Should I block it?

No, this file is 100% safe to run.

Additional versions

27f1b	40.00%
0e4c4	7.50%
1428e	17.50%
e2410	5.00%
1f438	2.50%
13721	2.50%
9a386	2.50%
0066c	2.50%
7c018	2.50%
8b3fc	2.50%
19fb4	2.50%
bb67d	2.50%
cab78	2.50%
ada0d	2.50%
43cb6	2.50%
49b76	2.50%

(Note, Even Balance publishes each variation of this file with the same version, but the hashes are unique.)

Relationships

Parent process

services.exe (Services and Controller app by Microsoft)

Related files

PE file structure

Show functions

Import table

advapi32.dll

CloseServiceHandle, RegQueryValueExA, RegOpenKeyExA, DeleteService, ControlService, OpenServiceA, OpenSCManagerA, StartServiceA, CreateServiceA, StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA, RegCreateKeyExA, RegSetValueExA, SetServiceStatus, RegCloseKey

crypt32.dll

CryptDecodeObject, CertFreeCertificateContext, CryptMsgClose, CertCloseStore, CertVerifyTimeValidity, CertFindCertificateInStore, CryptMsgGetParam, CertGetNameStringA, CryptQueryObject

kernel32.dll

lstrcmpA, FileTimeToLocalFileTime, SystemTimeToFileTime, GetFileAttributesA, SetFileAttributesA, FileTimeToSystemTime, MultiByteToWideChar, FormatMessageA, lstrlenA, LocalAlloc, LocalFree, LoadLibraryA, GetProcAddress, DeviceIoControl, GetPriorityClass, GetCurrentThread, GetThreadPriority, CloseHandle, CreateFileA, GetTickCount, SetEnvironmentVariableA, CompareStringW, CompareStringA, HeapSize, SetEndOfFile, SetStdHandle, IsBadCodePtr, IsBadReadPtr, SetUnhandledExceptionFilter, InitializeCriticalSection, VirtualProtect, GetOEMCP, GetACP, GetSystemDirectoryA, CopyFileA, Sleep, GetVersionExA, GetSystemInfo, GetCurrentProcess, GetLastError, FreeLibrary, lstrcpyW, GetCurrentProcessId, ExitProcess, HeapAlloc, HeapFree, RtlUnwind, DeleteFileA, GetSystemTimeAsFileTime, WideCharToMultiByte, GetModuleHandleA, GetCommandLineA, QueryPerformanceCounter, GetCurrentThreadId, GetModuleFileNameA, TlsAlloc, SetLastError, TlsFree, TlsSetValue, TlsGetValue, LCMapStringA, LCMapStringW, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, IsBadWritePtr, ReadFile, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, SetFilePointer, InterlockedExchange, VirtualQuery, WriteFile, FlushFileBuffers, GetTimeZoneInformation, TerminateProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetStringTypeA, GetStringTypeW, GetCPInfo, GetLocaleInfoA, CreateDirectoryA

shell32.dll

SHGetFolderPathA

user32.dll

wsprintfA

wintrust.dll

WinVerifyTrust

pnkbstrb.exe

By Even Balance (Signed)

Remove pnkbstrb.exe

MD5:	e24106a5eaecddff00b25497049dd65f
SHA1:	ae6e73f03a21c159cf0ed82b1872fb7bafce24a9
SHA256:	b1ba1aebc15a0ef04da95e5ed2e4e6c5b9fbe8b0d80e7582a1a1b59c5724bd64

Overview

pnkbstrb.exe runs as a service under the name PnkBstrB with extensive SYSTEM privileges (full administrator access). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. The file is digitally signed by Even Balance which was issued by the VeriSign certificate authority (CA).

Details

File name:	pnkbstrb.exe
Typical file path:	C:\windows\syswow64\pnkbstrb.exe
Size:	105.3 KB (107,832 bytes)
Certificate
Issued to:	Even Balance
Authority (CA):	VeriSign
Digital DNA
File packed:	No
.NET CLR:	No

More details

Behaviors

Services

Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)

'PnkBstrB'

Windows firewall allowed programs

Exceptions allow programs to access to the Internet through an outbound connections

Firewall exception for 'C:\WINDOWS\system32\PnkBstrB.exe'
Firewall exception for 'C:\WINDOWS\system32\PnkBstrB.exe'

Network connections

Access through an approved Windows firewall exception

[UDP] listens on port 45301

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00117094%	0.028634%
Kernel CPU:	0.00023799%	0.013761%
User CPU:	0.00093295%	0.014873%
Kernel CPU time:	47 ms/min	100,923,805ms/min
Context switches:	404/sec	284/sec
Memory
Private memory:	2.52 MB	21.59 MB
Private (maximum):	5.22 MB
Private (minimum):	4.67 MB
Non-paged memory:	2.52 MB	21.59 MB
Virtual memory:	45.33 MB	140.96 MB
Virtual memory (peak):	47.58 MB	169.69 MB
Working set:	4.67 MB	18.61 MB
Working set (peak):	5.22 MB	37.95 MB
Page faults:	4,364/min	2,039/min
Resource allocations
Threads:	4	12
Handles:	114	600

Process properties

Integrety level:	Undefined
Platform:	64-bit
Command lines:	C:\windows\syswow64\pnkbstrb.exe C:\Windows\System32\pnkbstrb.exe
Owner:	SYSTEM
Windows Service
Service name:	PnkBstrB
Description:	“PunkBuster Service Component [v2.304 BFP4F] http://www.evenbalance.com”
Type:	Win32OwnProcess
Parent process:	services.exe (Services and Controller app by Microsoft)

Threads

Averages

wow64.dll
Total CPU:	0.00843428%	0.272967%
Kernel CPU:	0.00140571%	0.107585%
User CPU:	0.00702857%	0.165382%
CPU cycles:	12,442,641/sec	5,741,424/sec
Context switches:	560/sec	79/sec
Memory:	252 KB	1.16 MB
PnkBstrB.exe (main module)
Total CPU:	0.00070285%
Kernel CPU:	0.00035143%
User CPU:	0.00035143%
CPU cycles:	15,584/sec
Memory:	1.13 MB
sechost.dll
Total CPU:	0.00025612%
Kernel CPU:	0.00025612%
User CPU:	0.00000000%
CPU cycles:	3,114,091/sec
Context switches:	403/sec
Memory:	100 KB

Distribution by Windows OS

OS version	distribution
Microsoft Windows XP	27.50%
Windows 7 Home Premium	20.00%
Windows 7 Ultimate	15.00%
Windows 7 Professional	12.50%
Windows 7 Home Basic	7.50%
Windows Developer Preview	5.00%
Windows Vista Home Premium	5.00%
Windows Vista Home Basic	5.00%
Windows 8 Pro	2.50%

Distribution by country

United States installs about 30.00% of pnkbstrb.exe.

Distribution by PC manufacturer

PC Manufacturer	distribution
Toshiba	20.00%
GIGABYTE	20.00%
ASUS	20.00%
Acer	15.00%
Lenovo	10.00%
Dell	10.00%
Hewlett-Packard	5.00%

Remove Adware and Spyware Programs, FREE Download!