Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español
Virus Total
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File ntoskrnl.exe received on 2010.01.27 02:13:04 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/40 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.01.27 -
AhnLab-V3 5.0.0.2 2010.01.26 -
AntiVir 7.9.1.150 2010.01.26 -
Antiy-AVL 2.0.3.7 2010.01.26 -
Authentium 5.2.0.5 2010.01.27 -
Avast 4.8.1351.0 2010.01.26 -
AVG 9.0.0.730 2010.01.26 -
BitDefender 7.2 2010.01.27 -
CAT-QuickHeal 10.00 2010.01.25 -
ClamAV 0.94.1 2010.01.26 -
Comodo 3719 2010.01.26 -
DrWeb 5.0.1.12222 2010.01.27 -
eSafe 7.0.17.0 2010.01.26 -
eTrust-Vet 35.2.7262 2010.01.26 -
F-Prot 4.5.1.85 2010.01.26 -
F-Secure 9.0.15370.0 2010.01.27 -
Fortinet 4.0.14.0 2010.01.26 -
GData 19 2010.01.27 -
Ikarus T3.1.1.80.0 2010.01.27 -
Jiangmin 13.0.900 2010.01.26 -
K7AntiVirus 7.10.957 2010.01.26 -
Kaspersky 7.0.0.125 2010.01.27 -
McAfee 5873 2010.01.26 -
McAfee+Artemis 5873 2010.01.26 -
McAfee-GW-Edition 6.8.5 2010.01.27 -
Microsoft 1.5406 2010.01.27 -
NOD32 4808 2010.01.26 -
Norman 6.04.03 2010.01.26 -
nProtect 2009.1.8.0 2010.01.26 -
Panda 10.0.2.2 2010.01.26 -
PCTools 7.0.3.5 2010.01.27 -
Rising 22.32.02.01 2010.01.27 -
Sophos 4.50.0 2010.01.27 -
Sunbelt 3.2.1858.2 2010.01.27 -
Symantec 20091.2.0.41 2010.01.27 -
TheHacker 6.5.0.9.165 2010.01.27 -
TrendMicro 9.120.0.1004 2010.01.26 -
VBA32 3.12.12.1 2010.01.26 -
ViRobot 2010.1.26.2156 2010.01.26 -
VirusBuster 5.0.21.0 2010.01.26 -
Additional information
File size: 2189184 bytes
MD5...: 8415d9c7c050e7022aed8abf281be4a6
SHA1..: e65c2d02a59e46a8f0ce546edcb1681d914723a0
SHA256: c24359d6adc63a86de17f2029dbc0562ae420aed44554c290784ffbc554a1e8e
ssdeep: 24576:UgWyem2gqH4DOHMs65BCtm6Zc9NcoVI9b4GiXY8ACc7XHgQCI+E9IoeAKp
r9q97c:jAm2Lq58MCo7n7qgt0K1TVv
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x22c0
timedatestamp.....: 0x45665e64 (Fri Nov 24 02:52:20 2006)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x52150 0x52200 0.24 98d68cb0e4b7d1e2e7334dfe531532a2
.rdata 0x54000 0x27a 0x400 3.59 6af562d60151e9a0168453115d732018
.data 0x55000 0xcb700 0xcb800 7.18 e77379261f640943c5bb3f9dd41cdde8
.rsrc 0x121000 0x2780 0x2800 4.44 0d5268eb0a7801ae414ece54d4a212bd
( 1 imports )
> KERNEL32.dll: GetCurrentProcess, GetTickCount, GetVersion, GetCurrentThreadId, GetModuleHandleA, GetCommandLineA, GetLastError, GetCurrentProcessId, GetCurrentThread, GetCommandLineW, HeapAlloc, GetProcessHeap, GetSystemDefaultLangID, GetACP, GetFileType, FindFirstFileA, HeapDestroy, GetOEMCP, WaitForSingleObject, GetCPInfo, CreateProcessW, SetFileAttributesA
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: NT Kernel _ System
original name: ntoskrnl.exe
internal name: ntoskrnl.exe
file version.: 5.1.2600.5857 (xpsp_sp3_gdr.090804-1435)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: OS/2 Executable (generic) (52.8%)
Win32 Executable Generic (32.0%)
Generic Win/DOS Executable (7.5%)
DOS Executable Generic (7.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
Scan another file
VirusTotal
Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy
Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español
Virus Total
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File userinit.exe received on 2010.01.27 02:18:19 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.01.27 -
AhnLab-V3 5.0.0.2 2010.01.26 -
AntiVir 7.9.1.150 2010.01.26 -
Antiy-AVL 2.0.3.7 2010.01.26 -
Authentium 5.2.0.5 2010.01.27 -
Avast 4.8.1351.0 2010.01.26 -
AVG 9.0.0.730 2010.01.26 -
BitDefender 7.2 2010.01.27 -
CAT-QuickHeal 10.00 2010.01.25 -
ClamAV 0.94.1 2010.01.26 -
Comodo 3719 2010.01.26 -
DrWeb 5.0.1.12222 2010.01.27 -
eSafe 7.0.17.0 2010.01.26 -
eTrust-Vet 35.2.7262 2010.01.26 -
F-Prot 4.5.1.85 2010.01.26 -
F-Secure 9.0.15370.0 2010.01.27 -
Fortinet 4.0.14.0 2010.01.26 -
GData 19 2010.01.27 -
Ikarus T3.1.1.80.0 2010.01.27 -
Jiangmin 13.0.900 2010.01.26 -
K7AntiVirus 7.10.957 2010.01.26 -
Kaspersky 7.0.0.125 2010.01.27 -
McAfee 5873 2010.01.26 -
McAfee+Artemis 5873 2010.01.26 -
McAfee-GW-Edition 6.8.5 2010.01.27 -
Microsoft 1.5406 2010.01.27 -
NOD32 4808 2010.01.26 -
Norman 6.04.03 2010.01.26 -
nProtect 2009.1.8.0 2010.01.26 -
Panda 10.0.2.2 2010.01.26 -
PCTools 7.0.3.5 2010.01.27 -
Prevx 3.0 2010.01.27 -
Rising 22.32.02.01 2010.01.27 -
Sophos 4.50.0 2010.01.27 -
Sunbelt 3.2.1858.2 2010.01.27 -
Symantec 20091.2.0.41 2010.01.27 -
TheHacker 6.5.0.9.165 2010.01.27 -
TrendMicro 9.120.0.1004 2010.01.26 -
VBA32 3.12.12.1 2010.01.26 -
ViRobot 2010.1.26.2156 2010.01.26 -
VirusBuster 5.0.21.0 2010.01.26 -
Additional information
File size: 26112 bytes
MD5...: a93aee1928a9d7ce3e16d24ec7380f89
SHA1..: 513f8bdf67a5a9e09803cfb61f590b39f2683853
SHA256: 944cd2135e171af338352568aa7fe1b8004733a4281395ad6723e0cf43d5f53f
ssdeep: 768:0RMJi8jDLIDSAaQFxfftjaLacmkLGKOq:0RMJbDMDSA7FxffJaLaSLG9q
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x54ad
timedatestamp.....: 0x480251a8 (Sun Apr 13 18:32:08 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x520e 0x5400 5.95 099b53205ad3f1c3b853a5310d08a9b1
.data 0x7000 0x14c 0x200 1.86 0bb948f267e82975313a03d8c0e8a1cf
.rsrc 0x8000 0xb50 0xc00 3.27 bac832e39f87c4f5f640e5d5c6a1c2fc
( 9 imports )
> USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW
> ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA
> CRYPT32.dll: CryptProtectData
> WINSPOOL.DRV: SpoolerInit
> ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, RtlConvertSidToUnicodeString, NtQueryInformationToken
> NETAPI32.dll: DsGetDcNameW, NetApiBufferFree
> WLDAP32.dll: -, -, -, -, -, -
> msvcrt.dll: __setusermatherr, _initterm, __getmainargs, _acmdln, _adjust_fdiv, _XcptFilter, _exit, _c_exit, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _cexit, exit
> KERNEL32.dll: CompareFileTime, LoadLibraryW, GetProcAddress, FreeLibrary, lstrcpyW, CreateProcessW, lstrlenW, GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, ExpandEnvironmentStringsW, SearchPathW, GetLastError, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, SetEvent, OpenEventW, Sleep, SetEnvironmentVariableW
