× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dad7b09341abaa7f26ab7f93bd2b910bd2ba6ecfd317c1bcb66ffec332a655a0
File name: sptd2
Detection ratio: 0 / 67
Analysis date: 2017-11-18 13:20:11 UTC ( 1 year, 1 month ago )
Antivirus Result Update
Ad-Aware 20171118
AegisLab 20171118
AhnLab-V3 20171118
Alibaba 20170911
ALYac 20171118
Antiy-AVL 20171118
Arcabit 20171117
Avast 20171118
Avast-Mobile 20171117
AVG 20171118
Avira (no cloud) 20171118
AVware 20171118
Baidu 20171117
BitDefender 20171118
Bkav 20171118
CAT-QuickHeal 20171118
ClamAV 20171118
CMC 20171117
Comodo 20171118
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20171118
Cyren 20171118
DrWeb 20171118
eGambit 20171118
Emsisoft 20171118
Endgame 20171024
ESET-NOD32 20171118
F-Prot 20171118
F-Secure 20171118
Fortinet 20171118
GData 20171118
Ikarus 20171118
Sophos ML 20170914
Jiangmin 20171117
K7AntiVirus 20171117
K7GW 20171118
Kaspersky 20171118
Kingsoft 20171118
Malwarebytes 20171118
MAX 20171118
McAfee 20171118
McAfee-GW-Edition 20171118
Microsoft 20171118
eScan 20171118
NANO-Antivirus 20171118
nProtect 20171118
Palo Alto Networks (Known Signatures) 20171118
Panda 20171118
Qihoo-360 20171118
Rising 20171118
SentinelOne (Static ML) 20171113
Sophos AV 20171118
SUPERAntiSpyware 20171118
Symantec 20171117
Symantec Mobile Insight 20171117
Tencent 20171118
TheHacker 20171117
TrendMicro 20171118
TrendMicro-HouseCall 20171118
Trustlook 20171118
VBA32 20171117
VIPRE 20171118
ViRobot 20171118
Webroot 20171118
WhiteArmor 20171104
Yandex 20171118
Zillya 20171117
ZoneAlarm by Check Point 20171118
Zoner 20171118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2004

