Srpski | Македонски | العربية | Suomi | ihMdI | 
| עברית | 
| Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | 
| 
| Magyar | Deutsch | Česky | Polski | Español
| עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español
|
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information... |
File PageFau1t.sys received on 2009.07.24 08:57:32 (UTC)
Current status: finished
Current status: finished
Result: 31/41 (75.61%)
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| a-squared | 4.5.0.24 | 2009.07.24 | Virus.Win32.Crypt.RV!IK |
| AhnLab-V3 | 5.0.0.2 | 2009.07.24 | Win-Trojan/Agent.19840.C |
| AntiVir | 7.9.0.228 | 2009.07.24 | Rkit/Agent.evd |
| Antiy-AVL | 2.0.3.7 | 2009.07.24 | Trojan/Win32.Agent.gen |
| Authentium | 5.1.2.4 | 2009.07.24 | - |
| Avast | 4.8.1335.0 | 2009.07.23 | Win32:Agent-ACYG |
| AVG | 8.5.0.387 | 2009.07.23 | Small.ATV |
| BitDefender | 7.2 | 2009.07.24 | Trojan.Generic.133277 |
| CAT-QuickHeal | 10.00 | 2009.07.24 | Rootkit.Agent.evd |
| ClamAV | 0.94.1 | 2009.07.24 | Trojan.Rootkit-1350 |
| Comodo | 1749 | 2009.07.24 | TrojWare.Win32.Rootkit.Agent.evd |
| DrWeb | 5.0.0.12182 | 2009.07.24 | - |
| eSafe | 7.0.17.0 | 2009.07.23 | Win32.Banker |
| eTrust-Vet | 31.6.6637 | 2009.07.24 | - |
| F-Prot | 4.4.4.56 | 2009.07.23 | - |
| F-Secure | 8.0.14470.0 | 2009.07.24 | Rootkit.Win32.Agent.evd |
| Fortinet | 3.120.0.0 | 2009.07.24 | RKProc!tr |
| GData | 19 | 2009.07.24 | Trojan.Generic.133277 |
| Ikarus | T3.1.1.64.0 | 2009.07.24 | Virus.Win32.Crypt.RV |
| Jiangmin | 11.0.800 | 2009.07.24 | Rootkit.Agent.zf |
| K7AntiVirus | 7.10.800 | 2009.07.23 | Trojan.Win32.Malware.1 |
| Kaspersky | 7.0.0.125 | 2009.07.24 | Rootkit.Win32.Agent.evd |
| McAfee | 5686 | 2009.07.23 | Generic.dx |
| McAfee+Artemis | 5686 | 2009.07.23 | Generic.dx |
| McAfee-GW-Edition | 6.8.5 | 2009.07.24 | Heuristic.BehavesLike.Win32.Rootkit.H |
| Microsoft | 1.4903 | 2009.07.24 | - |
| NOD32 | 4273 | 2009.07.24 | probably a variant of Win32/Rootkit |
| Norman | 6.01.09 | 2009.07.22 | - |
| nProtect | 2009.1.8.0 | 2009.07.24 | Trojan/W32.Rootkit.19840.E |
| Panda | 10.0.0.14 | 2009.07.24 | Trj/Downloader.MDW |
| PCTools | 4.4.2.0 | 2009.07.23 | - |
| Prevx | 3.0 | 2009.07.24 | High Risk Rootkit |
| Rising | 21.39.41.00 | 2009.07.24 | - |
| Sophos | 4.44.0 | 2009.07.24 | Troj/RKProc-Fam |
| Sunbelt | 3.2.1858.2 | 2009.07.23 | - |
| Symantec | 1.4.4.12 | 2009.07.24 | Hacktool.Rootkit |
| TheHacker | 6.3.4.3.373 | 2009.07.24 | Trojan/Agent.evd |
| TrendMicro | 8.950.0.1094 | 2009.07.24 | - |
| VBA32 | 3.12.10.9 | 2009.07.24 | Rootkit.Win32.Agent.evd |
| ViRobot | 2009.7.24.1851 | 2009.07.24 | Trojan.Win32.RT-Agent.19840.D |
| VirusBuster | 4.6.5.0 | 2009.07.23 | Rootkit.Agent.FMWL |
| Additional information |
|---|
| File size: 19840 bytes |
| MD5 : eec75a1aafe07ba5cce21f95e3cf949b |
| SHA1 : 03a5491af9204eb85a34b3777057c784da1ab630 |
| SHA256: 641582ff2cf3f8d57092cd5ae9f55d7b049b4c430a64cdf531b1d53e2073e9de |
| PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x3E3D timedatestamp.....: 0x46B22004 (Thu Aug 2 20:18:44 2007) machinetype.......: 0x14C (Intel I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x300 0x3C12 0x3C80 6.24 097ac20388e47f7471e291a852a9f79e .rdata 0x3F80 0x19B 0x200 3.76 696582751c910e7aa99891457c572ab8 .data 0x4180 0xF8 0x100 0.00 348a9791dc41b89796ec3808b5b5262f INIT 0x4280 0x4F4 0x500 5.22 1bfc763012eaa504a59ac130e5bc1af8 .reloc 0x4780 0x5C8 0x600 6.10 a0916300222d2e4041287c8b9b4f0085 ( 2 imports ) > hal.dll: KfLowerIrql, KeRaiseIrqlToDpcLevel > ntoskrnl.exe: ObfDereferenceObject, PsLookupProcessByProcessId, PsInitialSystemProcess, DbgPrint, MmIsAddressValid, MmGetSystemRoutineAddress, RtlInitUnicodeString, ExFreePoolWithTag, RtlFreeUnicodeString, RtlCompareUnicodeString, ObQueryNameString, RtlAnsiStringToUnicodeString, ZwClose, ObReferenceObjectByHandle, ObOpenObjectByName, RtlInitAnsiString, ExAllocatePoolWithTag, KeDetachProcess, strncpy, _local_unwind2, ObOpenObjectByPointer, PsLookupThreadByThreadId, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, KeServiceDescriptorTable, KeAddSystemServiceTable, PsSetCreateProcessNotifyRoutine, MmUserProbeAddress, KeInitializeDpc, KeNumberProcessors, PsGetCurrentProcessId, ZwQueryInformationProcess, ZwOpenThread, ZwOpenProcess, ZwQuerySystemInformation, IofCompleteRequest, IoDeleteDevice, IoDeleteSymbolicLink, IoCreateSymbolicLink, IoCreateDevice, IoGetCurrentProcess, _except_handler3, strncmp ( 0 exports ) |
| TrID : File type identification 68.0% (.EXE) Win32 Executable Generic (8527/13/3) 15.9% (.EXE) Generic Win/DOS Executable (2002/3) 15.9% (.EXE) DOS Executable Generic (2000/1) 0.0% (.CEL) Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) |
| ssdeep: 384:e9d23fp6f7mcCfzrpotKBXIWHfnaq9z6tGEYEZSr8/mugp:8SnKbOx9z6t/RSamR |
| Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=C71D736880D7EA574DAA00F0F988A9008501E6B7 |
| PEiD : - |
| CWSandbox: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=eec75a1aafe07ba5cce21f95e3cf949b |
| RDS : NSRL Reference Data Set - |
ATTENTION:
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
