Unknown random (possibly encrypted) data in Track 0

I recently used a hex editor to examine Track 0 of my newly-built PC and I discovered that the 7 sectors directly following Sector 0 are filled with what appears to be random data.

These sectors would normally be zero-filled on an MBR-initialized disk, so the presence of any sort of data here is quite unexpected. It seems to be random data (I tested the byte distributions, which are fairly equal), and thus it could be encrypted.

I am aware that certain forms of malware are known to exhibit this type of behavior, which is why I am posting in this particular forum.

I just built this PC in March and I've been creating Macrium Reflect images on a regular basis. I compared all of my images back to day 1 and saw that the unknown data was present on the very first image. At that point I had merely installed the various motherboard drivers, Windows 7 Premium SP1 64-bit, and a few utility programs such as Macrium Reflect, Samsung Magician (for the Samsung SSD), and stuff like that. Nothing fancy, and certainly nothing that is known to store a copy-protection mechanism in Track 0. I did connect various other disks, though, in order to copy over data.

At this point I'm fairly uncertain as to whether or not this code might represent a malware infection. My guess is, probably not. However, I would still like to know what its purpose is.

Just for the heck of it I ran a couple of bootable antimalware disks, including the Kaspersky Rescue CD and the BitDefender Rescue CD, just to see if they would come up with anything (they didn't).

Does anyone have any thoughts on how I might identify this code?

 

Hi, interesting indeed !

Was this a new HD & what make is it ? What's the size of the data ?

It could be malware, but i would have thought one or more of your Apps might have detected something by now.

Unless it turns out to be harmless etc, it's possible that the HD could have been compromised @ the manufactures or on route ?

 

It's a new Samsung 840 EVO 120GB SSD. I really like the drive, it's very snappy.

The unidentified data fills sectors 1 through 7. Each sector is 512 bytes, so the data is only 3,584 bytes in all.

I've been searching online to see if any of my current programs are known to write to Track 0, but so far I have not found anything.

Perhaps I'll just delete the data and see if anything breaks, although I was hoping for a more precise approach.

 

It could be part of the DRM scheme of one of your programs.