× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3df106a361b0fb17834df2ac0072db95bcbfe2abbb77fcaaaeade2f8d0ea5e03
File name: PCTCore.sys
Detection ratio: 0 / 66
Analysis date: 2018-03-14 22:51:31 UTC ( 4 months ago )
Antivirus Result Update
Ad-Aware 20180314
AegisLab 20180314
AhnLab-V3 20180314
Alibaba 20180314
ALYac 20180314
Antiy-AVL 20180314
Arcabit 20180314
Avast 20180314
Avast-Mobile 20180314
AVG 20180314
Avira (no cloud) 20180314
AVware 20180314
Baidu 20180314
BitDefender 20180314
Bkav 20180314
CAT-QuickHeal 20180314
ClamAV 20180314
CMC 20180314
Comodo 20180314
CrowdStrike Falcon (ML) 20170201
Cybereason None
Cylance 20180314
Cyren 20180314
DrWeb 20180314
eGambit 20180314
Emsisoft 20180314
Endgame 20180308
ESET-NOD32 20180314
F-Prot 20180314
F-Secure 20180311
Fortinet 20180314
GData 20180314
Ikarus 20180314
Sophos ML 20180121
Jiangmin 20180314
K7AntiVirus 20180314
K7GW 20180314
Kaspersky 20180314
Kingsoft 20180314
Malwarebytes 20180314
MAX 20180314
McAfee 20180314
McAfee-GW-Edition 20180314
Microsoft 20180314
eScan 20180314
NANO-Antivirus 20180314
nProtect 20180314
Palo Alto Networks (Known Signatures) 20180314
Panda 20180314
Rising 20180314
SentinelOne (Static ML) 20180225
Sophos AV 20180314
SUPERAntiSpyware 20180314
Symantec 20180314
Symantec Mobile Insight 20180311
Tencent 20180314
TheHacker 20180311
TotalDefense 20180314
TrendMicro 20180314
TrendMicro-HouseCall 20180314
Trustlook 20180314
VBA32 20180314
VIPRE 20180314
ViRobot 20180314
Webroot 20180314
WhiteArmor 20180223
Yandex 20180314
Zillya 20180314
ZoneAlarm by Check Point 20180314
Zoner 20180314
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2010 PC Tools. All rights reserved.

