× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1727dfedf8389fd3fef3ba381dc34f47beb8b0f62c3b11778330db15e2c3487a
File name: SRTSPX
Detection ratio: 0 / 64
Analysis date: 2018-06-29 17:49:12 UTC ( 9 months, 4 weeks ago )
Antivirus Result Update
Ad-Aware 20180629
AegisLab 20180629
AhnLab-V3 20180629
ALYac 20180629
Antiy-AVL 20180629
Arcabit 20180629
Avast 20180629
Avast-Mobile 20180629
AVG 20180629
Avira (no cloud) 20180629
AVware 20180629
Babable 20180406
Baidu 20180628
BitDefender 20180629
Bkav 20180629
CAT-QuickHeal 20180629
ClamAV 20180629
CMC 20180629
Comodo 20180629
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cyren 20180629
DrWeb 20180629
eGambit 20180629
Emsisoft 20180629
Endgame 20180612
ESET-NOD32 20180629
F-Prot 20180629
F-Secure 20180629
Fortinet 20180629
GData 20180629
Ikarus 20180629
Sophos ML 20180601
Jiangmin 20180629
K7AntiVirus 20180629
K7GW 20180629
Kaspersky 20180629
Kingsoft 20180629
Malwarebytes 20180629
MAX 20180629
McAfee 20180629
McAfee-GW-Edition 20180629
Microsoft 20180629
eScan 20180629
NANO-Antivirus 20180629
Palo Alto Networks (Known Signatures) 20180629
Panda 20180629
Qihoo-360 20180629
SentinelOne (Static ML) 20180618
Sophos AV 20180629
SUPERAntiSpyware 20180629
Symantec 20180629
Symantec Mobile Insight 20180629
TACHYON 20180629
Tencent 20180629
TheHacker 20180628
TotalDefense 20180629
Trustlook 20180629
VBA32 20180629
VIPRE 20180629
ViRobot 20180629
Webroot 20180629
Yandex 20180629
Zillya 20180629
ZoneAlarm by Check Point 20180629
Zoner 20180629
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2006 - 2011 Symantec Corporation

Product AutoProtect
Original name SRTSPX.SYS
Internal name SRTSPX
File version 12.3.3.13
Description Symantec AutoProtect
Signature verification Signed file, verified signature
Signing date 3:03 AM 9/27/2011
Signers
[+] Symantec Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2009-2 CA
Valid from 1:00 AM 9/8/2010
Valid to 12:59 AM 11/24/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 99EBE773E163542C94817AAAC3B93A6704732EEE
Serial number 66 66 05 52 D4 65 B3 1F 42 9F 75 27 EA 6A 93 BF
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-09-27 01:18:50
Entry Point 0x0000D3C4
Number of sections 8
PE sections
Overlays
MD5 507e8770b244f52cea8b6c36a85df61c
File type data
Offset 25088
Size 6776
Entropy 7.28
PE imports
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
_purecall
RtlInitUnicodeString
ExDeleteResourceLite
KeGetCurrentThread
KeInitializeEvent
memset
ExInterlockedPushEntrySList
RtlUnwind
_except_handler3
RtlQueryRegistryValues
ExInitializeNPagedLookasideList
IoCreateDevice
IoDeleteDevice
KeTickCount
IoGetCurrentProcess
ExFreePool
ExAllocatePoolWithTag
KeBugCheckEx
ExDeleteNPagedLookasideList
RtlStringFromGUID
IofCompleteRequest
IoDeleteSymbolicLink
ExSemaphoreObjectType
ProbeForWrite
KeLeaveCriticalRegion
ExReleaseResourceLite
ObfDereferenceObject
ExAcquireResourceExclusiveLite
ExInitializeResourceLite
ExFreePoolWithTag
RtlFreeUnicodeString
ProbeForRead
MmGetSystemRoutineAddress
memcpy
KeNumberProcessors
KeEnterCriticalRegion
ExInterlockedPopEntrySList
RtlCompareUnicodeString
IoCreateSymbolicLink
IoWMIWriteEvent
ObReferenceObjectByHandle
IoWMIRegistrationControl
KeReleaseSemaphore
RtlCompareMemory
ExAcquireResourceSharedLite
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
0

FileVersionNumber
12.3.3.13

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x009f

CharacterSet
Unicode

InitializedDataSize
24576

EntryPoint
0xd3c4

OriginalFileName
SRTSPX.SYS

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2006 - 2011 Symantec Corporation

FileVersion
12.3.3.13

TimeStamp
2011:09:27 02:18:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SRTSPX

ProductVersion
12.3

FileDescription
Symantec AutoProtect

OSVersion
6.1

FileOS
Windows NT

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

CompanyName
Symantec Corporation

CodeSize
18432

ProductName
AutoProtect

ProductVersionNumber
12.3.0.0

FileTypeExtension
exe

ObjectFileType
Driver

File identification
MD5 3c01529e8b986d9dc7489f7ce8bcad91
SHA1 b465ff4fa36beab9e1f9759e8ad9d4b017313a54
SHA256 1727dfedf8389fd3fef3ba381dc34f47beb8b0f62c3b11778330db15e2c3487a
ssdeep
768:9m2dvO/El87CpxmZwSOLz3cXxfJVUUacfejLWMmWabC+:9mSGMl87YSxfJVRaWMaDWiC+

authentihash b528dfe0a890722c11908a07b7db9c8c5772882a94bdb5fcf61eb0bc3f22053e
imphash 134bba329a925e4367c83f3d1342676a
File size 31.1 KB ( 31864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay signed native

VirusTotal metadata
First submission 2011-11-27 19:49:55 UTC ( 7 years, 4 months ago )
Last submission 2012-10-11 18:03:47 UTC ( 6 years, 6 months ago )
File names srtspx(337).sys
SRTSPX
srtspx.sys
DPYWAEPYQS-957.pms.sys.SVD
srtspx.sys
SRTSPX.SYS
srtspx.sys
srtspx(381).sys
srtspx(383).sys
srtspx.sys
SRTSPX.SYS
B7AAB0BF789FFC957C9A00FED2B92F00F41EB414.sys
SRTSPX.SYS
srtspx.sys
vt-upload-Kmfcih
SRTSPX.SYS
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!