× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 14e12e3a145f898cb8b89fb75e0100d47d04e3bfd3078c315fe1f3cbf30fefee
File name: SPTD.SYS
Detection ratio: 0 / 67
Analysis date: 2019-04-13 08:13:20 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Acronis 20190412
Ad-Aware 20190413
AegisLab 20190413
AhnLab-V3 20190412
Alibaba 20190402
ALYac 20190413
Antiy-AVL 20190413
Arcabit 20190413
Avast 20190413
Avast-Mobile 20190413
AVG 20190413
Avira (no cloud) 20190412
Babable 20180918
Baidu 20190318
BitDefender 20190413
Bkav 20190412
CAT-QuickHeal 20190412
ClamAV 20190412
CMC 20190321
Comodo 20190413
CrowdStrike Falcon (ML) 20190212
Cybereason 20190403
Cyren 20190413
DrWeb 20190413
eGambit 20190413
Emsisoft 20190413
Endgame 20190403
ESET-NOD32 20190413
F-Secure 20190413
FireEye 20190413
Fortinet 20190413
GData 20190413
Ikarus 20190413
Sophos ML 20190313
Jiangmin 20190413
K7AntiVirus 20190413
K7GW 20190413
Kaspersky 20190413
Kingsoft 20190413
Malwarebytes 20190413
MAX 20190413
McAfee 20190413
McAfee-GW-Edition 20190413
Microsoft 20190413
eScan 20190413
NANO-Antivirus 20190413
Palo Alto Networks (Known Signatures) 20190413
Panda 20190413
Qihoo-360 20190413
Rising 20190413
SentinelOne (Static ML) 20190407
Sophos AV 20190413
SUPERAntiSpyware 20190410
Symantec Mobile Insight 20190410
TACHYON 20190413
Tencent 20190413
TheHacker 20190411
TotalDefense 20190413
Trapmine 20190325
TrendMicro-HouseCall 20190413
Trustlook 20190413
VBA32 20190412
VIPRE 20190413
ViRobot 20190412
Yandex 20190412
Zillya 20190412
ZoneAlarm by Check Point 20190413
Zoner 20190413
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2004