Product Kernel Driver Suite
Original name PCTCore.sys
Internal name PCTCore.sys
File version 2.1.0.506 built by: WinDDK
Description PC Tools KDS Core Driver
Signature verification Signed file, verified signature
Signing date 3:36 AM 4/23/2012
Signers
[+] PC Tools
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2009-2 CA
Valid from 1:00 AM 7/10/2009
Valid to 12:59 AM 8/16/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 3DE4483E904BBE26DBF0D5A5FD8962ACD0C4D9A3
Serial number 42 AB DC 23 7D 1B A3 16 64 BA 4E 7B 05 F2 36 52
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-04-23 02:28:27
Entry Point 0x0005217F
Number of sections 7
PE sections
Overlays
MD5 1bd0e70fbcff451658467378abba0018
File type data
Offset 374272
Size 9096
Entropy 7.48
PE imports
FltParseFileNameInformation
FltCloseCommunicationPort
FltCreateFile
FltSetInstanceContext
FltClose
FltCancelFileOpen
FltGetTunneledName
FltQueryInformationFile
FltBuildDefaultSecurityDescriptor
FltGetDiskDeviceObject
FltGetRequestorProcessId
FltIsDirectory
FltAllocateContext
FltGetDestinationFileNameInformation
FltRegisterFilter
FltGetFileNameInformation
FltGetVolumeFromFileObject
FltGetStreamHandleContext
FltReadFile
FltWriteFile
FltUnregisterFilter
FltFreeCallbackData
FltEnumerateInstances
FltGetVolumeGuidName
FltSetStreamContext
FltCloseClientPort
FltAllocateCallbackData
FltStartFiltering
FltGetDeviceObject
FltGetStreamContext
FltSetStreamHandleContext
FltObjectDereference
FltFlushBuffers
FltSetInformationFile
FltGetInstanceContext
FltReleaseContext
FltCreateCommunicationPort
FltGetBottomInstance
FltSendMessage
FltFreeSecurityDescriptor
FltReferenceContext
FltDeleteContext
FltReleaseFileNameInformation
FltGetVolumeName
FltPerformSynchronousIo
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
FsRtlIsNameInExpression
RtlIsNameLegalDOS8Dot3
ZwOpenKey
ExDeleteResourceLite
_allmul
RtlAppendUnicodeStringToString
IoInitializeRemoveLockEx
PoCallDriver
RtlNumberGenericTableElements
RtlGUIDFromString
IoWriteErrorLogEntry
IoIsWdmVersionAvailable
KeUnstackDetachProcess
ZwWriteFile
IofCallDriver
PsLookupThreadByThreadId
NlsMbOemCodePageTag
IoRegisterShutdownNotification
ExfInterlockedRemoveHeadList
IoReleaseCancelSpinLock
ExInitializeResourceLite
RtlInsertElementGenericTable
PsGetCurrentThreadId
ZwMapViewOfSection
ZwQueryKey
IoReleaseRemoveLockAndWaitEx
PsTerminateSystemThread
PsSetCreateProcessNotifyRoutine
RtlIntegerToUnicodeString
IoDeleteSymbolicLink
KeSetEvent
ProbeForRead
RtlxAnsiStringToUnicodeSize
ObReferenceObjectByHandle
KeStackAttachProcess
RtlFreeUnicodeString
ZwQueryInformationProcess
MmGetSystemRoutineAddress
memcpy
KeAreApcsDisabled
RtlAppendUnicodeToString
FsRtlIsPagingFile
memmove
ZwFlushKey
ObOpenObjectByPointer
IoGetRelatedDeviceObject
IoWMIWriteEvent
RtlxUnicodeStringToAnsiSize
IoCreateSymbolicLink
IoCreateFileSpecifyDeviceObjectHint
ObfReferenceObject
ZwReadFile
PsLookupProcessByProcessId
RtlAnsiCharToUnicodeChar
KeReadStateEvent
IoCreateStreamFileObject
IoBuildSynchronousFsdRequest
IoGetDeviceObjectPointer
memset
KeSetPriorityThread
ZwOpenProcess
_alldiv
ExReleaseResourceLite
IoCreateDevice
RtlUnicodeStringToAnsiString
IoRegisterPlugPlayNotification
IoDeleteDevice
ExInterlockedAddLargeInteger
IoGetCurrentProcess
ZwDeleteKey
ExfInterlockedPushEntryList
KeServiceDescriptorTable
RtlEqualString
RtlLookupElementGenericTable
ZwQueryObject
PsGetVersion
RtlAssert
IoAttachDeviceToDeviceStack
FsRtlDissectName
KeEnterCriticalRegion
IoAllocateMdl
IoGetDeviceAttachmentBaseRef
ZwOpenFile
PsCreateSystemThread
ExAcquireResourceSharedLite
ZwSetValueKey
ZwCreateSection
ExfInterlockedInsertHeadList
_aullshr
RtlCompareMemory
IoQueueWorkItem
KeQuerySystemTime
RtlInitUnicodeString
IoDetachDevice
IoAllocateIrp
ZwQuerySystemInformation
KeInitializeEvent
PsSetLoadImageNotifyRoutine
RtlUnwind
IoFreeWorkItem
ObQueryNameString
IoAcquireRemoveLockEx
RtlUpcaseUnicodeChar
qsort
MmProbeAndLockPages
KeWaitForMultipleObjects
IoBuildDeviceIoControlRequest
KeTickCount
RtlInitializeGenericTable
MmSectionObjectType
ExGetPreviousMode
FsRtlAreNamesEqual
ExAllocatePoolWithTag
RtlUpcaseUnicodeString
PsSetCreateThreadNotifyRoutine
KeGetCurrentThread
ZwQueryDirectoryFile
RtlAnsiStringToUnicodeString
ZwEnumerateValueKey
ExfInterlockedPopEntryList
FsRtlDoesNameContainWildCards
RtlEnumerateGenericTableWithoutSplaying
KeWaitForSingleObject
ExSystemTimeToLocalTime
RtlCompareUnicodeString
RtlDelete
ZwLoadDriver
IoFileObjectType
IoAllocateErrorLogEntry
RtlInitAnsiString
RtlCreateSystemVolumeInformationFolder
IoAllocateWorkItem
ZwWaitForSingleObject
IoGetDeviceProperty
MmUnlockPages
ZwDeleteValueKey
IoFreeIrp
ZwTerminateProcess
RtlDeleteNoSplay
KeQueryTimeIncrement
ZwQueryInformationFile
ZwEnumerateKey
RtlCopyUnicodeString
RtlDeleteElementGenericTable
ZwCreateKey
IoUnregisterPlugPlayNotification
ZwFsControlFile
_allshl
IoUnregisterShutdownNotification
IoReleaseRemoveLockEx
IoWMIRegistrationControl
ZwQuerySymbolicLinkObject
IofCompleteRequest
RtlEqualUnicodeString
KeInitializeSemaphore
_aulldiv
PoStartNextPowerIrp
KeLeaveCriticalRegion
ZwQueryValueKey
KeReleaseSemaphore
ExFreePoolWithTag
IoVolumeDeviceToDosName
ZwUnmapViewOfSection
ZwSetInformationFile
ZwOpenSymbolicLinkObject
IoGetAttachedDeviceReference
PsGetCurrentProcessId
KeBugCheckEx
KeDelayExecutionThread
ZwDuplicateObject
ObfDereferenceObject
ZwClose
IoGetDiskDeviceObject
IoFreeMdl
ExAcquireResourceExclusiveLite
Number of PE resources by type
WEVT_TEMPLATE 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
7