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Userinit Logon Application
original name: USERINIT.EXE
internal name: userinit
file version.: 5.1.2600.5512 (xpsp.080413-2113)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
Scan another file
VirusTotal
Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy
_:
*
a:
Amazon
*
d:
Download Squad
*
f:
Facebook
*
g:
Digg
*
l:
Lifehacker
*
m:
Mashable
*
n:
NYTimes
*
r:
ReadWriteWeb
*
s:
MySpace
*
u:
YouTube
*
w:
Wikipedia
*
?:
VirusTotal - Free Online Virus and Malware Scan - Result
File atapi.sys received on 2010.01.27 02:21:02 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 1/40 (2.5%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.01.27 -
AhnLab-V3 5.0.0.2 2010.01.26 -
AntiVir 7.9.1.150 2010.01.26 -
Antiy-AVL 2.0.3.7 2010.01.26 -
Authentium 5.2.0.5 2010.01.27 -
Avast 4.8.1351.0 2010.01.26 -
AVG 9.0.0.730 2010.01.26 -
BitDefender 7.2 2010.01.27 -
CAT-QuickHeal 10.00 2010.01.25 -
ClamAV 0.94.1 2010.01.26 -
Comodo 3719 2010.01.26 -
DrWeb 5.0.1.12222 2010.01.27 -
eSafe 7.0.17.0 2010.01.26 Win32.Rootkit
eTrust-Vet 35.2.7262 2010.01.26 -
F-Prot 4.5.1.85 2010.01.26 -
F-Secure 9.0.15370.0 2010.01.27 -
Fortinet 4.0.14.0 2010.01.26 -
GData 19 2010.01.27 -
Ikarus T3.1.1.80.0 2010.01.27 -
Jiangmin 13.0.900 2010.01.26 -
K7AntiVirus 7.10.957 2010.01.26 -
Kaspersky 7.0.0.125 2010.01.27 -
McAfee 5873 2010.01.26 -
McAfee+Artemis 5873 2010.01.26 -
McAfee-GW-Edition 6.8.5 2010.01.27 -
Microsoft 1.5406 2010.01.27 -
NOD32 4808 2010.01.26 -
Norman 6.04.03 2010.01.26 -
nProtect 2009.1.8.0 2010.01.26 -
Panda 10.0.2.2 2010.01.26 -
PCTools 7.0.3.5 2010.01.27 -
Rising 22.32.02.01 2010.01.27 -
Sophos 4.50.0 2010.01.27 -
Sunbelt 3.2.1858.2 2010.01.27 -
Symantec 20091.2.0.41 2010.01.27 -
TheHacker 6.5.0.9.165 2010.01.27 -
TrendMicro 9.120.0.1004 2010.01.26 -
VBA32 3.12.12.1 2010.01.26 -
ViRobot 2010.1.26.2156 2010.01.26 -
VirusBuster 5.0.21.0 2010.01.26 -
Additional information
File size: 96512 bytes
MD5...: 9f3a2f5aa6875c72bf062c712cfa2674
SHA1..: a719156e8ad67456556a02c34e762944234e7a44
SHA256: b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9
ssdeep: 1536:MwXpkfV74F1D7yNEZIHRRJMohmus27G1j/XBoDQi7oaRMJfYHFktprll1Kb
DD0uu:MQ+N74vkEZIxMohjsimBoDTRMBwFktZu
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x159f7
timedatestamp.....: 0x4802539d (Sun Apr 13 18:40:29 2008)
machinetype.......: 0x14c (I386)
( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x97ba 0x9800 6.45 0d7d81391f33c6450a81be1e3ac8c7b7
NONPAGE 0x9b80 0x18e8 0x1900 6.48 c74a833abd81cc5d037de168e055ad29
.rdata 0xb480 0xa64 0xa80 4.31 8523651899e28819a14bf9415af25708
.data 0xbf00 0xd94 0xe00 0.45 3575b51634ae7a56f55f1ee0a6213834
PAGESCAN 0xcd00 0x157f 0x1580 6.20 dc4c309c4db9576daa752fdd125fccf9
PAGE 0xe280 0x61da 0x6200 6.46 40b83d4d552384e58a03517a98eb4863
