× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3d6db9514594377cacfd766f0153b8dcf51ddf4172864daf589cb1ee480d2027
File name: nvstor64.sys
Detection ratio: 0 / 65
Analysis date: 2018-03-27 06:04:57 UTC ( 1 year ago )
Antivirus Result Update
Ad-Aware 20180327
AegisLab 20180327
AhnLab-V3 20180327
Alibaba 20180327
ALYac 20180327
Antiy-AVL 20180326
Arcabit 20180327
Avast 20180326
Avast-Mobile 20180325
AVG 20180326
Avira (no cloud) 20180326
AVware 20180327
Baidu 20180327
BitDefender 20180327
Bkav 20180327
CAT-QuickHeal 20180326
ClamAV 20180327
CMC 20180326
Comodo 20180327
CrowdStrike Falcon (ML) 20170201
Cybereason None
Cylance 20180327
Cyren 20180327
DrWeb 20180327
eGambit 20180327
Emsisoft 20180327
Endgame 20180316
ESET-NOD32 20180327
F-Prot 20180327
F-Secure 20180327
Fortinet 20180327
GData 20180327
Ikarus 20180326
Sophos ML 20180121
Jiangmin 20180327
K7AntiVirus 20180327
K7GW 20180327
Kaspersky 20180327
Kingsoft 20180327
MAX 20180327
McAfee 20180327
McAfee-GW-Edition 20180327
Microsoft 20180327
eScan 20180327
NANO-Antivirus 20180327
nProtect 20180327
Palo Alto Networks (Known Signatures) 20180327
Panda 20180325
Qihoo-360 20180327
Rising 20180327
SentinelOne (Static ML) 20180225
Sophos AV 20180327
SUPERAntiSpyware 20180327
Symantec 20180327
Symantec Mobile Insight 20180311
Tencent 20180327
TheHacker 20180326
TotalDefense 20180327
TrendMicro 20180327
TrendMicro-HouseCall 20180327
Trustlook 20180327
VBA32 20180326
VIPRE 20180327
ViRobot 20180327
WhiteArmor 20180324
Yandex 20180324
Zillya 20180326
ZoneAlarm by Check Point 20180327
Zoner 20180326
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright(C) 2001-2009 NVIDIA Corporation

Product NVIDIA nForce(TM) SATA Driver
Original name nvstor.sys
Internal name NVIDIA nForce(TM) SATA Driver
File version 11.1.0.33 built by: WinDDK
Description NVIDIA® nForce(TM) Sata Performance Driver
Signature verification Signed file, verified signature
Signing date 1:45 AM 8/5/2009
Signers
[+] NVIDIA Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2004 CA
Valid from 1:00 AM 8/7/2007
Valid to 12:59 AM 9/2/2009
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 4A01146860FD9D3F74F7B07E31ECC39DE9533D9F
Serial number 3A F8 20 A6 90 76 99 58 04 10 05 52 28 EC AD DF
[+] VeriSign Class 3 Code Signing 2004 CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 7/16/2004
Valid to 12:59 AM 7/16/2014
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 197A4AEBDB25F0170079BB8C73CB2D655E0018A4
Serial number 41 91 A1 5A 39 78 DF CF 49 65 66 38 1D 4C 75 C2
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine x64
Compilation timestamp 2009-08-05 00:31:07
Entry Point 0x00030008
Number of sections 7
PE sections
Overlays
MD5 39c2592de80a166e25651b54b498dbab
File type data
Offset 235008
Size 6688
Entropy 7.29
PE imports
IoQueueWorkItem
RtlInitAnsiString
IoWriteErrorLogEntry
RtlVerifyVersionInfo
IoAllocateErrorLogEntry
KeInitializeEvent
PoRegisterPowerSettingCallback
IoBuildDeviceIoControlRequest
KeReleaseSpinLock
KeWaitForSingleObject
IoAllocateWorkItem
KeBugCheckEx
IofCallDriver
RtlGetVersion
KeAcquireSpinLockRaiseToDpc
IoFreeWorkItem
VerSetConditionMask
StorPortGetBusData
StorPortResume
StorPortAllocateRegistryBuffer
StorPortSynchronizeAccess
StorPortFreeRegistryBuffer
StorPortExtendedFunction
ScsiPortNotification
StorPortNotification
StorPortInitialize
StorPortGetScatterGatherList
StorPortGetUncachedExtension
StorPortGetLogicalUnit
StorPortSetBusDataByOffset
StorPortPause
StorPortGetDeviceBase
StorPortRegistryRead
StorPortSetDeviceQueueDepth
StorPortFreeDeviceBase
StorPortGetPhysicalAddress
StorPortResumeDevice
StorPortPauseDevice
StorPortStallExecution
StorPortDebugPrint
Number of PE resources by type
RT_MESSAGETABLE 17
MOFDATA 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 2
ENGLISH US 2
SWEDISH 1
DANISH DEFAULT 1
NORWEGIAN BOKMAL 1
PORTUGUESE BRAZILIAN 1
GERMAN 1
CHINESE TRADITIONAL 1
DUTCH 1
FRENCH 1
FINNISH DEFAULT 1
JAPANESE DEFAULT 1
SPANISH 1
RUSSIAN 1
KOREAN 1
SPANISH MEXICAN 1
ITALIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
89088

ImageVersion
6.0

ProductName
NVIDIA nForce(TM) SATA Driver

FileVersionNumber
11.1.0.33

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
NVIDIA nForce(TM) Sata Performance Driver

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
nvstor.sys

MIMEType
application/octet-stream

Subsystem
Native

FileVersion
11.1.0.33 built by: WinDDK

TimeStamp
2009:08:05 01:31:07+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
NVIDIA nForce(TM) SATA Driver

ProductVersion
11.1.0.33

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright(C) 2001-2009 NVIDIA Corporation

MachineType
AMD AMD64

CompanyName
NVIDIA Corporation

CodeSize
145920

FileSubtype
7

ProductVersionNumber
11.1.0.33

EntryPoint
0x30008

ObjectFileType
Driver

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
Compressed bundles
File identification
MD5 1e45f96342429d63dc30e0d9117da3d8
SHA1 76e7bfb87575a9bf9b3257472678855f6e146d1a
SHA256 3d6db9514594377cacfd766f0153b8dcf51ddf4172864daf589cb1ee480d2027
ssdeep
3072:+A2MIAvLspyafcgo5wjuiwPdweVZQPvnnyztQ1eNX6k1dlxNLoB:C9pyafluiQfZQPvnnyzFLC

authentihash a3864811e45356bf9703c1189c35728aa06abefe676f7a3bf05a9029d029c832
imphash a0f3584e1074751603f41c4d04782e9f
File size 236.0 KB ( 241696 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (native) Mono/.Net assembly

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe assembly overlay signed 64bits native

VirusTotal metadata
First submission 2010-05-02 16:20:06 UTC ( 8 years, 11 months ago )
Last submission 2018-03-27 06:04:57 UTC ( 1 year ago )
File names nvstor64.sys
nvstor64.sys
3d6db9514594377cacfd766f0153b8dcf51ddf4172864daf589cb1ee480d2027-317296c9-c174-43a7-a106-6a03ea38c5db.hmp0001a.temp
nvstor6A.sys
nvstor.sys
NVIDIA nForce(TM) SATA Driver
3d6db9514594377cacfd766f0153b8dcf
nvstor64.sys
nvstor64.sys
nvstor64.sys
avw4mcsg.sys
nvstor64.sys.temp_3642
nvstor64.sys
a4n65ghq.sys
afs6mj6m.sys
aaoch2ma.sys
@@partial@@_nvstor64.sys
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!