Product SCSI Pass Through Direct
Original name sptd.sys
Internal name SPTD.SYS
File version 1.74.0.0 built by: WinDDK
Description SCSI Pass Through Direct Host
Signature verification Signed file, verified signature
Signing date 8:13 AM 8/24/2010
Signers
[+] Duplex Secure Ltd
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2009-2 CA
Valid from 12:00 AM 07/21/2010
Valid to 11:59 PM 08/21/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint E3434EC2E75E31917F4E2137A64ABE66A203E9E3
Serial number 62 11 26 C5 A4 5D 51 53 1C 0B 91 37 50 EB A7 5C
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 12:00 AM 05/21/2009
Valid to 11:59 PM 05/20/2019
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 01:00 AM 01/29/1996
Valid to 11:59 PM 08/01/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 12:00 AM 06/15/2007
Valid to 11:59 PM 06/14/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 01:00 AM 12/04/2003
Valid to 12:59 AM 12/04/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 01/01/1997
Valid to 12:59 AM 01/01/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine x64
Compilation timestamp 2010-08-24 06:13:12
Entry Point 0x001561AD
Number of sections 10
PE sections
Overlays
MD5 7d10c3469df82aca0509ca406cfe098c
File type data
Offset 496640
Size 6712
Entropy 7.29
PE imports
KeStallExecutionProcessor
HalMakeBeep
ScsiPortInitialize
ExDeleteResourceLite
ExQueryDepthSList
ExInitializePagedLookasideList
RtlWriteRegistryValue
IoDriverObjectType
IoWriteErrorLogEntry
MmGetSystemRoutineAddress
ExInitializeResourceLite
PsGetVersion
IoGetCurrentProcess
IoInitializeIrp
ProbeForWrite
KeSetEvent
ProbeForRead
ExAllocatePool
ObReferenceObjectByHandle
RtlFreeUnicodeString
MmSizeOfMdl
RtlDeleteRegistryValue
IoWMIWriteEvent
ExInterlockedRemoveHeadList
ExAcquireResourceSharedLite
MmUnmapIoSpace
NtQuerySystemInformation
IoBuildSynchronousFsdRequest
IoGetDeviceObjectPointer
MmUserProbeAddress
_wcsnicmp
ZwQuerySymbolicLinkObject
KeInitializeSemaphore
ExReleaseResourceLite
IoCreateDevice
RtlUnicodeStringToAnsiString
IoDeleteDevice
sprintf
ExFreePool
ExDeleteNPagedLookasideList
MmMapIoSpace
MmHighestUserAddress
KeResetEvent
MmGetPhysicalAddress
KeEnterCriticalRegion
IoAllocateMdl
KeReleaseInStackQueuedSpinLock
DbgBreakPoint
ZwOpenDirectoryObject
ObfReferenceObject
MmIsAddressValid
IoWMIRegistrationControl
KeReleaseSemaphore
RtlCompareMemory
RtlInitUnicodeString
IoBuildPartialMdl
KeInitializeEvent
KeReleaseInStackQueuedSpinLockFromDpcLevel
MmMapLockedPagesSpecifyCache
KeAcquireInStackQueuedSpinLock
strncpy
ExInitializeNPagedLookasideList
__C_specific_handler
ExpInterlockedPopEntrySList
MmProbeAndLockPages
ExDeletePagedLookasideList
KeWaitForMultipleObjects
IoBuildDeviceIoControlRequest
KeClearEvent
ExGetPreviousMode
IoReuseIrp
IoIs32bitProcess
IoFreeIrp
RtlAnsiStringToUnicodeString
KeWaitForSingleObject
ExAcquireResourceExclusiveLite
ExQueueWorkItem
IoFileObjectType
IoAllocateErrorLogEntry
RtlInitAnsiString
ExAllocatePoolWithTag
swprintf
RtlUpcaseUnicodeString
IoGetDeviceProperty
MmUnlockPages
IoSetThreadHardErrorMode
RtlStringFromGUID
ExpInterlockedPushEntrySList
RtlQueryRegistryValues
IoRegisterShutdownNotification
ExInterlockedInsertTailList
IoAllocateIrp
_wcsicmp
IofCompleteRequest
RtlEqualUnicodeString
KeLeaveCriticalRegion
KeAcquireInStackQueuedSpinLockAtDpcLevel
IofCallDriver
ExFreePoolWithTag
ZwOpenSymbolicLinkObject
PsGetCurrentProcessId
KeDelayExecutionThread
wcsstr
ObfDereferenceObject
ExAllocatePoolWithTagPriority
IoFreeMdl
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.2

InitializedDataSize
287232

ImageVersion
6.0

ProductName
SCSI Pass Through Direct

FileVersionNumber
1.74.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
sptd.sys

MIMEType
application/octet-stream

Subsystem
Native

FileVersion
1.74.0.0 built by: WinDDK

TimeStamp
2010:08:24 08:13:12+02:00

FileType
Win64 EXE

PEType
PE32+

InternalName
SPTD.SYS

ProductVersion
1.74.0.0

FileDescription
SCSI Pass Through Direct Host

OSVersion
6.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2004

MachineType
AMD AMD64

CompanyName
Duplex Secure Ltd.

CodeSize
1419776

FileSubtype
7

ProductVersionNumber
1.74.0.0

EntryPoint
0x1561ad

ObjectFileType
Driver

File identification
MD5 34f974f8b3c86de03a30dcbe79091c97
SHA1 3b2d254a7920dbc7b7bc40578191c2823e03b88f
SHA256 14e12e3a145f898cb8b89fb75e0100d47d04e3bfd3078c315fe1f3cbf30fefee
ssdeep
12288:w+8mXEgcNcdhcb2RHLclnvtNXpqGOPWhqqNO9FVO4eAdaTk0cX:7rkQhi2ROvtNXprqqAV4AETk0G

authentihash e1c217713a50daccc4bd9ee121b174a68ea9e05eb8f5254250bf41c526b46881
imphash df51c4a893239e68071a5531ebe7aacc
File size 491.6 KB ( 503352 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (native) Mono/.Net assembly

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe assembly overlay signed 64bits native

VirusTotal metadata
First submission 2010-09-11 07:06:42 UTC ( 8 years, 8 months ago )
Last submission 2019-02-18 04:30:16 UTC ( 3 months ago )
File names sptd.sys
sptd.sys
1sptd.sys
file-2285726_dta
tsk0000.dta
SPTD.SYS
avz00036.dta
sptd.sys
sptd.sys
smona130904706761939918495
sptd.sys
tsk0000 (3).dta
file-3526246_dta
sptd.sys
sptd.net
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!