» pastarter.exe
Overview
Analysis
File Details
Behaviors (1)

pastarter.exe

ConeXware, Inc

The executable pastarter.exe has been detected as malware by 13 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘PowerArchiver Tray’.

File name:

pastarter.exe

Publisher:

ConeXware, Inc (signed and verified)

Version:

1.10.6.1

MD5:

3e3858dd137b1a464908113ce545f028

SHA-1:

7d2eada1c2c00d259a62a89ec4a2afdb40b4aaf6

SHA-256:

70b7dfd151e7bdb15455a7774df23947fd270d1e70503b5d545a48b7443694c8

Scanner detections:

13 / 68

Status:

Malware

Analysis date:

12/27/2024 12:52:39 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Parite

160327-1

AVG

Win32/Parite

2015.0.4355

Dr.Web

Win32.Parite.2

9.0.1.05190

Emsisoft Anti-Malware

Win32.Parite

11.5.0.6191

ESET NOD32

Win32/Parite.B virus

8.0.319.0

F-Prot

W32/Parite.B

4.6.5.141

F-Secure

Win32.Parite.B

5.15.96

Kaspersky

Virus.Win32.Parite

15.0.0.562

McAfee

Virus.W32/Pate.b

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.219.373.0

Norman

Win32.Parite.B

02.04.2016 17:35:19

VIPRE Antivirus

Threat.46249

48690

File size:

1.6 MB (1,707,994 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\powerarchiver\pastarter.exe

Digital Signature

Signed by:

ConeXware, Inc

Authority:

VeriSign, Inc.

Valid from:

8/18/2013 2:00:00 AM

Valid to:

11/17/2016 12:59:59 AM

Subject:

CN="ConeXware, Inc", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="ConeXware, Inc", L=Reston, S=Virginia, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3414D4E2AB75A0FD628D84C24700B76F

File PE Metadata

Compilation timestamp:

10/1/2014 4:42:11 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:ByHMN1uOA4BiJAK7+dABnBg9rg8M8JdB6SRcK6v6G9H/vZvnwBJC6yzyu+U++6IM:ByWMruVJd8SRclbHVd62yH7

Entry address:

0x196000

Entry point:

90, BB, B2, EE, 1B, 00, 90, BA, 20, 60, 59, 00, 90, 68, 98, 05, 00, 00, 5E, FF, 34, 32, 31, 1C, 24, 8F, 04, 32, 90, 4E, 83, EE, 03, 90, 75, EF, 5A, 93, 1A, 00, B2, EE, 1B, 00, B2, EE, 5B, 00, 5A, 2F, 08, 00, 4A, B7, 0C, 00, 68, B1, 0C, 00, B2, 5E, 19, 00, 4D, 11, E4, FF, FA, 04, 4E, 00, EA, 1D, 4E, 00, D2, 1D, 4E, 00, 66, 13, 08, 00, E4, 1D, 0E, 00, EC, 1D, 0E, 00, FA, E8, 0F, 00, E4, 1D, 0E, 00, EC, 1D, 0E, 00, B2, EE, 1B, 00, B2, EE, 1B, 00, B2, EE, 1B, 00, B2, EE, 1B, 00, B2, EE, 1B, 00, B2, EE, 1B, 00... 
[+]

Code size:

1.2 MB (1,288,192 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

PowerArchiver Tray

Command:

C:\Program Files\powerarchiver\pastarter.exe

Remove pastarter.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.