» personal_pbxmate.exe
Overview
Analysis
File Details
Behaviors (1)

personal_pbxmate.exe

SoliCall Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PersonalPBXMate’.

File name:

Publisher:

SoliCall Ltd. (signed and verified)

MD5:

0b49c8de06688cb7f63f169559f1d576

SHA-1:

61cacfead9c87903117927a5ace0176780ccdf9c

SHA-256:

f794cd6bf88805a53c07d6d6e22e176678fa552b7dfee69ada1cb4c24f5cd6c8

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 4:13:08 PM UTC (today)

File size:

1.5 MB (1,571,936 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\solicall\bin\personal_pbxmate.exe

Digital Signature

Signed by:

SoliCall Ltd.

Authority:

COMODO CA Limited

Valid from:

8/28/2013 7:00:00 AM

Valid to:

8/29/2015 6:59:59 AM

Subject:

CN=SoliCall Ltd., O=SoliCall Ltd., STREET=38 Habrosh St., L=Tel-Mond, S=Israel, PostalCode=40600, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00C18FFF44694A3A5F2E69216648C3CFB6

File PE Metadata

Compilation timestamp:

9/28/2014 9:07:37 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:oxx2J5TxfufjZPpaypMfP8bMhYu7O4FFh29VNMm+cxiHCQnaqaloytkutsSJbxb8:g4txijDayqfP8bMhYGO4FFcnNMDCuaV2

Entry address:

0x6DCCC

Entry point:

E8, 78, A3, 00, 00, E9, 78, FE, FF, FF, B8, 97, 8B, 47, 00, A3, 38, 7E, 57, 00, C7, 05, 3C, 7E, 57, 00, 7E, 82, 47, 00, C7, 05, 40, 7E, 57, 00, 32, 82, 47, 00, C7, 05, 44, 7E, 57, 00, 6B, 82, 47, 00, C7, 05, 48, 7E, 57, 00, D4, 81, 47, 00, A3, 4C, 7E, 57, 00, C7, 05, 50, 7E, 57, 00, 0F, 8B, 47, 00, C7, 05, 54, 7E, 57, 00, F0, 81, 47, 00, C7, 05, 58, 7E, 57, 00, 52, 81, 47, 00, C7, 05, 5C, 7E, 57, 00, DF, 80, 47, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, E8, DE, AE, 00, 00, 83, 7D, 08, 00, A3, D4, 53... 
[+]

Entropy:

6.4668

Code size:

1.2 MB (1,230,336 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

PersonalPBXMate

Command:

"C:\Program Files\solicall\bin\personal_pbxmate.exe"

Scan personal_pbxmate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.