File name:

zd51177414-certified.exe

Full analysis: https://app.any.run/tasks/d7ba6174-8215-4340-9db1-fd5e4dd5032d
Verdict: Malicious activity
Analysis date: May 23, 2024, 14:02:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

40BB910D4B43C7B7559AB3B691BDB122

SHA1:

011EE42994C5C6F7609697534C0BC18D053D39A1

SHA256:

DA881451BC4CEA329E11C0625CDA73790DECFBFE8372004B4ACFF12DF4618C88

SSDEEP:

98304:UOvBtbn/hxk0rQ38poGO1D+nsOiMvjzC03p3upV/u9sw55giLJ2rRch0ZYXAeiTJ:PdRsm2n46qEBp8pi

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)
      • zd51177414-certified.exe (PID: 4068)
      • PrnInst.exe (PID: 1680)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • zd51177414-certified.exe (PID: 4068)

    • Executable content was dropped or overwritten

      • zd51177414-certified.exe (PID: 4068)
      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)
      • PrnInst.exe (PID: 1680)

    • The process creates files with name similar to system file names

      • zd51177414-certified.exe (PID: 4068)
      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)

    • Drops 7-zip archiver for unpacking

      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)

    • Reads the Windows owner or organization settings

      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)

    • Reads the Internet Settings

      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)

    • Reads security settings of Internet Explorer

      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)

  • INFO

    • Checks supported languages

      • zd51177414-certified.exe (PID: 4068)
      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)
      • PrnInst.exe (PID: 1680)

    • Creates files in the program directory

      • zd51177414-certified.exe (PID: 4068)
      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)

    • Creates files or folders in the user directory

      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)

    • Reads the computer name

      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)
      • PrnInst.exe (PID: 1680)

    • Create files in a temporary directory

      • zddriver-v5-1-17-7414-installer.exe (PID: 2108)
      • PrnInst.exe (PID: 1680)

    • Reads the machine GUID from the registry

      • PrnInst.exe (PID: 1680)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:07:29 23:29:47+00:00
ImageFileCharacteristics: No relocs, Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 197632
InitializedDataSize: 156672
UninitializedDataSize: -
EntryPoint: 0x22c58
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 5.1.17.7414
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
Comments: This installation was built with InstallAware: http://www.installaware.com
CompanyName: Zebra Technologies
FileDescription: Printer Driver Installation
FileVersion: 5.1.17.7414
LegalCopyright: ZEBRA and the stylized Zebra head are trademarks of Zebra Technologies Corporation, registered in many jurisdictions worldwide. All other trademarks are the property of their respective owners. ©2022 Zebra Technologies Corporation and/or its affiliates. All rights reserved
ProductName: ZDesigner Windows Printer Driver Version 5.1.17.7414
ProductVersion: 5.1.17.7414
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
4
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start zd51177414-certified.exe zddriver-v5-1-17-7414-installer.exe prninst.exe zd51177414-certified.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1680"C:\ZD5-1-17-7414\PrnInst.exe" /PREINSTALL="c:\ZD5-1-17-7414\zbrn\zbrn.inf"C:\ZD5-1-17-7414\PrnInst.exe
zddriver-v5-1-17-7414-installer.exe
User:
admin
Company:
Zebra Technologies International, LLC
Integrity Level:
HIGH
Description:
Printer Installation Wizard
Version:
5.3.45
Modules
Images
c:\zd5-1-17-7414\prninst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2108.\zddriver-v5-1-17-7414-installer.exe /m="C:\Users\admin\AppData\Local\Temp\ZD5117~1.EXE" /k=""C:\ProgramData\mia446D.tmp\zddriver-v5-1-17-7414-installer.exe
zd51177414-certified.exe
User:
admin
Company:
Zebra Technologies
Integrity Level:
HIGH
Description:
Printer Driver Installation
Version:
5.1.17.7414
Modules
Images
c:\programdata\mia446d.tmp\zddriver-v5-1-17-7414-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3956"C:\Users\admin\AppData\Local\Temp\zd51177414-certified.exe" C:\Users\admin\AppData\Local\Temp\zd51177414-certified.exeexplorer.exe
User:
admin
Company:
Zebra Technologies
Integrity Level:
MEDIUM
Description:
Printer Driver Installation
Exit code:
3221226540
Version:
5.1.17.7414
Modules
Images
c:\users\admin\appdata\local\temp\zd51177414-certified.exe
c:\windows\system32\ntdll.dll
4068"C:\Users\admin\AppData\Local\Temp\zd51177414-certified.exe" C:\Users\admin\AppData\Local\Temp\zd51177414-certified.exe
explorer.exe
User:
admin
Company:
Zebra Technologies
Integrity Level:
HIGH
Description:
Printer Driver Installation
Version:
5.1.17.7414
Modules
Images
c:\users\admin\appdata\local\temp\zd51177414-certified.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
Total events
1 003
Read events
978
Write events
25
Delete events
0

