home

pstrip.exe

EnTech Taiwan

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PowerStrip’.
Publisher:
EnTech Taiwan  (signed and verified)

Description:
PowerStrip for Windows

Version:
4.10.03.85

MD5:
1aeaf67e5f036fcf66034d2c1a5019d4

SHA-1:
b79b08f36f8aca5db0d9a90209dafc6e84bd0713

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 8:31:44 AM UTC  (today)

File size:
721 KB (738,336 bytes)

Copyright:
Copyright © EnTech Taiwan 1995-2009

Original file name:
pstrip.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\powerstrip\pstrip.exe

Digital Signature
Signed by:
EnTech Taiwan

Authority:
GlobalSign nv-sa

Valid from:
10/6/2008 7:08:19 AM

Valid to:
10/6/2011 7:08:19 AM

Subject:
E=support@entechtaiwan.com, CN=EnTech Taiwan, O=EnTech Taiwan, C=TW

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
0100000000011CD08E5108

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:GMJk6hiZ8BXq9BjcdIdKxQV68l7HTh7t/aGXcL2c5b6b7MP+Dd2Yq5jK:Gd8J/UKxQE8l7zNtCiqrg7MP+h2Yq5jK

Entry address:
0x1000

Entry point:
68, 01, 80, 62, 00, E8, 01, 00, 00, 00, C3, C3, 76, E0, 33, D7, E5, CA, E3, 38, DA, 64, 8B, 6C, 70, 0D, 74, 25, D1, 86, 80, AF, C8, CE, F4, 44, 23, C6, D9, D6, 8A, B3, C7, D7, 1D, 96, 63, DE, 27, 6F, D3, 79, B7, 56, 1F, C4, 73, 75, D5, 6C, BA, D2, 54, 49, 4A, 69, 0F, 67, 08, FA, 4B, CA, B8, 67, F4, E6, 65, F6, B0, A7, 3A, E7, 3B, EF, AE, 1F, 2B, 2D, 6E, 9E, F1, 63, A0, 91, 6A, EF, F4, 27, 0A, 6F, 8E, F0, 50, F1, 77, EE, 6F, FB, B4, A2, D6, B1, D5, 9B, B0, A4, 07, A9, CA, 47, B2, 0F, BA, 00, 94, 4D, 66, 49...
 
[+]

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
1.5 MB (1,595,904 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PowerStrip

Command:
C:\Program Files\powerstrip\pstrip.exe


Scan pstrip.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.