[ArcaVir]
2009-12-19 Found nothing
[G DATA]
2009-12-20 Found nothing
[A-Squared]
2009-12-20 Found nothing
[Ikarus]
2009-12-20 Found nothing
[Avast! antivirus]
2009-12-20 Found nothing
[Kaspersky Anti-Virus]
2009-12-20 Found nothing
[Grisoft AVG Anti-Virus]
2009-12-20 Found nothing
[ESET NOD32]
2009-12-19 Found nothing
[Avira AntiVir]
2009-12-18 Found nothing
[Norman Virus Control]
2009-12-20 Found nothing
[Softwin BitDefender]
2009-12-20 Found nothing
[Panda Antivirus]
2009-12-18 Found nothing
[ClamAV]
2009-12-20 Found nothing
[Quick Heal]
2009-12-18 Found nothing
[CPsecure]
2009-12-20 Found nothing
[Sophos]
2009-12-20 Found nothing
[Dr.Web]
2009-12-20 Found nothing
[VirusBlokAda VBA32]
2009-12-19 Found nothing
[Frisk F-Prot Antivirus]
2009-12-19 Found nothing
[VirusBuster]
2009-12-19 Found nothing
[F-Secure Anti-Virus]
2009-12-20 Found nothing
Here are the results from the Virustotal scan - the one object found is in bold:
File atapi.sys received on 2009.12.20 21:32:20 (UTC)
Current status: finished
Result: 1/41 (2.44%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.12.20 -
AhnLab-V3 5.0.0.2 2009.12.19 -
AntiVir 7.9.1.114 2009.12.20 -
Antiy-AVL 2.0.3.7 2009.12.18 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.20 -
AVG 8.5.0.427 2009.12.20 -
BitDefender 7.2 2009.12.20 -
CAT-QuickHeal 10.00 2009.12.19 -
ClamAV 0.94.1 2009.12.20 -
Comodo 3311 2009.12.20 -
DrWeb 5.0.0.12182 2009.12.20 -
eSafe 7.0.17.0 2009.12.20 Win32.Rootkit
eTrust-Vet 35.1.7185 2009.12.19 -
F-Prot 4.5.1.85 2009.12.20 -
F-Secure 9.0.15370.0 2009.12.20 -
Fortinet 4.0.14.0 2009.12.20 -
GData 19 2009.12.20 -
Ikarus T3.1.1.79.0 2009.12.20 -
Jiangmin 13.0.900 2009.12.20 -
K7AntiVirus 7.10.923 2009.12.17 -
Kaspersky 7.0.0.125 2009.12.20 -
McAfee 5838 2009.12.20 -
McAfee+Artemis 5838 2009.12.20 -
McAfee-GW-Edition 6.8.5 2009.12.20 -
Microsoft 1.5302 2009.12.20 -
NOD32 4704 2009.12.20 -
Norman 6.04.03 2009.12.20 -
nProtect 2009.1.8.0 2009.12.18 -
Panda 10.0.2.2 2009.12.15 -
PCTools 7.0.3.5 2009.12.20 -
Prevx 3.0 2009.12.20 -
Rising 22.26.06.04 2009.12.20 -
Sophos 4.49.0 2009.12.20 -
Sunbelt 3.2.1858.2 2009.12.20 -
Symantec 1.4.4.12 2009.12.20 -
TheHacker 6.5.0.3.100 2009.12.20 -
TrendMicro 9.100.0.1001 2009.12.20 -
VBA32 3.12.12.0 2009.12.19 -
ViRobot 2009.12.18.2097 2009.12.18 -
VirusBuster 5.0.21.0 2009.12.20 -
Additional information
File size: 96512 bytes
MD5 : 9f3a2f5aa6875c72bf062c712cfa2674
SHA1 : a719156e8ad67456556a02c34e762944234e7a44
SHA256: b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x159F7
timedatestamp.....: 0x4802539D (Sun Apr 13 20:40:29 2008)
machinetype.......: 0x14C (Intel I386)
( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x97BA 0x9800 6.45 0d7d81391f33c6450a81be1e3ac8c7b7
NONPAGE 0x9B80 0x18E8 0x1900 6.48 c74a833abd81cc5d037de168e055ad29
.rdata 0xB480 0xA64 0xA80 4.31 8523651899e28819a14bf9415af25708
.data 0xBF00 0xD94 0xE00 0.45 3575b51634ae7a56f55f1ee0a6213834
PAGESCAN 0xCD00 0x157F 0x1580 6.20 dc4c309c4db9576daa752fdd125fccf9
PAGE 0xE280 0x61DA 0x6200 6.46 40b83d4d552384e58a03517a98eb4863
INIT 0x14480 0x22BE 0x2300 6.47 906462abc478368424ea462d5868d2e3
.rsrc 0x16780 0x3E0 0x400 3.36 8fd2d82e745b289c28bc056d3a0d62ab
.reloc 0x16B80 0xD20 0xD80 6.39 ce2b0898cc0e40b618e5df9099f6be45
( 0 imports )
( 0 exports )
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx ... 712cfa2674
ssdeep: 1536:MwXpkfV74F1D7yNEZIHRRJMohmus27G1j/XBoDQi7oaRMJfYHFktprll1KbDD0uu:MQ+N74vkEZIxMohjsimBoDTRMBwFktZu
PEiD : -
packers (Kaspersky): PE_Patch
RDS : NSRL Reference Data Set
-
This site and others that are similar keep coming up as well:
http://deactivated.
Thanks!