» picswo.exe
Overview
Analysis
File Details
Behaviors (1)

picswo.exe

Ausgehschuhe

Rohitab Batra

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘picswo’.

File name:

picswo.exe

Publisher:

Lsapret (signed by Rohitab Batra)

Product:

Ausgehschuhe

Description:

Lsapret

Version:

0.06.0004

MD5:

7cc21688830da0442df755e350c2dc2c

SHA-1:

124781bc6e00368728aacd88e454df3a2b4fefe3

SHA-256:

8f04133c7382171b776d0dc76032eec48e867440ddfca03068d04115dea31c7f

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

7/7/2025 10:52:26 AM UTC (today)

File size:

154.8 KB (158,530 bytes)

Product version:

0.06.0004

Original file name:

Lsapret.exe

File type:

Executable application (Win32 EXE)

Language:

Checo (República Checa)

Common path:

C:\ProgramData\picswo.exe

Digital Signature

Signed by:

Rohitab Batra

Authority:

VeriSign, Inc.

Valid from:

6/3/2012 8:00:00 PM

Valid to:

6/4/2013 7:59:59 PM

Subject:

CN=Rohitab Batra, OU=Individual Developer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=No Organization Affiliation, L=NORTH ATTLEBORO, S=Massachusetts, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3D91664862B0BC8A748A1AE4928A4B13

File PE Metadata

Compilation timestamp:

2/29/2016 5:23:14 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:LticSNOFq/cL0IlDFHO9NzcY1etyL7uBk6smG:4OFEIZ4fetk7uBkM

Entry address:

0x2904

Entry point:

68, 88, E5, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, B2, DF, 17, D7, E4, A1, E4, 4D, B9, 30, 44, AB, C4, 3F, 67, 74, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, C0, 26, 4B, 03, 42, 65, 72, 69, 65, 73, 65, 6C, 74, 65, 73, 74, 36, 00, 41, 00, 00, 00, 00, 00, FF, CC, 31, 00, 03, EF, 28, 45, 2F, DD, 2A, 5E, 4B, 87, 77, 82, 96, 05, 4E, 30, B5, 2B, BB, 0E, AB, 84, C0, 02, 45, B7, 78, B7, 84, BF, 72, 91, 8A, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

112 KB (114,688 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

picswo

Command:

C:\ProgramData\picswo.exe

Scan picswo.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.