INIT 0x14480 0x22be 0x2300 6.47 906462abc478368424ea462d5868d2e3
.rsrc 0x16780 0x3e0 0x400 3.36 8fd2d82e745b289c28bc056d3a0d62ab
.reloc 0x16b80 0xd20 0xd80 6.39 ce2b0898cc0e40b618e5df9099f6be45
( 3 imports )
> ntoskrnl.exe: RtlInitUnicodeString, swprintf, KeSetEvent, IoCreateSymbolicLink, IoGetConfigurationInformation, IoDeleteSymbolicLink, MmFreeMappingAddress, IoFreeErrorLogEntry, IoDisconnectInterrupt, MmUnmapIoSpace, ObReferenceObjectByPointer, IofCompleteRequest, RtlCompareUnicodeString, IofCallDriver, MmAllocateMappingAddress, IoAllocateErrorLogEntry, IoConnectInterrupt, IoDetachDevice, KeWaitForSingleObject, KeInitializeEvent, KeCancelTimer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, IoBuildDeviceIoControlRequest, IoQueueWorkItem, MmMapIoSpace, IoInvalidateDeviceRelations, IoReportDetectedDevice, IoReportResourceForDetection, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, PoRequestPowerIrp, KeInsertByKeyDeviceQueue, PoRegisterDeviceForIdleDetection, sprintf, MmMapLockedPagesSpecifyCache, ObfDereferenceObject, IoGetAttachedDeviceReference, IoInvalidateDeviceState, ZwClose, ObReferenceObjectByHandle, ZwCreateDirectoryObject, IoBuildSynchronousFsdRequest, PoStartNextPowerIrp, IoCreateDevice, RtlCopyUnicodeString, IoAllocateDriverObjectExtension, RtlQueryRegistryValues, ZwOpenKey, RtlFreeUnicodeString, IoStartTimer, KeInitializeTimer, IoInitializeTimer, KeInitializeDpc, KeInitializeSpinLock, IoInitializeIrp, ZwCreateKey, RtlAppendUnicodeStringToString, RtlIntegerToUnicodeString, ZwSetValueKey, KeInsertQueueDpc, KefAcquireSpinLockAtDpcLevel, IoStartPacket, KefReleaseSpinLockFromDpcLevel, IoBuildAsynchronousFsdRequest, IoFreeMdl, MmUnlockPages, IoWriteErrorLogEntry, KeRemoveByKeyDeviceQueue, MmMapLockedPagesWithReservedMapping, MmUnmapReservedMapping, KeSynchronizeExecution, IoStartNextPacket, KeBugCheckEx, KeRemoveDeviceQueue, KeSetTimer, _allmul, MmProbeAndLockPages, _except_handler3, PoSetPowerState, IoOpenDeviceRegistryKey, RtlWriteRegistryValue, RtlDeleteRegistryValue, _aulldiv, strstr, _strupr, KeQuerySystemTime, IoWMIRegistrationControl, KeTickCount, IoAttachDeviceToDeviceStack, IoDeleteDevice, ExAllocatePoolWithTag, IoAllocateWorkItem, IoAllocateIrp, IoAllocateMdl, MmBuildMdlForNonPagedPool, MmLockPagableDataSection, IoGetDriverObjectExtension, MmUnlockPagableImageSection, ExFreePoolWithTag, IoFreeIrp, IoFreeWorkItem, InitSafeBootMode, RtlCompareMemory, PoCallDriver, memmove, MmHighestUserAddress
> HAL.dll: KfAcquireSpinLock, READ_PORT_UCHAR, KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, HalGetInterruptVector, HalTranslateBusAddress, KeStallExecutionProcessor, KfReleaseSpinLock, READ_PORT_BUFFER_USHORT, READ_PORT_USHORT, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_UCHAR
> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: IDE/ATAPI Port Driver
original name: atapi.sys
internal name: atapi.sys
file version.: 5.1.2600.5512 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (Kaspersky): PE_Patch