Modification events

(PID) Process:(4068) zd51177414-certified.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\zd51177414-certified.exe
Operation:writeName:IsHostApp
Value:
(PID) Process:(2108) zddriver-v5-1-17-7414-installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\zddriver-v5-1-17-7414-installer.exe
Operation:writeName:IsHostApp
Value:
(PID) Process:(2108) zddriver-v5-1-17-7414-installer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2108) zddriver-v5-1-17-7414-installer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2108) zddriver-v5-1-17-7414-installer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2108) zddriver-v5-1-17-7414-installer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(1680) PrnInst.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1680) PrnInst.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
Operation:writeName:setupapi.dev.log
Value:
4096
Executable files
237
Suspicious files
23
Text files
1 445
Unknown types
1

Dropped files

PID
Process
Filename
Type
4068zd51177414-certified.exeC:\ProgramData\mia446D.tmp\data\OFFLINE\72189700\6B71268F\notices.htmlhtml
MD5:CE23A057BB8AC69C6045F9801CE0A997
SHA256:853F45CA0A1781484032D99F827541B7A936DCB193253D61C8A4042865E6D98E
4068zd51177414-certified.exeC:\ProgramData\mia446D.tmp\data\OFFLINE\133A620F\F75D0379\ZDesign.chmbinary
MD5:2F1AC81A8964E6213C591F63CAB97240
SHA256:388D6BEE77BD2CF790A97BB0EDF957268A5263ECCDE689B2014F6646106D3ECF
4068zd51177414-certified.exeC:\ProgramData\mia446D.tmp\data\OFFLINE\991735A1\A2C5B76A\Prn64.binexecutable
MD5:863167F759810877592A6C0B548A9739
SHA256:4CF13E6E9D274BD1FE45F1A52253B4562006B0FB49B47FE9857A615B063EF8F7
4068zd51177414-certified.exeC:\ProgramData\mia446D.tmp\data\OFFLINE\25DB93B\6B71268F\ZebraFD.exeexecutable
MD5:C384ECE3C7DAFCA6EE975FC0963493B4
SHA256:3D53924CF71BBF03751D0B60782358A3ECF4CF7BD446D2FCFCBE80140A4BD039
4068zd51177414-certified.exeC:\ProgramData\mia446D.tmp\data\OFFLINE\mWinRun.dll\unicode\update.exeexecutable
MD5:342F79337765760AD4E392EB67D5ED2C
SHA256:69B61B2C00323CEA3686315617D0F452E205DAE10C47E02CBE1EA96FEA38F582
4068zd51177414-certified.exeC:\ProgramData\mia446D.tmp\data\OFFLINE\133A620F\F75D0379\ZebraBarcode.ttfttf
MD5:86783BB204BD942A98768CA9DE2AEF5E
SHA256:4A19C33BAFD4A19F433BF047C0A65B03032F30CA9E79CF81162679C995AB7FD3
4068zd51177414-certified.exeC:\ProgramData\mia446D.tmp\data\OFFLINE\B833E50\6B71268F\Readme.htmhtml
MD5:8C6E05C3E01D407D18026F2E8662A19A
SHA256:1C44094883D9E678F4591777382370C484816D844DF36AE9FD27104498618F08
4068zd51177414-certified.exeC:\ProgramData\mia446D.tmp\data\OFFLINE\mWinRun.dll\ansi\instmsi.msiexecutable
MD5:DACAD73CE0EF57276296E89A4F28710E
SHA256:61AD5E27FC7D0D39E7CBA51C3792F18E6FDC744921E6C416798D8179AACFC32A
4068zd51177414-certified.exeC:\ProgramData\mia446D.tmp\data\OFFLINE\4ABA4ACE\6B71268F\StatMonSetup.exeexecutable
MD5:7928649A4645F957FE39D834BCE8095B
SHA256:D22F3964FE629FA42BD211EF75E9F3524532F507331BD33069B725BE6AC42935
4068zd51177414-certified.exeC:\ProgramData\mia446D.tmp\data\OFFLINE\675D11F2\6B71268F\EULA.pdfpdf
MD5:EDE201CD561CB5C524EF18B0073ED100
SHA256:5960FB1A21A4AE7824896FBDB8B3E288D01C3979FECD08EFD1134BB5B1F42B08
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
zd51177414-certified.exe