» pstrdrw.sys
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

pstrdrw.sys

One Call Ltd

The file pstrdrw.sys by One Call has been detected as adware by 2 anti-malware scanners. It runs as a Windows 64-bit kernel mode device driver named “PastaQuotes UpdateD”. This file is typically installed with the program PastaLeads by One Call Ltd which is a potentially unwanted software program.

File name:

pstrdrw.sys

Publisher:

One Call Ltd (signed and verified)

MD5:

42cfa647e38330a65250bc6ac2209f61

SHA-1:

d83f8ebc9a0d69028bded81fc79d912cc3227488

SHA-256:

0fd69f243ce276db00a6f9fff0539eb221fdbdbf708c403ffbbb35055bc9b8ff

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/19/2024 10:59:06 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.SimplyTech.OneCall (M)

15.7.27.10

Trend Micro House Call

Suspicious_GEN.F47V0907

7.2.208

File size:

60.5 KB (61,920 bytes)

File type:

Driver (Win64 SYS)

Common path:

C:\Program Files\common files\pastaleads\pastaquotes\pstrdrw.sys

Digital Signature

Signed by:

One Call Ltd

Authority:

COMODO CA Limited

Valid from:

12/30/2013 4:00:00 PM

Valid to:

12/31/2014 3:59:59 PM

Subject:

CN=One Call Ltd, O=One Call Ltd, STREET=Zarhin 10, L=Raanana, S=IL, PostalCode=12345, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

3319A851B8E5EE29CCF776BCF148B091

File PE Metadata

Compilation timestamp:

5/5/2014 7:57:28 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

8.0

CTPH (ssdeep):

1536:SOtJgRAoi6pcq4L1zmsl3Y4Th+AToQlLBtZa52K3:S/RIvTQATPtU5

Entry address:

0x1110

Entry point:

48, 89, 54, 24, 10, 48, 89, 4C, 24, 08, 48, 83, EC, 28, 48, 8B, 4C, 24, 30, E8, A8, 93, 00, 00, 0F, B6, C0, 85, C0, 75, 0A, B8, 01, 00, 00, C0, E9, CB, 00, 00, 00, 48, 8B, 44, 24, 30, 48, 8D, 0D, 8B, FF, FF, FF, 48, 89, 48, 70, 48, 8B, 44, 24, 30, 48, 8D, 0D, 7B, FF, FF, FF, 48, 89, 88, 80, 00, 00, 00, 48, 8B, 44, 24, 30, 48, 8D, 0D, 28, FE, FF, FF, 48, 89, 88, E0, 00, 00, 00, E8, 8C, 80, 00, 00, 0F, B6, C0, 85, C0, 74, 10, 48, 8B, 44, 24, 30, 48, 8D, 0D, B9, FD, FF, FF, 48, 89, 48, 68, 48, 8B, 4C, 24, 30... 
[+]

Entropy:

6.0962

Code size:

51.3 KB (52,576 bytes)

Driver

Display name:

PastaQuotes UpdateD

Service name:

PSTpdd

Type:

Kernel device driver (KernelDriver)

The file pstrdrw.sys has been discovered within the following program.

PastaLeads by One Call Ltd

PastaLeads is an advertising supported browser extension also known as adware and is designed to deliver ads to the user's Internet browser as banners, context text-links and transitionals ads. The injected ads are not affiliated with the underlying website on which they appear.

87% remove it

Remove pstrdrw.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.