Two consultants spent two full days on the problem, which equals about six man days total because I also worked at night. Cost for one man day is $1000. Thus, the reverse engineering cost $6000 in labor costs.

Had the binary been found in the wild, the operating system would have been reinstalled (1 hour) and a recent backup of the data would have been restored (1 hour). That's 2 hours for the admin. Reinstallation of the operating system works mostly unattended and restoring backups is part of the normal job description of the sys admin, so no additional costs were produced by the sys admin. The downtime could cost money, depending on the type of machine this program would have been found on. This is an academic question, since we have never had a program like this on any of our machines. So, assuming a local university, this kind of program would most probably be found on one of the terminal servers, where the downtime does not cost any money at all in lost productivity.

Sorry if I appear corky here, but I don't believe in this kind of cost estimates. My cost estimate is my labor cost, which is $6000. So, no spread sheet from me, sorry. Especially not Excel. Using Microsoft software is a security risk, you know?