2E696500300D06092A864886F70D010105050003820201003BF61471A7EF5CF4518314BB9619ECDF4D9D5B9A197A4F04C7FA6BA14BFC6E926A381ECEC2E72D1C9C995E15D2C000566D381CA7FC32DCBD543E29D3DA2F9AEEC4B0A12CD0CEE3A06E217AE4F3607B7257D0090B673700BC9CE7DE6F4BDDAFB6A3533E9B736A17B512F9280AD87BEA8CB476A287C85EDF0A8B90A571FB87E2B5B3051004BC619FBCF6A2F560BF836E5F106031C20243DF9A73E1C5ADB80EDF196640B4E4AF4E96FFC8E12BA01AE6250A89AEBDF60C67BEF55BB975D87B860F6B28C60564B1F7E09DC1D37525EE07C3A561912A70D21383EC2A4F4B86799634EEAC56081950D6716B12E238CC6747DE1A30017D3A42EDB17ED3BFB9908B0F17814516BD047D1C78F50089F6B92A079A233C7C9B246581535C89A8B4EB238D029DFEB59FD769F77BD530B68EA548F9A47A0295A82C9791BAE741C7A7B06E33378F71BEB0501A9EAEAA97D1F241C0C9A3416F3A73AF53DD83295868B87080DD2921DA48D758CEB6893C6255647FE09452D05FB8855E439AD54664FA4C04F2F513228E778CAE1C6686D96142703376F8C5EF0B6FFC38AB7BBE7303C8F899D66AF0D299197E5ADDE1B8A6610C6D2EBD36CE596AE221D9841C64FB3EE10C257695C48C1424BB4CF98BC87572ADE783100621A44D12846BDD5B68B4D0BC440540F735BE975AB78CCED0BF096B6E47445C93A16EAC1413BA73E3DD5D903754CEDC078F63
(PID) Process:(2024) zadig-2.7.com.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\F75A6A96D7DAF418B4454431892B42F5C0F76327
Operation:delete keyName:(default)
Value:
(PID) Process:(2024) zadig-2.7.com.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\F75A6A96D7DAF418B4454431892B42F5C0F76327
Operation:writeName:Blob
Value:
030000000100000014000000F75A6A96D7DAF418B4454431892B42F5C0F763272000000001000000DB050000308205D7308203BFA00302010202102B442671E828509D4715DF163ED8C644300D06092A864886F70D0101050500305D315B305906035504031E52005500530042005C004D0053005F0043004F004D0050005F00570049004E00550053004200200028006C006900620077006400690020006100750074006F00670065006E0065007200610074006500640029301E170D3233313232383233333133335A170D3239303130313030303030305A305D315B305906035504031E52005500530042005C004D0053005F0043004F004D0050005F00570049004E00550053004200200028006C006900620077006400690020006100750074006F00670065006E006500720061007400650064002930820222300D06092A864886F70D01010105000382020F003082020A0282020100EE1D79E90E4D7AA6B638A34FC8B6CA5B7514A3F817867681642291D853CEF0C7C3ECEEED6871D9DB3A3A8552A83AE1FE175BB89B9D0E0DF87CD1CED55834837541F5D2040BA124AB3C9D3D0E04DE020BEFBBD75154BC3FC632A06170F254271D8251D52F30C2E58D4879FE5AE1D5DB4DDA182897150E097D69698FF10BAC1233758A52D63A95B89934AE5DEF2998BD5318BFF5BCEC2C05ED559C6D9D3BEAAC15F78B29F93DD21CDB9E70BBF843EC13F53A46BD62B72D96AE10AB219BD12E8F120D98F6AFFAD244B08735AC41402C78F47CB7ECEACA1DE2BD51BD426B9B2035A8829AE41C435137128C2E78FE4DD79351202A45A0A20268D1EB7DA54CBD2CDD9341FE87A2A66EA8D02F9093BCC3A528852D32E54DCE4A131B9AC9EA41A77C8B3F8C2F18BBF2F9E6DD201A1352C2FEF0C43519B59159F50D719E7ADF05DCA5A7FC121663A0C695EB99FB2E39F103984C4D0EFD165A152AA2741BB6E48098CE200C8B069D8A933FE297A0D11CF4FEA56B827427B2D5DE1EAECE3911BB78C13F6D150E98E13F01C91F60DDBCED522533A4E046F2B18615D5519B27FE0470D1A564C67C3AED7A0263E2B7DEBF75F6A6243BBF3738BA23293D8069B16E3F10E3C74AC4C9290D6B130B7B5BCB91BF3896E56087495DCA0DCC104FC3A6B244D050474CE4E86E87628030D46E3CE3D0ECF01E63B06BAD40996B36C9828ADEB35F81FAD4190203010001A3819230818F30160603551D250101FF040C300A06082B0601050507030330340603551D07042D302B812943726561746564206279206C69627764692028687474703A2F2F6C69627764692E616B656F2E696529303F0603551D2004383036303406082B060105050702013028302606082B06010505070201161A687474703A2F2F6C69627764692D6370732E616B656F2E696500300D06092A864886F70D010105050003820201003BF61471A7EF5CF4518314BB9619ECDF4D9D5B9A197A4F04C7FA6BA14BFC6E926A381ECEC2E72D1C9C995E15D2C000566D381CA7FC32DCBD543E29D3DA2F9AEEC4B0A12CD0CEE3A06E217AE4F3607B7257D0090B673700BC9CE7DE6F4BDDAFB6A3533E9B736A17B512F9280AD87BEA8CB476A287C85EDF0A8B90A571FB87E2B5B3051004BC619FBCF6A2F560BF836E5F106031C20243DF9A73E1C5ADB80EDF196640B4E4AF4