Gridinsoft Logo

The znf.sys (NetFilter SDK WFP Driver (WPP)) File Analysis

Updated 2 months ago
Checked by Malware Check
znf.sys

Technical Analysis

File Name znf.sys
File Type
Win32 EXE
Magic Bytes PE32+ executable (native) x86-64, for MS Windows
SSDEEP Hash
768:alvq7cKoAOx/DrUbLwBBMsfujQgDXoQrrP2hk6wq+ZCHt7BDjLb7Q1DQv8jPor:YzVCKPwXoYPKpEqjLbGQ0jgr
Scanner Version 1.0.227.174
Database Version 2025-10-17 12:00:18 UTC

Suspicious File Detected

Detected by 8 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
13%
Detection Rate
54,560
File Size (bytes)
8/63
Engines Detected
2025-10-17
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
51891609bf61bf85990b93e2ebed9e56
SHA1
16afac3a41781c81dcea1b47108941e37ddf390c
SHA256
9224917d80fbf21fd36cf2e308324e06382819a69372f3f40ad6de850d9b856a
SHA512
7591c67b19217dee87a7d1ec0c58d4cb088543bbfb056e8df6525bc3ecc295ad87675638625563310527e1c35bd90807ac015aa2a4fbd10df54f9233c2388608
ImpHash
dd2ca4c3d1cbc7740c1069d993ef3c21

Security Engines with Detections (8 of 63)

CrowdStrike
win/grayware_confidence_100% (D) Malicious
Elastic
malicious (high confidence) Malicious
Rising
Malware.Undefined!8.C (C64:YzY0Ora4uUFYb6gTMALscDTBxuY) Malicious
Webroot
Pua.Adware.Netfilter Malicious
DeepInstinct
MALICIOUS Malicious
Cylance
Unsafe Malicious
TrendMicro-HouseCall
PUA_BROWSEFOX.SMF1 Malicious
Yandex
Riskware.Agent!ni8XdMn9PB8 Malicious
55 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Image Base 0x140000000
Entry Point 0x140008e00
Compilation Time 2015-01-02 15:51:20
Checksum 0x0000e113 (Actual: 0x0000e113)
OS Version 6.2
PEiD Signatures PE32+ executable (native) x86-64, for MS Windows
PDB Path J:\projects\netfilter3\driver_wfp\Win8\Win8Release\x64\netfilter2.pdb
Digital Signature OK
Imports 3 libraries
fwpkclnt, NDIS, ntoskrnl
Exports 0 functions
Resources 2 Resources
Sections 7 Sections

Version Information

CompanyName Windows (R) Win 7 DDK provider
FileDescription NetFilter SDK WFP Driver (WPP)
FileVersion 1.4.6.1
InternalName netfilter2.sys
LegalCopyright Copyright © NetFilterSDK.com
OriginalFilename netfilter2.sys
ProductName Windows (R) Win 7 DDK driver
ProductVersion 6.2.9200.16384
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 34,358 bytes 34,816 bytes 6.13 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ C7F02FC10AF718A79AAEE2214211C33C
.rdata 0x0000a000 3,300 bytes 3,584 bytes 4.10 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ 6AFFB8F5CD9273E12D45ACBB26D74B2E
.data 0x0000b000 3,776 bytes 512 bytes 0.32 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 46379B8AB4E14E93955BB62544C80379
.pdata 0x0000c000 1,308 bytes 1,536 bytes 3.84 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ FF9A516BFFF2E32E211BFFA63B0A506C
INIT 0x0000d000 3,062 bytes 3,072 bytes 5.08 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 868B8C3040DB18F200DA01FA6CC691F3
.rsrc 0x0000e000 1,096 bytes 1,536 bytes 2.75 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 000AB284575436708E65FEC327780BEF
.reloc 0x0000f000 12 bytes 512 bytes 0.08 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0A4E4292132691F221CFE9E2B480D927

Resource Analysis

Total Resources: 2 (915 bytes)
Resource Type Count Total Size Percentage
RT_RCDATA 1 55 bytes
6%
RT_VERSION 1 860 bytes
94%

Certificate Chain Analysis

Certificate Information
Product Windows (R) Win 7 DDK driver
Description NetFilter SDK WFP Driver (WPP)
File Version 1.4.6.1
Original Name netfilter2.sys
Signing Date 05:01 PM 01/20/2015 (4006 days ago)
Verification Status Signed
Signers ALLIT Service, LLC.; COMODO Code Signing CA 2; UTN-USERFirst-Object; Sectigo (AddTrust)
Counter Signers COMODO Time Stamping Signer; UTN-USERFirst-Object; Sectigo (AddTrust)
Internal Name netfilter2.sys
Copyright Copyright © NetFilterSDK.com
Certificate Chain Summary
UTN-USERFirst-Object #1 Primary
Validity Period: 2005-06-07 08:09:10 → 2020-05-30 10:48:38
Signature Algorithm: sha1RSA
Serial Number: 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
COMODO Code Signing CA 2 #2 Chain
Validity Period: 2011-08-24 00:00:00 → 2020-05-30 10:48:38
Signature Algorithm: sha1RSA
Serial Number: 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
AddTrust External CA Root #3 Chain
Validity Period: 2013-08-15 20:26:30 → 2023-08-15 20:36:30
Signature Algorithm: sha1RSA
Serial Number: 33 00 00 00 35 D8 D5 59 5B 06 71 41 2B 00 00 00 00 00 35
ALLIT Service, LLC. #4 Chain
Validity Period: 2014-07-04 00:00:00 → 2015-07-04 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 85 BB A2 5A 98 6B CB A9 FD F1 EE 6F 00 07 AD F9
COMODO Time Stamping Signer #5 Chain
Validity Period: 2010-05-10 00:00:00 → 2015-05-10 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

OK

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
8 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware