» VSDATANT.SYS
Overview
Analysis
File Details
Behaviors (1)

VSDATANT.SYS

End Point Security

Check Point Software Technologies Ltd.

It runs as a Windows 64-bit kernel mode device driver named “Zone Alarm Firewall Driver”.

File name:

VSDATANT.SYS

Publisher:

Check Point Software Technologies Ltd. (signed and verified)

Product:

End Point Security

Description:

ZoneAlarm Firewalling Driver

Version:

926000611

MD5:

5dfc85f7c5ae651e5c785b9a92d5ba31

SHA-1:

aa94d4281fb8e3753c79d346155e4d9c9b8ec5a8

SHA-256:

0eb58031fc0f3fd308f3fa412b9b85de29a55d5deee553d5efa8223b22b50fd6

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/23/2024 2:26:02 PM UTC (today)

File size:

456.5 KB (467,456 bytes)

Product version:

R80

2009 Copyright Check Point Software Technologies Ltd.

Original file name:

VSDATANT.SYS

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\vsdatant.sys

Digital Signature

Signed by:

Check Point Software Technologies Ltd.

Authority:

Symantec Corporation

Valid from:

10/15/2015 7:00:00 PM

Valid to:

10/15/2018 6:59:59 PM

Subject:

CN=Check Point Software Technologies Ltd., O=Check Point Software Technologies Ltd., L=Ramat-Gan, S=Ramat-Gan, C=IL

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

5FE65DF4B9CCBC1C93825A9C8165E934

File PE Metadata

Compilation timestamp:

12/18/2015 3:48:57 AM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

6144:869hsOSds1W9DAB32nTO9EnTT7X6+Hl5MBwNR/7o9qtZE7vVUrwq2zZCdZ:8ysWs1AdvEP7XHHl5MeNB7o9kWvObZ

Entry address:

0x91428

Entry point:

48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, 7A, 4A, F9, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 56, 00, 73, 00, 64, 00, 61, 00, 74, 00, 61, 00, 6E, 00, 74, 00, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 5A, 00, 6F, 00, 6E, 00, 65, 00, 20, 00, 41, 00, 6C, 00, 61, 00, 72, 00, 6D, 00, 20, 00, 46, 00, 69, 00, 72, 00, 65, 00, 77, 00, 61, 00, 6C, 00, 6C, 00, 20, 00, 44, 00, 72, 00, 69, 00, 76, 00, 65, 00, 72, 00, 00, 00, CC, CC... 
[+]

Entropy:

6.3382

Code size:

392 KB (401,408 bytes)

Driver

Display name:

Zone Alarm Firewall Driver

Service name:

vsdatant

Description:

@oem11.inf,%Vsdatant_Desc%;Zone Alarm Firewall Driver

Type:

Kernel device driver (KernelDriver)

Group:

NDIS

Scan VSDATANT.SYS - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.