» VSDATANT.SYS
Overview
Analysis
File Details
Behaviors (1)

VSDATANT.SYS

End Point Security

Check Point Software Technologies Ltd.

It runs as a Windows kernel mode device driver named “vsdatant”.

File name:

VSDATANT.SYS

Publisher:

Check Point Software Technologies Ltd. (signed and verified)

Product:

End Point Security

Description:

ZoneAlarm Firewalling Driver

Version:

926000611

MD5:

5d793fe352cd28bf68cce84e74508139

SHA-1:

cacc7e5b1d1006f28d6f29d04ab05fbc4106c432

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

1/12/2025 10:53:27 PM UTC (today)

File size:

536.8 KB (549,720 bytes)

Product version:

R80

2009 Copyright Check Point Software Technologies Ltd.

Original file name:

VSDATANT.SYS

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\vsdatant.sys

Digital Signature

Signed by:

Check Point Software Technologies Ltd.

Authority:

Symantec Corporation

Valid from:

10/16/2015 7:00:00 AM

Valid to:

10/16/2018 6:59:59 AM

Subject:

CN=Check Point Software Technologies Ltd., O=Check Point Software Technologies Ltd., L=Ramat-Gan, S=Ramat-Gan, C=IL

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

5FE65DF4B9CCBC1C93825A9C8165E934

File PE Metadata

Compilation timestamp:

12/18/2015 4:49:09 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

6144:SPcdew5yQHfKVYmGwgVFfuXPZ28foXZ/Aq1j0V0m4niPB73E3SOWAh:mY5THfKWLVFfTqop/f1jI0m4ilsf1h

Entry address:

0x7C9BE

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, B4, 8D, F9, FF, CC, CC, A4, CA, 07, 00, 00, 00, 00, 00, 00, 00, 00, 00, 1E, DB, 07, 00, 70, FD, 05, 00, 34, CA, 07, 00, 00, 00, 00, 00, 00, 00, 00, 00, D6, DB, 07, 00, 00, FD, 05, 00, 58, CA, 07, 00, 00, 00, 00, 00, 00, 00, 00, 00, 5C, DD, 07, 00, 24, FD, 05, 00, 9C, CA, 07, 00, 00, 00, 00, 00, 00, 00, 00, 00, 7C, DD, 07, 00, 68, FD, 05, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 2C, DB, 07, 00, 58, DB, 07, 00, 6C, DB... 
[+]

Entropy:

5.9356

Code size:

387.3 KB (396,544 bytes)

Driver

Display name:

vsdatant

Type:

Kernel device driver (KernelDriver)

Group:

PNP_TDI

Depends on:

tcpip

Scan VSDATANT.SYS - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.