home

pstsrv.exe

pstsrv.exe

One Call Ltd

The application pstsrv.exe, “Enables you to find the best service professionals in your area and compare offers.” by One Call has been detected as adware by 9 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “PastaQuotes”.
Publisher:
PastaQuotes  (signed by One Call Ltd)

Product:
pstsrv.exe

Description:
Enables you to find the best service professionals in your area and compare offers.

Version:
1, 0, 0, 14

MD5:
6be739e1caed4484a653a90d4d654d6c

SHA-1:
9b1a97f2c989f10e9a61cdbce3e69abb82bc1efe

SHA-256:
614bec4038f544dbb4c6b0ea68a4242ee5b4e38a06829ab07920a55e278129a4

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
5/10/2024 10:28:23 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.PicRec.A
459

Bitdefender
Adware.PicRec.A
1.0.20.1535

Emsisoft Anti-Malware
Adware.PicRec
8.15.11.03.12

F-Secure
Adware.PicRec.A
11.2015-03-11_3

G Data
Adware.PicRec
15.11.24

Malwarebytes
PUP.Optional.PastaQuotes.A
v2015.11.03.12

MicroWorld eScan
Adware.PicRec.A
16.0.0.921

nProtect
Adware.PicRec.A
15.01.23.01

Reason Heuristics
PUP.SimplyTech.OneCall (M)
15.11.3.0

File size:
1.1 MB (1,179,296 bytes)

Product version:
1, 0, 0, 14

Copyright:
Copyright (C) 2014

Original file name:
pstsrv.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\common files\pastaleads\pastaquotes\pstsrv.exe

Digital Signature
Signed by:
One Call Ltd

Authority:
COMODO CA Limited

Valid from:
12/31/2013 3:00:00 AM

Valid to:
1/1/2015 2:59:59 AM

Subject:
CN=One Call Ltd, O=One Call Ltd, STREET=Zarhin 10, L=Raanana, S=IL, PostalCode=12345, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3319A851B8E5EE29CCF776BCF148B091

File PE Metadata
Compilation timestamp:
8/5/2014 10:14:47 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
12.0

CTPH (ssdeep):
24576:4UyLhXbRA8iS3jvFd++KjxIE5EC0xPTRiHiMxBbs2dIxAJvyu/ZJvRSpBZXkjo0G:aWovRbbLA8nZXwo0aC0TdZ4I

Entry address:
0x68F7A

Entry point:
E8, 25, 65, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 88, FB, 50, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, B0, A4, 50, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 88, FB, 50, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00...
 
[+]

Entropy:
6.4775

Code size:
825 KB (844,800 bytes)

Service
Display name:
PastaQuotes

Service name:
PSTpd

Description:
Enables you to find the best service professionals in your area and compare offers.

Type:
Win32OwnProcess


Remove pstsrv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.