FileVersionNumber
2.1.0.506

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
65536

EntryPoint
0x5217f

OriginalFileName
PCTCore.sys

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2010 PC Tools. All rights reserved.

FileVersion
2.1.0.506 built by: WinDDK

TimeStamp
2012:04:23 03:28:27+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PCTCore.sys

ProductVersion
2.1.0.506

FileDescription
PC Tools KDS Core Driver

OSVersion
6.1

FileOS
Windows NT 32-bit

Subsystem
Native

MachineType
Intel 386 or later, and compatibles

CompanyName
PC Tools

CodeSize
310272

ProductName
Kernel Driver Suite

ProductVersionNumber
2.1.0.506

FileTypeExtension
exe

ObjectFileType
Driver

File identification
MD5 f7da28f2ab6cd32b2f76ee96edad8f20
SHA1 caad8b12711e6b494150c1bddfcc274b5fc9d42d
SHA256 3df106a361b0fb17834df2ac0072db95bcbfe2abbb77fcaaaeade2f8d0ea5e03
ssdeep
6144:ABXKJw3NdUgvuGOC8BI2U9K+W5i+8XTXgxuYHZQ:kNdvsxBIFK+W5HZQ

authentihash 29450ff5fc89c0583c3f018f168294948ec0e95f4a8d55a1acee52e5ad4d55a9
imphash 8c427183219cd6b68369316e15388fd3
File size 374.4 KB ( 383368 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe native signed overlay

VirusTotal metadata
First submission 2012-05-08 16:17:28 UTC ( 6 years, 2 months ago )
Last submission 2014-01-15 13:00:53 UTC ( 4 years, 6 months ago )
File names 902EC90F885EA4B1D969053F643A2500EFCCED2F.sys
PCTCore.sys
file-4713007_sys
PCTCore.sys
pctcore.sys
PCTCore.sys
PCTCore.sys
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!