File name:

zd51177414-certified.exe

Full analysis: https://app.any.run/tasks/d7ba6174-8215-4340-9db1-fd5e4dd5032d
Verdict: Malicious activity
Analysis date: May 23, 2024, 14:02:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

40BB910D4B43C7B7559AB3B691BDB122

SHA1:

011EE42994C5C6F7609697534C0BC18D053D39A1

SHA256:

DA881451BC4CEA329E11C0625CDA73790DECFBFE8372004B4ACFF12DF4618C88

SSDEEP:

98304:UOvBtbn/hxk0rQ38poGO1D+nsOiMvjzC03p3upV/u9sw55giLJ2rRch0ZYXAeiTJ:PdRsm2n46qEBp8pi

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)
      • PrnInst.exe (PID: 1680)
      • zd51177414-certified.exe (PID: 4068)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • zd51177414-certified.exe (PID: 4068)

    • Executable content was dropped or overwritten

      • zd51177414-certified.exe (PID: 4068)
      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)
      • PrnInst.exe (PID: 1680)

    • The process creates files with name similar to system file names

      • zd51177414-certified.exe (PID: 4068)
      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)

    • Drops 7-zip archiver for unpacking

      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)

    • Reads the Windows owner or organization settings

      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)

    • Reads the Internet Settings

      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)

    • Reads security settings of Internet Explorer

      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)

  • INFO

    • Creates files in the program directory

      • zd51177414-certified.exe (PID: 4068)
      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)

    • Checks supported languages

      • zd51177414-certified.exe (PID: 4068)
      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)
      • PrnInst.exe (PID: 1680)

    • Reads the computer name

      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)
      • PrnInst.exe (PID: 1680)

    • Creates files or folders in the user directory

      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)

    • Create files in a temporary directory

      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)
      • PrnInst.exe (PID: 1680)

    • Reads the machine GUID from the registry

      • PrnInst.exe (PID: 1680)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:07:29 23:29:47+00:00
ImageFileCharacteristics: No relocs, Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 197632
InitializedDataSize: 156672
UninitializedDataSize: -
EntryPoint: 0x22c58
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 5.1.17.7414
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
Comments: This installation was built with InstallAware: http://www.installaware.com
CompanyName: Zebra Technologies
FileDescription: Printer Driver Installation
FileVersion: 5.1.17.7414
LegalCopyright: ZEBRA and the stylized Zebra head are trademarks of Zebra Technologies Corporation, registered in many jurisdictions worldwide. All other trademarks are the property of their respective owners. ©2022 Zebra Technologies Corporation and/or its affiliates. All rights reserved
ProductName: ZDesigner Windows Printer Driver Version 5.1.17.7414
ProductVersion: 5.1.17.7414
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
4
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start zd51177414-certified.exe zddriver-v5-1-17-7414-installer.exe prninst.exe zd51177414-certified.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1680"C:\ZD5-1-17-7414\PrnInst.exe" /PREINSTALL="c:\ZD5-1-17-7414\zbrn\zbrn.inf"C:\ZD5-1-17-7414\PrnInst.exe
zddriver-v5-1-17-7414-installer.exe
User:
admin
Company:
Zebra Technologies International, LLC
Integrity Level:
HIGH
Description:
Printer Installation Wizard
Version:
5.3.45
Modules
Images
c:\zd5-1-17-7414\prninst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2108.\zddriver-v5-1-17-7414-installer.exe /m="C:\Users\admin\AppData\Local\Temp\ZD5117~1.EXE" /k=""C:\ProgramData\mia446D.tmp\zddriver-v5-1-17-7414-installer.exe
zd51177414-certified.exe
User:
admin
Company:
Zebra Technologies
Integrity Level:
HIGH
Description:
Printer Driver Installation
Version:
5.1.17.7414
Modules
Images
c:\programdata\mia446d.tmp\zddriver-v5-1-17-7414-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3956"C:\Users\admin\AppData\Local\Temp\zd51177414-certified.exe" C:\Users\admin\AppData\Local\Temp\zd51177414-certified.exeexplorer.exe
User:
admin
Company:
Zebra Technologies
Integrity Level:
MEDIUM
Description:
Printer Driver Installation
Exit code:
3221226540
Version:
5.1.17.7414
Modules
Images
c:\users\admin\appdata\local\temp\zd51177414-certified.exe
c:\windows\system32\ntdll.dll
4068"C:\Users\admin\AppData\Local\Temp\zd51177414-certified.exe" C:\Users\admin\AppData\Local\Temp\zd51177414-certified.exe
explorer.exe
User:
admin
Company:
Zebra Technologies
Integrity Level:
HIGH
Description:
Printer Driver Installation
Version:
5.1.17.7414
Modules
Images
c:\users\admin\appdata\local\temp\zd51177414-certified.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
Total events
1 003
Read events
978
Write events
25
Delete events
0

