× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 084231238a3e5dec748ef67aa80485a3a5f4a9d3a13d338128bba2bea702b119
File name: sptd.sys
Detection ratio: 0 / 53
Analysis date: 2015-11-21 06:05:25 UTC ( 3 years, 4 months ago )
Antivirus Result Update
Ad-Aware 20151121
AegisLab 20151120
Yandex 20151120
AhnLab-V3 20151120
Alibaba 20151120
ALYac 20151121
Antiy-AVL 20151121
Arcabit 20151121
Avast 20151121
AVG 20151121
AVware 20151121
Baidu-International 20151120
BitDefender 20151121
ByteHero 20151121
CAT-QuickHeal 20151121
ClamAV 20151121
CMC 20151118
Comodo 20151121
Cyren 20151121
DrWeb 20151121
Emsisoft 20151121
ESET-NOD32 20151121
F-Prot 20151121
F-Secure 20151120
Fortinet 20151120
GData 20151121
Ikarus 20151120
Jiangmin 20151121
K7AntiVirus 20151120
K7GW 20151121
Kaspersky 20151121
Malwarebytes 20151121
McAfee 20151121
McAfee-GW-Edition 20151121
Microsoft 20151121
eScan 20151121
NANO-Antivirus 20151121
nProtect 20151120
Panda 20151119
Qihoo-360 20151121
Rising 20151117
Sophos AV 20151121
SUPERAntiSpyware 20151121
Symantec 20151120
Tencent 20151121
TheHacker 20151119
TrendMicro 20151121
TrendMicro-HouseCall 20151121
VBA32 20151120
VIPRE 20151121
ViRobot 20151121
Zillya 20151120
Zoner 20151121
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2004

Publisher Duplex Secure Ltd
Product SCSI Pass Through Direct
Original name sptd.sys
Internal name SPTD.SYS
File version 1.60.0.0 built by: WinDDK
Description SCSI Pass Through Direct Host
Signature verification Signed file, verified signature
Signing date 9:13 PM 7/26/2009
Signers
[+] Duplex Secure Ltd
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 6/27/2007
Valid to 12:59 AM 8/23/2010
Valid usage Code Signing
Algorithm SHA1
Thumbprint 5F50A775CF44D5AD7CCC02DD665B408ABB2EE002
Serial number 32 17 B3 18 D8 B2 B1 50 1B 37 11 EE 65 20 57 04
[+] VeriSign Class 3 Code Signing 2004 CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer None
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm MD2
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-07-26 20:12:28
Entry Point 0x00069B6C
Number of sections 12
PE sections
Overlays
MD5 5d4838519b88d6ef91cdd57e06fbafa2
File type data
Offset 715776
Size 6640
Entropy 7.30
PE imports
READ_PORT_UCHAR
KfReleaseSpinLock
KfLowerIrql
KeStallExecutionProcessor
KeRaiseIrqlToDpcLevel
KfAcquireSpinLock
KfRaiseIrql
KeGetCurrentIrql
ScsiPortInitialize
ExDeleteResourceLite
_allmul
ExInitializePagedLookasideList
RtlWriteRegistryValue
IoDriverObjectType
IoWriteErrorLogEntry
_except_handler3
MmGetSystemRoutineAddress
ExfInterlockedRemoveHeadList
KeCancelTimer
ExInitializeResourceLite
RtlInsertElementGenericTable
PsGetVersion
IoGetCurrentProcess
IoInitializeIrp
KeSetImportanceDpc
ProbeForWrite
KeSetEvent
ProbeForRead
ObReferenceObjectByHandle
IoBuildPartialMdl
RtlFreeUnicodeString
MmSizeOfMdl
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
RtlDeleteRegistryValue
IoGetRelatedDeviceObject
memmove
IoWMIWriteEvent
ExAcquireResourceSharedLite
MmUnmapIoSpace
IoBuildSynchronousFsdRequest
IoGetDeviceObjectPointer
memset
_wcsnicmp
_wcsicmp
ExInterlockedPushEntrySList
KeInitializeSemaphore
_alldiv
ExReleaseResourceLite
MmLockPagableDataSection
IoCreateDevice
RtlUnicodeStringToAnsiString
IoDeleteDevice
sprintf
MmIsDriverVerifying
RtlLookupElementGenericTable
ExDeleteNPagedLookasideList
MmMapIoSpace
ExAllocateFromPagedLookasideList
MmHighestUserAddress
KeResetEvent
ExfInterlockedInsertTailList
MmGetPhysicalAddress
KeEnterCriticalRegion
IoAllocateMdl
ZwOpenDirectoryObject
IoDeviceObjectType
ObfReferenceObject
MmIsAddressValid
IoWMIRegistrationControl
KeReleaseSemaphore
RtlCompareMemory
KeQuerySystemTime
RtlInitUnicodeString
IoAllocateIrp
MmBuildMdlForNonPagedPool
KeInitializeEvent
MmMapLockedPagesSpecifyCache
strncpy
ExInitializeNPagedLookasideList
_aullrem
ObReferenceObjectByPointer
MmProbeAndLockPages
ExDeletePagedLookasideList
KeWaitForMultipleObjects
IoBuildDeviceIoControlRequest
KeClearEvent
RtlInitializeGenericTable
ExGetPreviousMode
IoReuseIrp
RtlUpcaseUnicodeString
IoFreeIrp
KeGetCurrentThread
RtlAnsiStringToUnicodeString
IoFileObjectType
KeSetTimer
ObfDereferenceObject
ExAcquireResourceExclusiveLite
_allrem
KeInitializeDpc
ExQueueWorkItem
MmUserProbeAddress
IoAllocateErrorLogEntry
RtlInitAnsiString
ExAllocatePoolWithTag
RtlStringFromGUID
MmUnlockPages
IoSetThreadHardErrorMode
swprintf
IoBuildAsynchronousFsdRequest
RtlQueryRegistryValues
RtlDeleteElementGenericTable
_allshr
IoRegisterShutdownNotification
ExFreeToPagedLookasideList
ZwQuerySymbolicLinkObject
IofCompleteRequest
RtlEqualUnicodeString
FsRtlGetFileSize
_aulldiv
memcpy
KeLeaveCriticalRegion
KeInitializeTimer
IofCallDriver
ExFreePoolWithTag
ExInterlockedPopEntrySList
ZwOpenSymbolicLinkObject
PsGetCurrentProcessId
KeInsertQueueDpc
KeBugCheckEx
KeDelayExecutionThread
wcsstr
KeWaitForSingleObject
ZwClose
ExAllocatePoolWithTagPriority
IoFreeMdl
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
8.0