Product SCSI Pass Through Direct
Original name sptd.sys
Internal name SPTD.SYS
File version 1.78.0.0 built by: WinDDK
Description SCSI Pass Through Direct Host
Signature verification Signed file, verified signature
Signing date 8:31 PM 2/27/2011
Signers
[+] Duplex Secure Ltd
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2009-2 CA
Valid from 1:00 AM 7/21/2010
Valid to 12:59 AM 8/22/2013
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint E3434EC2E75E31917F4E2137A64ABE66A203E9E3
Serial number 62 11 26 C5 A4 5D 51 53 1C 0B 91 37 50 EB A7 5C
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer Class 3 Public Primary Certification Authority
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm md2RSA
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine x64
Compilation timestamp 2011-02-27 19:29:52
Entry Point 0x0013FFB2
Number of sections 10
PE sections
Overlays
MD5 f460f031e40d8ae2ed7c406c5c5fc3e6
File type data
Offset 519680
Size 6712
Entropy 7.29
PE imports
KeStallExecutionProcessor
HalMakeBeep
ExDeleteResourceLite
ExQueryDepthSList
ExInitializePagedLookasideList
RtlWriteRegistryValue
IoDriverObjectType
IoWriteErrorLogEntry
MmGetSystemRoutineAddress
ExInitializeResourceLite
PsGetVersion
IoInitializeIrp
ProbeForWrite
KeSetEvent
KeReleaseInStackQueuedSpinLockFromDpcLevel
MmUserProbeAddress
RtlFreeUnicodeString
MmSizeOfMdl
RtlDeleteRegistryValue
IoWMIWriteEvent
ExInterlockedRemoveHeadList
ObfReferenceObject
MmUnmapIoSpace
NtQuerySystemInformation
IoBuildSynchronousFsdRequest
IoGetDeviceObjectPointer
_wcsnicmp
ZwQuerySymbolicLinkObject
KeInitializeSemaphore
ExReleaseResourceLite
IoCreateDevice
RtlUnicodeStringToAnsiString
IoDeleteDevice
IoGetCurrentProcess
ExFreePool
ExDeleteNPagedLookasideList
MmMapIoSpace
MmHighestUserAddress
KeResetEvent
MmGetPhysicalAddress
KeEnterCriticalRegion
IoAllocateMdl
KeReleaseInStackQueuedSpinLock
ZwOpenDirectoryObject
ExAcquireResourceSharedLite
MmIsAddressValid
IoWMIRegistrationControl
KeReleaseSemaphore
RtlCompareMemory
RtlInitUnicodeString
IoBuildPartialMdl
KeInitializeEvent
MmMapLockedPagesSpecifyCache
KeAcquireInStackQueuedSpinLock
_vsnwprintf
ExAllocatePool
ExInitializeNPagedLookasideList
__C_specific_handler
ExpInterlockedPopEntrySList
MmProbeAndLockPages
ExDeletePagedLookasideList
KeWaitForMultipleObjects
IoBuildDeviceIoControlRequest
KeClearEvent
ExGetPreviousMode
IoReuseIrp
RtlUpcaseUnicodeString
IoFreeIrp
RtlAnsiStringToUnicodeString
_vsnprintf
KeWaitForSingleObject
ExAcquireResourceExclusiveLite
ExQueueWorkItem
IoFileObjectType
IoAllocateErrorLogEntry
RtlInitAnsiString
ExAllocatePoolWithTag
IoIs32bitProcess
IoGetDeviceProperty
MmUnlockPages
IoSetThreadHardErrorMode
RtlStringFromGUID
ExpInterlockedPushEntrySList
DbgPrint
RtlQueryRegistryValues
IoRegisterShutdownNotification
ExInterlockedInsertTailList
IoAllocateIrp
_wcsicmp
IofCompleteRequest
RtlEqualUnicodeString
KeLeaveCriticalRegion
KeAcquireInStackQueuedSpinLockAtDpcLevel
IofCallDriver
ExFreePoolWithTag
ProbeForRead
ZwOpenSymbolicLinkObject
PsGetCurrentProcessId
ObReferenceObjectByHandle
KeDelayExecutionThread
wcsstr
ObfDereferenceObject
ExAllocatePoolWithTagPriority
IoFreeMdl
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.2

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
7

FileVersionNumber
1.78.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
287232

EntryPoint
0x13ffb2

OriginalFileName
sptd.sys

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2004

FileVersion
1.78.0.0 built by: WinDDK

TimeStamp
2011:02:27 20:29:52+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
SPTD.SYS

ProductVersion
1.78.0.0

FileDescription
SCSI Pass Through Direct Host

OSVersion
6.1

FileOS
Windows NT 32-bit

Subsystem
Native

MachineType
AMD AMD64

CompanyName
Duplex Secure Ltd.

CodeSize
552960

ProductName
SCSI Pass Through Direct

ProductVersionNumber
1.78.0.0

FileTypeExtension
exe

ObjectFileType
Driver

Compressed bundles
File identification
MD5 a6cff1af7664627a296b6a0a96cf876e
SHA1 0eb7a7b7b4a4658499e23226b9ce881c0837002d
SHA256 dad7b09341abaa7f26ab7f93bd2b910bd2ba6ecfd317c1bcb66ffec332a655a0
ssdeep
12288:Bhqj11Uunn8Z+hSio/CeI33hQrBepyCOWPU/:BG1mZ+hUI3eKy9WPS

authentihash bc444cbcbbe15bad853013fc5642af85ef4d0c8a703a880b5f4ccd066e6fadb4
imphash cbc5530a3f7a116779fd8253fc07a05b
File size 514.1 KB ( 526392 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (native) Mono/.Net assembly

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
peexe assembly overlay signed 64bits native

VirusTotal metadata
First submission 2011-07-15 04:25:11 UTC ( 7 years, 6 months ago )
Last submission 2017-11-18 13:20:11 UTC ( 1 year, 1 month ago )
File names sptd.sys
sptd.sys
tsk0000.dta
sptd.sys
sptd2
sptd.sys
SPTD.SYS
sptd
sptd.sys
sptd.sys
sptd.sys
DAD7B09341ABAA7F26AB7F93BD2B910BD2BA6ECFD317C1BCB66FFEC332A655A0
file-2840555_sys
sptd.sys
file-3654442_sys
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!