File sptd.sys received on 2010.08.02 04:39:48 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:
Antivirus Version Last Update Result
AhnLab-V3 2010.08.01.00 2010.07.31 -
AntiVir 8.2.4.32 2010.08.01 -
Antiy-AVL 2.0.3.7 2010.08.02 -
Authentium 5.2.0.5 2010.08.02 -
Avast 4.8.1351.0 2010.08.02 -
Avast5 5.0.332.0 2010.08.02 -
AVG 9.0.0.851 2010.08.01 -
BitDefender 7.2 2010.08.02 -
CAT-QuickHeal 11.00 2010.08.02 -
ClamAV 0.96.0.3-git 2010.08.01 -
Comodo 5615 2010.08.02 -
DrWeb 5.0.2.03300 2010.08.02 -
Emsisoft 5.0.0.34 2010.07.30 -
eSafe 7.0.17.0 2010.08.01 -
eTrust-Vet 36.1.7753 2010.07.31 -
F-Prot 4.6.1.107 2010.08.02 -
F-Secure 9.0.15370.0 2010.08.02 -
Fortinet 4.1.143.0 2010.08.01 -
GData 21 2010.08.02 -
Ikarus T3.1.1.84.0 2010.08.02 -
Jiangmin 13.0.900 2010.08.01 -
Kaspersky 7.0.0.125 2010.08.02 -
McAfee 5.400.0.1158 2010.08.02 -
McAfee-GW-Edition 2010.1 2010.08.01 -
Microsoft 1.6004 2010.08.01 -
NOD32 5332 2010.08.02 -
Norman 6.05.11 2010.08.01 -
nProtect 2010-08-01.01 2010.08.01 -
Panda 10.0.2.7 2010.08.01 -
PCTools 7.0.3.5 2010.08.02 -
Prevx 3.0 2010.08.02 -
Rising 22.59.00.01 2010.08.02 -
Sophos 4.56.0 2010.08.02 -
Sunbelt 6672 2010.08.02 -
Symantec 20101.1.1.7 2010.08.02 -
TheHacker 6.5.2.1.328 2010.07.30 -
TrendMicro 9.120.0.1004 2010.08.02 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.02 -
VBA32 3.12.12.7 2010.07.30 -
ViRobot 2010.7.31.3965 2010.08.02 -
VirusBuster 5.0.27.0 2010.08.01 -
Additional information
File size: 642560 bytes
MD5...: b1a17b3c9dab68fed86906b74251f7d8
SHA1..: 6f601ebbd0db7afa691f42d3c0c0de018f61d799
SHA256: 3593454f34fd3f8fc151bd45ec0cfd5b1f9f923d53ed1aac956d8aafc146cb07
ssdeep: 12288:zWTOpW/2jcz6ocEqGSrF/lunpwpckfgQiwDuL/BzS9g5Hc2PZ:zWCpW/Nz
6lxqCpckfHi9/BzCgZB
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x8713a
timedatestamp.....: 0x4391a4df (Sat Dec 03 13:59:59 2005)
machinetype.......: 0x14c (I386)
( 12 sections )
name viradd virsiz rawdsiz ntrpy md5
.edata 0x1000 0x16e20 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.edata 0x18000 0x7b92 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.text 0x20000 0x453d9 0x45400 7.99 20e3b147cd9a10fb76c632dbb4bd5bf8
.textx 0x66000 0xd20 0xe00 6.19 25e4a7693dbee7ea543d33aff2bda8ab
.data 0x67000 0x4100 0xa00 3.76 d2673121a71e3ab4f546476de70b5b9a
INIT 0x6c000 0x1c6f1 0x1c800 7.97 9a46832c1d1e135d8f52f3bea8bc6d55
.edata 0x89000 0xa48b 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x94000 0xb28 0xc00 5.31 0570e4469e6e8881dfaf94c766910b52
.const 0x95000 0x34200 0x34200 6.06 52841c1c219385b34359465b7d375edd
.rsrc 0xca000 0x390 0x400 3.01 14584c6464b5b3cb16e687c4fb8b8038
.sptd0 0xcb000 0x23fa 0x2400 7.20 3eb19e1183147abb71db41d5f1c289df
.reloc 0xce000 0x1a14 0x1c00 6.52 30d720131b44399dcbe1a45685b0ba50
