» pstrmi64.dll
Overview
Analysis
File Details
Programs (1)

pstrmi64.dll

pstri

One Call Ltd

The module pstrmi64.dll by One Call has been detected as adware by 8 anti-malware scanners. This file is typically installed with the program PastaLeads by One Call Ltd which is a potentially unwanted software program.

File name:

pstrmi64.dll

Publisher:

PastaQuotes (signed by One Call Ltd)

Product:

pstri

Description:

Pasta Helper

Version:

1, 0, 0, 15

MD5:

ac7d629def59fae09e10d24868634afd

SHA-1:

91f743264237d3fcd120ec19e41abf8695582b88

SHA-256:

d7d579c4338ebe071307629857fffc40596a17ce0a8d7ab365b3658ec702dcf6

Scanner detections:

8 / 68

Status:

Adware

Analysis date:

4/26/2024 12:10:23 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.PicRec.A

558

Bitdefender

Adware.PicRec.A

1.0.20.1040

Emsisoft Anti-Malware

Adware.PicRec

8.15.07.27.10

F-Secure

Adware.PicRec.A

11.2015-27-07_2

G Data

Adware.PicRec

15.7.24

MicroWorld eScan

Adware.PicRec.A

16.0.0.624

nProtect

Adware.PicRec.A

14.10.24.01

Reason Heuristics

PUP.SimplyTech.OneCall (M)

15.7.27.10

File size:

995.7 KB (1,019,552 bytes)

Product version:

1, 0, 0, 15

Original file name:

pstri

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\Program Files\common files\pastaleads\pastaquotes\pstrmi64.dll

Digital Signature

Signed by:

One Call Ltd

Authority:

COMODO CA Limited

Valid from:

12/30/2013 4:00:00 PM

Valid to:

12/31/2014 3:59:59 PM

Subject:

CN=One Call Ltd, O=One Call Ltd, STREET=Zarhin 10, L=Raanana, S=IL, PostalCode=12345, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

3319A851B8E5EE29CCF776BCF148B091

File PE Metadata

Compilation timestamp:

8/22/2014 4:29:44 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:AxtUD3plGxDSjObVOd0tjf6H5W/PSrsK67gTI8OiYngkp/0:itUD3bMDSjXd0tzquqs7+3LWrp/

Entry address:

0x72830

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, FB, 1F, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, FC, 89, 07, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.0862

Code size:

660.5 KB (676,352 bytes)

The file pstrmi64.dll has been discovered within the following program.

PastaLeads by One Call Ltd

PastaLeads is an advertising supported browser extension also known as adware and is designed to deliver ads to the user's Internet browser as banners, context text-links and transitionals ads. The injected ads are not affiliated with the underlying website on which they appear.

87% remove it

Remove pstrmi64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.