hier mal das ergebnis von virus total (die duplizierte datei heißt jetzt übrigens wdl01000(57).sys und nicht mehr wdl01000(52).sys):



File name:
Wdf01000.sys

Submission date:
2011-12-18 14:14:47 (UTC)

Current status:
finished




Result:
0/ 43 (0.0%)


VT Community

not reviewed
Safety score: -



Compact

Print results




Antivirus

Version

Last Update

Result



AhnLab-V3

2011.12.17.00

2011.12.17

-



AntiVir

7.11.19.153

2011.12.16

-



Antiy-AVL

2.0.3.7

2011.12.18

-



Avast

6.0.1289.0

2011.12.18

-



AVG

10.0.0.1190

2011.12.18

-



BitDefender

7.2

2011.12.18

-



ByteHero

1.0.0.1

2011.12.07

-



CAT-QuickHeal

12.00

2011.12.18

-



ClamAV

0.97.3.0

2011.12.17

-



Commtouch

5.3.2.6

2011.12.17

-



Comodo

11000

2011.12.18

-



DrWeb

5.0.2.03300

2011.12.18

-



Emsisoft

5.1.0.11

2011.12.18

-



eSafe

7.0.17.0

2011.12.15

-



eTrust-Vet

37.0.9628

2011.12.16

-



F-Prot

4.6.5.141

2011.12.17

-



F-Secure

9.0.16440.0

2011.12.18

-



Fortinet

4.3.388.0

2011.12.18

-



GData

22

2011.12.18

-



Ikarus

T3.1.1.109.0

2011.12.18

-



Jiangmin

13.0.900

2011.12.17

-



K7AntiVirus

9.119.5696

2011.12.15

-



Kaspersky

9.0.0.837

2011.12.18

-



McAfee

5.400.0.1158

2011.12.18

-



McAfee-GW-Edition

2010.1E

2011.12.18

-



Microsoft

1.7903

2011.12.18

-



NOD32

6721

2011.12.18

-



Norman

6.07.13

2011.12.18

-



nProtect

2011-12-18.01

2011.12.18

-



Panda

10.0.3.5

2011.12.18

-



PCTools

8.0.0.5

2011.12.18

-



Prevx

3.0

2011.12.18

-



Rising

23.88.03.02

2011.12.16

-



Sophos

4.72.0

2011.12.18

-



SUPERAntiSpyware

4.40.0.1006

2011.12.17

-



Symantec

20111.2.0.82

2011.12.18

-



TheHacker

6.7.0.1.360

2011.12.16

-



TrendMicro

9.500.0.1008

2011.12.18

-



TrendMicro-HouseCall

9.500.0.1008

2011.12.18

-



VBA32

3.12.16.4

2011.12.14

-



VIPRE

11270

2011.12.18

-



ViRobot

2011.12.17.4831

2011.12.18

-



VirusBuster

14.1.121.0

2011.12.17

-





Additional information

Show all



MD5 : 9950e3d0f08141c7e89e64456ae7dc73



SHA1 : 0f86ed7159cd55aabe5420a8af2aefb962a1c646



SHA256: de4b96812b305a63f5874bbf2dc40354fb45b3d96c1d33436e677099760ba448



ssdeep: 12288:aN2eVV8eWMBc6eAxRmX1tNTi2Vtzh6N0xNAGqC:mF3tHBcqGXNh6NUAu



File size : 445008 bytes



First seen: 2009-08-31 00:47:10



Last seen : 2011-12-18 14:14:47



TrID:
Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)



PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x6903E
timedatestamp....: 0x4A5BBF28 (Mon Jul 13 23:11:36 2009)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x553C8, 0x55400, 6.48, fee2a83b153192f24264c605c2895e88
.rdata, 0x57000, 0x9034, 0x9200, 6.10, 7286a2670b4b1f2cd63d0342fcbea819
.data, 0x61000, 0x1584, 0x1400, 5.02, 5d30cf2bf6997db8e67ee27ff3584c63
PAGEWdfV, 0x63000, 0x3090, 0x3200, 5.22, 40ec2ad41e9b5786e38f677251e2eaa4
PAGE, 0x67000, 0x1894, 0x1A00, 6.19, 9515a6ce101a4d0fb260284092e8d9b8
INIT, 0x69000, 0x130A, 0x1400, 5.51, eb6cce51bd81bd6f12ca36fbc61c3aba
.rsrc, 0x6B000, 0x6F8, 0x800, 3.06, ae416d37b50a674cb827d984eee0697c
.reloc, 0x6C000, 0x4666, 0x4800, 6.28, 282167988910215de8cf8ef1cc03f4fd