( 3 imports )
> ntoskrnl.exe: IoAllocateErrorLogEntry, RtlCompareMemory, strncmp, IoAllocateMdl, ExInitializeNPagedLookasideList, ExDeleteNPagedLookasideList, MmUserProbeAddress, KeLeaveCriticalRegion, KeEnterCriticalRegion, PsGetCurrentProcessId, MmMapLockedPagesSpecifyCache, IoFreeMdl, ProbeForWrite, ProbeForRead, ExGetPreviousMode, MmUnmapIoSpace, KeDelayExecutionThread, MmMapIoSpace, _stricmp, RtlUnicodeStringToAnsiString, RtlInitUnicodeString, ObReferenceObjectByHandle, KeInitializeSemaphore, KeWaitForMultipleObjects, KeClearEvent, KeSetEvent, IofCompleteRequest, IofCallDriver, ObfReferenceObject, _allmul, _aulldiv, PsGetVersion, MmGetSystemRoutineAddress, ObfDereferenceObject, KeQuerySystemTime, RtlFreeAnsiString, strstr, ExFreePoolWithTag, RtlQueryRegistryValues, KeInitializeEvent, KeInitializeMutex, _wcsnicmp, MmLockPagableDataSection, IoGetCurrentProcess, IoWriteErrorLogEntry, ExfInterlockedInsertTailList, ZwOpenKey, ZwCreateKey, ZwQueryValueKey, ZwEnumerateValueKey, ZwEnumerateKey, ZwSetValueKey, ZwDeleteValueKey, ZwDeleteKey, RtlEqualUnicodeString, memmove, RtlFreeUnicodeString, RtlUpcaseUnicodeString, ExAllocatePoolWithTagPriority, KeWaitForSingleObject, KeSetEventBoostPriority, _alldiv, swprintf, IoDeleteDevice, IoCreateDevice, IoInvalidateDeviceState, wcsstr, IoBuildSynchronousFsdRequest, RtlWriteRegistryValue, RtlDeleteRegistryValue, IoDriverObjectType, MmUnlockPages, MmSizeOfMdl, IoFreeIrp, MmHighestUserAddress, KeResetEvent, IoBuildDeviceIoControlRequest, IoReleaseCancelSpinLock, IoAcquireCancelSpinLock, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, KeReleaseSemaphore, IoAllocateIrp, MmBuildMdlForNonPagedPool, IoGetDeviceObjectPointer, ExfInterlockedRemoveHeadList, IoRegisterShutdownNotification, IoFileObjectType, _wcsicmp, RtlInitAnsiString, RtlAnsiStringToUnicodeString, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, _except_handler3, MmProbeAndLockPages, MmIsAddressValid, KeGetCurrentThread, strncpy, _allshr, sprintf
> HAL.dll: KfLowerIrql, KeStallExecutionProcessor, KfRaiseIrql, KeRaiseIrqlToDpcLevel, KeGetCurrentIrql, READ_PORT_UCHAR, KfReleaseSpinLock, KfAcquireSpinLock
> SPTD0461.SYS: ScsiPortInitialize
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (58.4%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
VXD Driver (0.2%)
Symantec Reputation Network: Suspicious.Insight
http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:
publisher....: Duplex Secure Ltd.
copyright....: Copyright (C) 2004-2005
product......: SCSI Pass Through Direct
description..: SCSI Pass Through Direct Host
original name: sptd.sys
internal name: SPTD.SYS
file version.: 1.24.0.0 built by: WinDDK
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned