home

psexesvc.exe

Sysinternals PsExec

Sysinternals

It runs as a separate (within the context of its own process) windows Service named “PSEXESVC”.
Publisher:
Sysinternals  (signed and verified)

Product:
Sysinternals PsExec

Description:
PsExec Service

Version:
2.0

MD5:
5cb94f11459da45d647d888ef4438b5b

SHA-1:
eaf8c9fc443de5884ab38d00d30939f95df20732

SHA-256:
714d90445775684f61e4589ca6868077a72f733b857b94c307397877a350b46a

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
5/10/2025 11:24:19 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Sophos
PsExec
4.96

Trend Micro House Call
TROJ_GEN.F47V1024
7.2.356

File size:
180.8 KB (185,160 bytes)

Product version:
2.0

Copyright:
Copyright © 2001-2013 Mark Russinovich

Original file name:
psexesvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\psexesvc.exe

Digital Signature
Signed by:
Sysinternals

Authority:
VeriSign, Inc.

Valid from:
4/6/2013 8:00:00 AM

Valid to:
5/6/2016 7:59:59 AM

Subject:
CN=Sysinternals, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Sysinternals, L=Redmond, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1EFD983A49D3F152AC9CD2941B8A0EDD

File PE Metadata
Compilation timestamp:
8/6/2013 4:55:24 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
3072:qhNW5RX1LNnszOYshCpas8IrJiywly+I75Qr2TKJUjnsA+2+CS:J5RX1LNnszICpD8Ixwly+Ic5LA+v

Entry address:
0x8591

Entry point:
E8, AC, 90, 00, 00, E9, A4, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, 58, C1, 42, 00, 83, 3C, F5, 7C, B3, 42, 00, 01, 75, 1E, 8D, 04, F5, 78, B3, 42, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, E8, A3, 86, 00, 00, 59, 59, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D2, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 78, B3, 42, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, B8, 32, 42, 00, 56, BE, 78, B3, 42, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, A8, D7, FF, FF, 83, 26, 00, 59, 83, C6...
 
[+]

Entropy:
6.6284

Code size:
135 KB (138,240 bytes)

Service
Display name:
PSEXESVC

Type:
Win32OwnProcess


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.