home

pstrip.exe

EnTech Taiwan

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PowerStrip’.
Publisher:
EnTech Taiwan  (signed and verified)

Description:
PowerStrip for Windows

Version:
4.10.03.82

MD5:
0ccfee4994feb2ae1630a9bfd9370d7a

SHA-1:
3398b0b641c8c6cac8f7de9bef519fac647fadc0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 11:11:35 AM UTC  (today)

File size:
718.1 KB (735,360 bytes)

Copyright:
Copyright © EnTech Taiwan 1995-2008

Original file name:
pstrip.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\powerstrip\pstrip.exe

Digital Signature
Signed by:
EnTech Taiwan

Authority:
GlobalSign nv-sa

Valid from:
9/24/2007 2:13:17 PM

Valid to:
9/25/2008 3:13:42 PM

Subject:
E=support@entechtaiwan.com, CN=EnTech Taiwan, O=EnTech Taiwan, C=TW

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
01000000000115376F8869

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:M/K/iWgTDXG4lKCEkDsxC8F5eTC9PDXMeuWaey0Z967klam6b7MP+Dd2RU0d:M3Wgn+XY78F5e29PDX7umy0Z2koH7MPj

Entry address:
0x1000

Entry point:
68, 01, 70, 62, 00, E8, 01, 00, 00, 00, C3, C3, 9A, 08, CC, F0, CD, 31, 74, EE, 0F, 78, 45, F1, 60, 16, C7, 19, C3, F0, F5, A5, 66, D1, 7B, CD, B9, 52, BC, 77, 60, C0, 28, 3E, BE, E6, A8, 80, 42, CA, 96, 80, 2B, 71, A7, 91, 1C, BE, 10, 07, 01, B2, 09, 6F, F9, BB, 2C, ED, 31, BB, D2, 56, 24, 98, 5F, AE, 48, 1A, 88, EC, 1C, E9, 1B, C2, 5A, BD, C6, 29, B2, 7D, AF, D5, AC, 40, 25, 5B, EB, 18, A1, 7A, 09, 3A, AA, E7, 25, B6, 3B, 2D, 03, 96, E0, 5B, 50, 06, C5, 3D, B7, 5C, 34, DC, 37, BC, 36, 9C, E8, 1C, E2, 66...
 
[+]

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
1.5 MB (1,591,296 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PowerStrip

Command:
C:\Program Files\powerstrip\pstrip.exe


Scan pstrip.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.