E96FFC8E12BA01AE6250A89AEBDF60C67BEF55BB975D87B860F6B28C60564B1F7E09DC1D37525EE07C3A561912A70D21383EC2A4F4B86799634EEAC56081950D6716B12E238CC6747DE1A30017D3A42EDB17ED3BFB9908B0F17814516BD047D1C78F50089F6B92A079A233C7C9B246581535C89A8B4EB238D029DFEB59FD769F77BD530B68EA548F9A47A0295A82C9791BAE741C7A7B06E33378F71BEB0501A9EAEAA97D1F241C0C9A3416F3A73AF53DD83295868B87080DD2921DA48D758CEB6893C6255647FE09452D05FB8855E439AD54664FA4C04F2F513228E778CAE1C6686D96142703376F8C5EF0B6FFC38AB7BBE7303C8F899D66AF0D299197E5ADDE1B8A6610C6D2EBD36CE596AE221D9841C64FB3EE10C257695C48C1424BB4CF98BC87572ADE783100621A44D12846BDD5B68B4D0BC440540F735BE975AB78CCED0BF096B6E47445C93A16EAC1413BA73E3DD5D903754CEDC078F63
(PID) Process:(2024) zadig-2.7.com.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2024) zadig-2.7.com.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2024) zadig-2.7.com.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2024) zadig-2.7.com.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
29
Suspicious files
23
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
2024zadig-2.7.com.exeC:\Users\admin\usb_driver\amd64\libusb0_x86.dllexecutable
MD5:1A534450750ECA1F3D951DEF8D9965BF
SHA256:5E84D13636FBCE7869CDDC8B20C7D83FA0063E98C319E8E5AB751EDC9EE1DA76
2024zadig-2.7.com.exeC:\Users\admin\usb_driver\x86\WdfCoInstaller01011.dllexecutable
MD5:3D2A2D921135801835073451F002480F
SHA256:C7649879A10C9332FC0F9744C7E3224647AEE9E7E62C7E21CF9E987462E3DD06
2024zadig-2.7.com.exeC:\Users\admin\usb_driver\x86\winusbcoinstaller2.dllexecutable
MD5:8E7B9F81E8823FEE2D82F7DE3A44300B
SHA256:EBE3B7708DD974EE87EFED3113028D266AF87CA8DBAE77C47C6F7612824D3D6C
2024zadig-2.7.com.exeC:\Users\admin\usb_driver\amd64\WdfCoInstaller01011.dllexecutable
MD5:D10864C1730172780C2D4BE633B9220A
SHA256:F6FB39A8578F19616570D5A3DC7212C84A9DA232B30A03376BBF08F4264FEDF2
2024zadig-2.7.com.exeC:\Users\admin\usb_driver\amd64\install-filter.exeexecutable
MD5:A16F041C87529221C86E16124C7E9ADD
SHA256:DF2ABF387893332F28C4DF68B10A6B176DC9706142055DCCCCF447F5A9CEDE2D
2024zadig-2.7.com.exeC:\Users\admin\usb_driver\x86\libusbK.dllexecutable
MD5:BD03C4792F08F0C889441F49DF9DEB98
SHA256:E908FB5501D74F810948CACBE476658479F19F4D2AFF14F9044F18981BE9C6FC
2024zadig-2.7.com.exeC:\Users\admin\usb_driver\amd64\libusb0.sysexecutable
MD5:16E18CED459B1824234890386EE66CD5
SHA256:8058F2AFE6EF96A7D2DED432997FD8655970C9EA75A938EE4557D6A2CB4CC989
2024zadig-2.7.com.exeC:\Users\admin\usb_driver\amd64\libusb0.dllexecutable
MD5:1D8215F7F8CD02A553499B534CCFB4D5
SHA256:4F18B5D2C28AA66B648C8683C6D09B52B92CBBEE85984BBEFAD5F38A64BC2A14
2024zadig-2.7.com.exeC:\Users\admin\usb_driver\x86\libusbK.sysexecutable
MD5:1F17DFE26285CF9971E55DDFF915877B
SHA256:6265AE9AE5C49F515613F0B749AD8390A1B34CA326203318BFFEB6C2C281D2D0
2024zadig-2.7.com.exeC:\Users\admin\usb_driver\x86\libusb0.sysexecutable
MD5:C8C9800179AF00C90629514E30873D80
SHA256:AA7D75A4D01B405AAB7C848674BBED392B64C6E374E20FD72ADC3C96294E2F00
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
6
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
Process
Message
zadig-2.7.com.exe
Windows 7 SP1 32 bit
zadig-2.7.com.exe
Zadig 2.7.765
zadig-2.7.com.exe
ini file 'zadig.ini' not found in 'C:\Users\admin\AppData\Local\Temp' - default parameters will be used
zadig-2.7.com.exe
default driver set to 'WinUSB'
zadig-2.7.com.exe
0 devices found.
zadig-2.7.com.exe
Using inf name: WinUSB_Generic_Device.inf
zadig-2.7.com.exe
Installing driver. Please wait...
zadig-2.7.com.exe
Successfully extracted driver files.
zadig-2.7.com.exe
libwdi:info [extract_binaries] Successfully extracted driver files to 'C:\Users\admin\usb_driver'
zadig-2.7.com.exe
libwdi:info [wdi_prepare_driver] Creating and self-signing a .cat file...
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
zadig-2.7.com