ImageVersion
6.0

FileSubtype
7

FileVersionNumber
1.60.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
99840

EntryPoint
0x69b6c

OriginalFileName
sptd.sys

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2004

FileVersion
1.60.0.0 built by: WinDDK

TimeStamp
2009:07:26 21:12:28+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SPTD.SYS

ProductVersion
1.60.0.0

FileDescription
SCSI Pass Through Direct Host

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

CompanyName
Duplex Secure Ltd.

CodeSize
439296

ProductName
SCSI Pass Through Direct

ProductVersionNumber
1.60.0.0

FileTypeExtension
exe

ObjectFileType
Driver

File identification
MD5 a80cd850d69d996c832bea37e3a6aa1e
SHA1 ee943d4fd6312733fe14d6b4ad9f649732c774c7
SHA256 084231238a3e5dec748ef67aa80485a3a5f4a9d3a13d338128bba2bea702b119
ssdeep
12288:F1cRVv3BRxsVvAF8n77QUEqPm5lrAnalheOOJs1OopAguGW7UU6u2EaK6ZFPDJz:PQ1bxsVoF8vQWPm7EaKrU1Hzz

authentihash c3bfb2a166d603a511ab523a99ba658b2e797421e86029f4046128f299bd22ce
imphash 26fdd58cc7623c9a02f23e37ba7cb010
File size 705.5 KB ( 722416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Clipper DOS Executable (11.7%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe native signed overlay

VirusTotal metadata
First submission 2009-08-06 10:18:20 UTC ( 9 years, 7 months ago )
Last submission 2015-11-21 06:05:25 UTC ( 3 years, 4 months ago )
File names 7DD1E839F018740205620B77C368DD009D44D3B8.sys
sptd.sys
DMP130C.tmp
avz00002.dta
file-3170746_sys
xxsptd.sys
DMPA.tmp
tsk0000.dta
avz00001.dta
SPTD.SYS
1
avz00005.dta
A80CD850D69D996C832BEA37E3A6AA1E
prtFD.tmp
a80cd850d69d996c832bea37e3a6aa1e
prtA.tmp
SPTD.SYS._EE943D4FD6312733FE14D6B4AD9F649732C774C7
smona131888382249044544244
avz00001.sys
#sptd#.sys
file-750085_sys
7dd1e839f018740205620b77c368dd009d44d3b8.EXE
DMP1C.tmp
BADBOYsptd.sys
avz00044.dta
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!