home

pstrdrw.sys

One Call Ltd

The file pstrdrw.sys by One Call has been detected as adware by 2 anti-malware scanners. It runs as a Windows kernel mode device driver named “PastaQuotes UpdateD”. This file is typically installed with the program PastaLeads by One Call Ltd which is a potentially unwanted software program.
Publisher:
One Call Ltd  (signed and verified)

MD5:
d04afcf32d1eaa6c4d7c98e159f56448

SHA-1:
83d3b4282cba7ba26dc17dc5c67d508e0b527d94

SHA-256:
ad6240a8aeda0e2f64a42d82a7da169fb1c414f495752b29e40b9699ab182327

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
4/24/2024 2:10:09 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OneCall.K
14.11.11.15

Trend Micro House Call
Suspicious_GEN.F47V0911
7.2.315

File size:
45.7 KB (46,816 bytes)

File type:
Driver (Win32 SYS)

Common path:
C:\Program Files\common files\pastaleads\pastaquotes\pstrdrw.sys

Digital Signature
Signed by:
One Call Ltd

Authority:
COMODO CA Limited

Valid from:
12/30/2013 4:00:00 PM

Valid to:
12/31/2014 3:59:59 PM

Subject:
CN=One Call Ltd, O=One Call Ltd, STREET=Zarhin 10, L=Raanana, S=IL, PostalCode=12345, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3319A851B8E5EE29CCF776BCF148B091

File PE Metadata
Compilation timestamp:
5/5/2014 7:57:27 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
7.10

CTPH (ssdeep):
768:RhNgcEp49keTfsIM6YqKHHjp0i2n/to7+c2Vo:RlEp8fsVqKjei+cF

Entry address:
0xD60

Entry point:
55, 8B, EC, 8B, 45, 08, 50, E8, D4, 67, 00, 00, 0F, B6, C8, 85, C9, 75, 0A, B8, 01, 00, 00, C0, E9, A0, 00, 00, 00, 8B, 55, 08, C7, 42, 38, 30, 0D, 01, 00, 8B, 45, 08, C7, 40, 40, 30, 0D, 01, 00, 8B, 4D, 08, C7, 41, 70, 50, 0C, 01, 00, E8, 10, 59, 00, 00, 0F, B6, D0, 85, D2, 74, 0A, 8B, 45, 08, C7, 40, 34, 00, 0C, 01, 00, 8B, 4D, 08, 51, E8, A6, FC, FF, FF, 0F, B6, D0, 85, D2, 75, 07, B8, 01, 00, 00, C0, EB, 55, E8, 93, 64, 00, 00, 6A, 00, 68, A0, 0B, 01, 00, FF, 15, 78, 02, 01, 00, 85, C0, 74, 1A, 8B, 45...
 
[+]

Entropy:
6.5257

Developed / compiled with:
Microsoft Visual C++

Code size:
36.7 KB (37,568 bytes)

Driver
Display name:
PastaQuotes UpdateD

Service name:
PSTpdd

Type:
Kernel device driver (KernelDriver)


The file pstrdrw.sys has been discovered within the following program.

PastaLeads  by One Call Ltd
PastaLeads is an advertising supported browser extension also known as adware and is designed to deliver ads to the user's Internet browser as banners, context text-links and transitionals ads. The injected ads are not affiliated with the underlying website on which they appear.
87% remove it
 
Powered by Should I Remove It?

Remove pstrdrw.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.