Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

27f1b 40.00%
0e4c4 7.50%
1428e 17.50%
e2410 5.00%
1f438 2.50%
13721 2.50%
9a386 2.50%
0066c 2.50%
7c018 2.50%
8b3fc 2.50%
19fb4 2.50%
bb67d 2.50%
cab78 2.50%
ada0d 2.50%
43cb6 2.50%
49b76 2.50%
(Note, Even Balance publishes each variation of this file with the same version, but the hashes are unique.)

Relationships

Parent process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
CloseServiceHandle, RegQueryValueExA, RegOpenKeyExA, DeleteService, ControlService, OpenServiceA, OpenSCManagerA, StartServiceA, CreateServiceA, StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA, RegCreateKeyExA, RegSetValueExA, SetServiceStatus, RegCloseKey
crypt32.dll
CryptDecodeObject, CertFreeCertificateContext, CryptMsgClose, CertCloseStore, CertVerifyTimeValidity, CertFindCertificateInStore, CryptMsgGetParam, CertGetNameStringA, CryptQueryObject
kernel32.dll
lstrcmpA, FileTimeToLocalFileTime, SystemTimeToFileTime, GetFileAttributesA, SetFileAttributesA, FileTimeToSystemTime, MultiByteToWideChar, FormatMessageA, lstrlenA, LocalAlloc, LocalFree, LoadLibraryA, GetProcAddress, DeviceIoControl, GetPriorityClass, GetCurrentThread, GetThreadPriority, CloseHandle, CreateFileA, GetTickCount, SetEnvironmentVariableA, CompareStringW, CompareStringA, HeapSize, SetEndOfFile, SetStdHandle, IsBadCodePtr, IsBadReadPtr, SetUnhandledExceptionFilter, InitializeCriticalSection, VirtualProtect, GetOEMCP, GetACP, GetSystemDirectoryA, CopyFileA, Sleep, GetVersionExA, GetSystemInfo, GetCurrentProcess, GetLastError, FreeLibrary, lstrcpyW, GetCurrentProcessId, ExitProcess, HeapAlloc, HeapFree, RtlUnwind, DeleteFileA, GetSystemTimeAsFileTime, WideCharToMultiByte, GetModuleHandleA, GetCommandLineA, QueryPerformanceCounter, GetCurrentThreadId, GetModuleFileNameA, TlsAlloc, SetLastError, TlsFree, TlsSetValue, TlsGetValue, LCMapStringA, LCMapStringW, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, IsBadWritePtr, ReadFile, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, SetFilePointer, InterlockedExchange, VirtualQuery, WriteFile, FlushFileBuffers, GetTimeZoneInformation, TerminateProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetStringTypeA, GetStringTypeW, GetCPInfo, GetLocaleInfoA, CreateDirectoryA
shell32.dll
SHGetFolderPathA
user32.dll
wsprintfA
wintrust.dll
WinVerifyTrust

pnkbstrb.exe

By Even Balance (Signed)

Remove pnkbstrb.exe
MD5:   27f1be4a53441c9f1f48b9adc145b0a5
SHA1:   20a8f830d19b54e03fc36dae42d132f7c88167b2
SHA256:   8e2a136c508fe5c602bb9140462541a3882e751983da56498b5efa3777e68d99

Overview

pnkbstrb.exe runs as a service under the name PnkBstrB with extensive SYSTEM privileges (full administrator access). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. The file is digitally signed by Even Balance which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:pnkbstrb.exe
Typical file path:C:\windows\syswow64\pnkbstrb.exe
Size:184.81 KB (189,248 bytes)
Certificate
Issued to:Even Balance
Authority (CA):VeriSign
Digital DNA
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'PnkBstrB'
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\WINDOWS\system32\PnkBstrB.exe'
  • Firewall exception for 'C:\WINDOWS\system32\PnkBstrB.exe'
Network connections
Access through an approved Windows firewall exception
  • [UDP] listens on port 45301

    • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00361072%
    0.028634%
    Kernel CPU:0.00135977%
    0.013761%
    User CPU:0.00225094%
    0.014873%
    Kernel CPU time:1,799,159 ms/min
    100,923,805ms/min
    CPU cycles:7,003,607/sec
    17,470,203/sec
    Context switches:332/sec
    284/sec
    Memory
    Private memory:2.75 MB
    21.59 MB
    Private (maximum):4.03 MB
    Private (minimum):2.8 MB
    Non-paged memory:2.75 MB
    21.59 MB
    Virtual memory:43.91 MB
    140.96 MB
    Virtual memory (peak):46.96 MB
    169.69 MB
    Working set:3.17 MB
    18.61 MB
    Working set (peak):4.3 MB
    37.95 MB
    Page faults:2,249/min
    2,039/min
    I/O
    I/O read transfer:118 Bytes/sec
    1.02 MB/min
    I/O read operations:1/sec
    343/min
    I/O write transfer:2 Bytes/sec
    274.99 KB/min
    I/O write operations:1/sec
    227/min
    I/O other transfer:7 Bytes/sec
    448.09 KB/min
    I/O other operations:1/sec
    1,671/min
    Resource allocations
    Threads:4
    12
    Handles:89
    600
    GUI GDI count:4
    103
    GUI USER count:1
    49

    BehaviorsProcess properties

    Integrety level:System
    Platform:32-bit
    Command lines:
    • C:\windows\syswow64\pnkbstrb.exe
    • C:\Windows\System32\pnkbstrb.exe
    Owner:SYSTEM
    Windows Service
    Service name:PnkBstrB
    Description:“PunkBuster Service Component [v2.304 BFP4F] http://www.evenbalance.com”
    Type:Win32OwnProcess
    Parent process:services.exe (Services and Controller app by Microsoft)

    ResourcesThreads

    Averages
     
    sechost.dll
    Total CPU:0.14646145%
    0.272967%
    Kernel CPU:0.02131558%
    0.107585%
    User CPU:0.12514587%
    0.165382%
    CPU cycles:65,577,440/sec
    5,741,424/sec
    Context switches:1,032/sec
    79/sec
    Memory:100 KB
    1.16 MB
    advapi32.dll (Advanced Windows 32 Base API by Microsoft)
    Total CPU:0.04727477%
    Kernel CPU:0.00671185%
    User CPU:0.04056292%
    Memory:620 KB
    wow64.dll (Win32 Emulation on NT64 by Microsoft)
    Total CPU:0.04658820%
    Kernel CPU:0.00186353%
    User CPU:0.04472467%
    CPU cycles:108,828,889/sec
    Context switches:859/sec
    Memory:252 KB
    PnkBstrB.exe (main module)
    Total CPU:0.00016164%
    Kernel CPU:0.00015419%
    User CPU:0.00000745%
    CPU cycles:936/sec
    Memory:180 KB

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Microsoft Windows XP 27.50%
    Windows 7 Home Premium 20.00%
    Windows 7 Ultimate 15.00%
    Windows 7 Professional 12.50%
    Windows 7 Home Basic 7.50%
    Windows Developer Preview 5.00%
    Windows Vista Home Premium 5.00%
    Windows Vista Home Basic 5.00%
    Windows 8 Pro 2.50%

    Distribution by countryDistribution by country

    United States installs about 30.00% of pnkbstrb.exe.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Toshiba 20.00%
    GIGABYTE 20.00%
    ASUS 20.00%
    Acer 15.00%
    Lenovo 10.00%
    Dell 10.00%
    Hewlett-Packard 5.00%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE