home

pfld.exe

Private Folders

FSPro Labs

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘pf’.
Publisher:
private-folders.com  (signed by FSPro Labs)

Product:
Private Folders

Version:
1.0.5.137

MD5:
4a76199e82cdef4652f82f47425e450d

SHA-1:
c71a583c132a3716a8a9290764f305b9e30d4085

SHA-256:
261568e8e972fd5c9aba61084705340237bdef4da24f7b18a9df8bfae0b6926f

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/26/2024 12:41:55 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Detection.Undefined
9.0.1.05190

File size:
1 MB (1,097,024 bytes)

Product version:
1.0

Copyright:
Copyright © 2011 Private-Folders.com

Original file name:
pf.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\private folders\pfld.exe

Digital Signature
Signed by:
FSPro Labs

Authority:
VeriSign, Inc.

Valid from:
12/22/2010 12:00:00 AM

Valid to:
12/30/2011 11:59:59 PM

Subject:
CN=FSPro Labs, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=FSPro Labs, L=Taganrog, S=Rostov region, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7A15D8C85E00BA1F0FF5137CAE31C010

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:SB0fIcXme+k72P9pbPzcHTFduzCYDbZZFp1qIW4DsVtn7X:S07x+k72P9pbPcmmwbZZFfc4QF7X

Entry address:
0x1000

Entry point:
68, 01, 30, 5E, 00, E8, 01, 00, 00, 00, C3, C3, 08, 7F, 6B, AC, 37, 4F, BE, DC, 4B, E6, BB, A4, FC, 63, E2, A6, 7D, 1B, 98, 64, 41, 7B, 1A, 42, 0D, 6C, 4F, AD, A3, D6, DE, D7, B3, BA, 62, 97, 2E, E3, 57, A8, D2, 97, 8C, F5, 72, 4F, 63, F0, DB, 77, E1, 3D, A9, 40, A1, 8F, F0, 26, 8A, AA, A8, B6, BC, 7E, 48, 77, 25, EE, 6C, 3C, 65, 2E, 6C, 48, 76, 25, 48, 56, 1A, 3A, 00, F2, B2, 2D, 2E, D3, B3, 1E, 3D, F7, 8A, 22, F4, 64, 48, A7, 02, 5A, 15, 6E, F8, 5A, 23, 78, 77, 01, A1, 20, 3B, D4, D5, 8C, 31, EF, D2, 02...
 
[+]

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
1.4 MB (1,444,352 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
pf

Command:
C:\Program Files\private folders\pfld.exe \s


Scan pfld.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.