Modification events

(PID) Process:(4068) zd51177414-certified.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\zd51177414-certified.exe
Operation:writeName:IsHostApp
Value:
(PID) Process:(2108) zddriver-v5-1-17-7414-installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\zddriver-v5-1-17-7414-installer.exe
Operation:writeName:IsHostApp
Value:
(PID) Process:(2108) zddriver-v5-1-17-7414-installer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2108) zddriver-v5-1-17-7414-installer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2108) zddriver-v5-1-17-7414-installer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2108) zddriver-v5-1-17-7414-installer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(1680) PrnInst.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1680) PrnInst.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
Operation:writeName:setupapi.dev.log
Value:
4096
Executable files
237
Suspicious files
23
Text files
1 445
Unknown types
1

Dropped files

PID
Process
Filename
Type
4068zd51177414-certified.exeC:\ProgramData\mia446D.tmp\data\OFFLINE\133A620F\F75D0379\About.bmpimage
MD5:79E9D314BB3F1040E042F814603EBA55
SHA256:C4D975F8A2A6B50AB5BF34D4A018270F54323C135FFE421BC712F2A1194D40DA
4068zd51177414-certified.exeC:\ProgramData\mia446D.tmp\data\OFFLINE\mWinRun.dll\ansi\msiexec.exeexecutable
MD5:E6B975475B001A15B14AE6BDCDE58E45
SHA256:175435FD486045310E8C393B9B151638756AD14C7C93232BBD9D6920F1268E46
4068zd51177414-certified.exeC:\ProgramData\mia446D.tmp\data\OFFLINE\133A620F\F75D0379\ZebraBarcode.ttfttf
MD5:86783BB204BD942A98768CA9DE2AEF5E
SHA256:4A19C33BAFD4A19F433BF047C0A65B03032F30CA9E79CF81162679C995AB7FD3
4068zd51177414-certified.exeC:\ProgramData\mia446D.tmp\data\OFFLINE\4ABA4ACE\6B71268F\StatMonSetup.exeexecutable
MD5:7928649A4645F957FE39D834BCE8095B
SHA256:D22F3964FE629FA42BD211EF75E9F3524532F507331BD33069B725BE6AC42935
4068zd51177414-certified.exeC:\ProgramData\mia446D.tmp\data\OFFLINE\B833E50\6B71268F\Readme.htmhtml
MD5:8C6E05C3E01D407D18026F2E8662A19A
SHA256:1C44094883D9E678F4591777382370C484816D844DF36AE9FD27104498618F08
4068zd51177414-certified.exeC:\ProgramData\mia446D.tmp\zddriver-v5-1-17-7414-installer.msiexecutable
MD5:29354324164B17A4C2FA3F68B9F752A3
SHA256:45B25828C9B4E2BD361675D93E4B1859DEDD8EC7CCE7172D8F81E0B05407C5AA
4068zd51177414-certified.exeC:\ProgramData\mia446D.tmp\data\OFFLINE\133A620F\F75D0379\ZDesign.chmbinary
MD5:2F1AC81A8964E6213C591F63CAB97240
SHA256:388D6BEE77BD2CF790A97BB0EDF957268A5263ECCDE689B2014F6646106D3ECF
4068zd51177414-certified.exeC:\ProgramData\mia446D.tmp\data\OFFLINE\675D11F2\6B71268F\EULA.pdfpdf
MD5:EDE201CD561CB5C524EF18B0073ED100
SHA256:5960FB1A21A4AE7824896FBDB8B3E288D01C3979FECD08EFD1134BB5B1F42B08
4068zd51177414-certified.exeC:\ProgramData\mia446D.tmp\data\OFFLINE\B9D3127D\6B71268F\PrnInst.exeexecutable
MD5:6FDC47EA13BD9BA1994B1EAA0A45BD2C
SHA256:95FC7EC697B6230062537905E77568880751F623A073C98E4CA6B8502037FBED
4068zd51177414-certified.exeC:\ProgramData\mia446D.tmp\data\OFFLINE\mWinRun.dll\ansi\instmsi.msiexecutable
MD5:DACAD73CE0EF57276296E89A4F28710E
SHA256:61AD5E27FC7D0D39E7CBA51C3792F18E6FDC744921E6C416798D8179AACFC32A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
zd51177414-certified.exe