[[ 3 import(s) ]]
ntoskrnl.exe: IoAllocateDriverObjectExtension, ZwSetValueKey, ZwCreateKey, ZwOpenKey, RtlInitUnicodeString, ExFreePoolWithTag, ExAllocatePoolWithTag, ZwDeleteValueKey, IoGetDriverObjectExtension, KeTickCount, KeBugCheckEx, RtlAnsiCharToUnicodeChar, RtlCopyUnicodeString, ZwDeleteKey, ZwClose, DbgBreakPoint, KeInitializeEvent, KeInitializeSpinLock, ExDeleteNPagedLookasideList, IoGetDmaAdapter, ExInitializeNPagedLookasideList, ExInterlockedPopEntrySList, ExInterlockedPushEntrySList, _purecall, IoFreeMdl, MmUnlockPages, ObfDereferenceObject, IoGetAttachedDeviceReference, IoGetDeviceProperty, KeEnterCriticalRegion, KeLeaveCriticalRegion, KeSetEvent, KeClearEvent, KeWaitForSingleObject, IofCallDriver, RtlCompareMemory, IoFreeIrp, IoUnregisterPlugPlayNotification, IoRegisterPlugPlayNotification, IoAllocateIrp, ObfReferenceObject, IoGetRelatedDeviceObject, ObReferenceObjectByHandle, IoFileObjectType, ZwCreateFile, _allmul, KeGetCurrentThread, KeInsertQueueDpc, KeInitializeDpc, IoReuseIrp, IoAcquireRemoveLockEx, IoInvalidateDeviceState, IoCreateSymbolicLink, IoRequestDeviceEject, IoWMIWriteEvent, IoWMIRegistrationControl, KeDelayExecutionThread, RtlQueryRegistryValues, strncmp, IoAllocateMdl, MmMapLockedPagesSpecifyCache, memset, MmBuildMdlForNonPagedPool, IoDeleteSymbolicLink, IoInitializeRemoveLockEx, IoIsWdmVersionAvailable, IoOpenDeviceRegistryKey, IoAttachDeviceToDeviceStack, IoDetachDevice, IoReleaseRemoveLockEx, KeSetTimer, IoCancelIrp, KeCancelTimer, KeInitializeTimerEx, IoReleaseCancelSpinLock, ExAcquireFastMutexUnsafe, ExReleaseFastMutexUnsafe, IoFreeWorkItem, IoAllocateWorkItem, IoQueueWorkItem, IoInvalidateDeviceRelations, KeSetTimerEx, KeInitializeTimer, KdDebuggerNotPresent, KdDebuggerEnabled, ExAllocateFromPagedLookasideList, ExFreeToPagedLookasideList, ExDeletePagedLookasideList, ExInitializePagedLookasideList, KeRemoveQueueDpc, IoUnregisterShutdownNotification, IoRegisterLastChanceShutdownNotification, IoRegisterShutdownNotification, PoStartNextPowerIrp, KeQuerySystemTime, MmUnmapLockedPages, MmSizeOfMdl, IoBuildPartialMdl, MmProbeAndLockPages, RtlFreeUnicodeString, IoSetDeviceInterfaceState, IoRegisterDeviceInterface, PsGetVersion, MmGetSystemRoutineAddress, MmUnlockPagableImageSection, MmLockPagableSectionByHandle, MmLockPagableDataSection, RtlCompareUnicodeString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, MmIsDriverVerifying, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, KeSetImportanceDpc, ZwQueryValueKey, KeReadStateEvent, PoCallDriver, PoSetPowerState, IoGetStackLimits, IoReleaseRemoveLockAndWaitEx, KeSynchronizeExecution, IoConnectInterrupt, IoDisconnectInterrupt, ExCreateCallback, ExRegisterCallback, ExUnregisterCallback, PoRequestPowerIrp, KeQueryTimeIncrement, RtlUnwind, memcpy, IoAllocateErrorLogEntry, IoWriteErrorLogEntry, DbgPrint, IoDeleteDevice, IoCreateDevice, memmove, IofCompleteRequest, ZwSetSecurityObject, ObOpenObjectByPointer, IoDeviceObjectType, RtlGetDaclSecurityDescriptor, RtlGetSaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, _snwprintf, RtlLengthSecurityDescriptor, SeCaptureSecurityDescriptor, SeExports, _wcsnicmp, RtlAddAccessAllowedAce, RtlLengthSid, wcschr, RtlAbsoluteToSelfRelativeSD, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, KeNumberProcessors, KeQueryActiveProcessors, KeSetSystemAffinityThread, KeRevertToUserAffinityThread, KeSetTargetProcessorDpc, PsTerminateSystemThread, PsCreateSystemThread, ExAllocatePoolWithQuotaTag, ZwQuerySystemInformation, KiBugCheckData
WDFLDR.SYS: WdfRegisterLibrary, WdfLdrDiagnosticsValueByNameAsULONG
HAL.dll: ExAcquireFastMutex, KfReleaseSpinLock, KfAcquireSpinLock, KfRaiseIrql, KfLowerIrql, KeGetCurrentIrql, ExReleaseFastMutex




ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 373760
CompanyName: Microsoft Corporation
EntryPoint: 0x6903e
FileDescription: Kernel Mode Driver Framework Runtime
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 435 kB
FileSubtype: 7
FileType: Win32 EXE
FileVersion: 1.9.7600.16385 (win7_rtm.090713-1255)
FileVersionNumber: 1.9.7600.16385
ImageVersion: 6.1
InitializedDataSize: 63488
InternalName: wdf01000.sys
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 6.1
ObjectFileType: Driver
OriginalFilename: wdf01000.sys
PEType: PE32
ProductName: Microsoft Windows Operating System
ProductVersion: 1.9.7600.16385
ProductVersionNumber: 1.9.7600.16385
Subsystem: Native
SubsystemVersion: 6.1
TimeStamp: 2009:07:14 01:11:36+02:00
UninitializedDataSize: 0

Hi,

kein scanner erkennt das Teil, d. h. wahrschienlich ien F/P (False/Positiv)...
Schicke die Datei an den Hersteller Deiner Antiviren-SW..

WAs hat der Scann mit MAM ergeben?

chris