Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

2,6,0,9 1.35%
2,6,0,9 4.05%
2,6,0,8 67.57%
2,6,0,8 1.35%
2,6,0,8 13.51%
2,6,0,7 4.05%
2,6,0,2 1.35%
2,3,6,0 5.41%
2,3,5,2 1.35%

Relationships

Parent process
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
RegDeleteValueW, CryptDestroyKey, CryptEncrypt, CryptDestroyHash, CryptDeriveKey, GetCurrentHwProfileW, RegEnumKeyExW, RegQueryInfoKeyW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, RegDeleteKeyW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegCloseKey, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, CryptHashData, CryptAcquireContextW, CryptReleaseContext, CryptCreateHash, CryptDecrypt, RegOpenKeyExA, RegQueryValueExA, RegisterEventSourceA, ReportEventA, DeregisterEventSource
comctl32.dll
_TrackMouseEvent
gdi32.dll
DeleteObject, SelectObject, CreateFontIndirectW, GetObjectW, GetStockObject, GetDeviceCaps, DPtoLP, SetBkMode, SetTextColor
gdiplus.dll
GdiplusShutdown, GdipCreateBitmapFromStream, GdipGetImageWidth, GdipGetImageHeight, GdipGetImagePixelFormat, GdipCloneBitmapAreaI, GdipCloneImage, GdipAlloc, GdipDisposeImage, GdipFree, GdiplusStartup
kernel32.dll
CreateFileMappingW, OpenMutexW, GetLastError, OpenFileMappingW, MapViewOfFile, UnmapViewOfFile, WaitForSingleObject, ReleaseMutex, Sleep, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, lstrlenW, CreateThread, TerminateThread, GetDiskFreeSpaceExW, lstrcpynW, GetCurrentProcess, FlushInstructionCache, CompareStringW, lstrcpyW, lstrcmpiW, MultiByteToWideChar, lstrcpynA, lstrlenA, SetLastError, EnterCriticalSection, LeaveCriticalSection, GetCurrentThreadId, RaiseException, MulDiv, WideCharToMultiByte, GetVersionExW, GetProcessHeap, HeapFree, CloseHandle, HeapAlloc, CreateEventA, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, OpenProcess, GetProcessTimes, GlobalFree, Module32FirstW, Module32NextW, GetModuleHandleW, GetProcAddress, GetLocaleInfoW, GetTimeZoneInformation, GlobalMemoryStatusEx, GetTempPathW, GetTempFileNameW, SetEvent, FreeLibrary, LoadLibraryExW, GetModuleFileNameW, CreateMutexW, InterlockedIncrement, OutputDebugStringW, GetVolumeInformationW, GetFileInformationByHandle, DeviceIoControl, SetFilePointerEx, ReadFile, SetFilePointer, WriteFile, FlushFileBuffers, InitializeCriticalSectionAndSpinCount, WaitForMultipleObjects, QueueUserAPC, CreateEventW, SleepEx, PostQueuedCompletionStatus, RemoveDirectoryW, DeleteFileW, CreateDirectoryW, DeleteCriticalSection, InitializeCriticalSection, RemoveDirectoryA, DeleteFileA, CreateDirectoryA, MoveFileW, CopyFileW, FindFirstFileW, FindClose, SetEndOfFile, CreateFileW, TlsFree, ReleaseSemaphore, DuplicateHandle, CreateSemaphoreA, LoadLibraryW, GetUserDefaultLCID, GetStringTypeExA, LCMapStringA, GetFileAttributesW, GetFileAttributesA, VirtualAlloc, CreateIoCompletionPort, SetWaitableTimer, GetQueuedCompletionStatus, InterlockedCompareExchange, TlsGetValue, TlsSetValue, HeapDestroy, HeapReAlloc, HeapSize, LoadLibraryA, QueryPerformanceCounter, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoW, CreateWaitableTimerA, SystemTimeToFileTime, GetTickCount, ResumeThread, ResetEvent, OpenEventA, GetCurrentProcessId, GetSystemTimeAsFileTime, FormatMessageA, LocalFree, FindNextFileW, IsProcessorFeaturePresent, VirtualFree, TlsAlloc, InterlockedExchangeAdd, InterlockedExchange, GlobalUnlock, GlobalLock, GlobalAlloc, InterlockedDecrement, GetEnvironmentVariableW, GlobalMemoryStatus, ExpandEnvironmentStringsA, PeekNamedPipe, GetStdHandle, GetFileType, GetVersion, GetModuleHandleA, SetThreadPriority, GetCurrentThread, GetVersionExA, FlushConsoleInputBuffer, GetSystemInfo
msvcp90.dll
DllMain
msvcr90.dll
DllMain
nspr4.dll
PR_Unlock, PR_Lock, PR_ExplodeTime, PR_LocalTimeParameters, PR_sscanf, PR_NewLock, PR_smprintf_free, PR_GetCurrentThread, PR_Malloc, PR_sprintf_append, PR_GMTParameters, PR_ntohl, PR_Free, PR_IntervalNow, PR_Realloc, PR_EnterMonitor, PR_ExitMonitor, PR_Notify, PR_DestroyMonitor, PR_Close, PR_Wait, PR_DestroyPollableEvent, PR_IntervalToMilliseconds, PR_Init, PR_CreateThreadPool, PR_QueueJob, PR_ShutdownThreadPool, PR_JoinThreadPool, PR_Listen, PR_Accept, PR_RecvFrom, PR_htonll, PR_NewPollableEvent, PR_GetError, PR_WaitForPollableEvent, PR_Calloc, PR_CreateThread, PR_JoinThread, PR_MicrosecondsToInterval, PR_Poll, PR_GetOSError, PR_SetPollableEvent, PR_htons, PR_htonl, PR_SetSocketOption, PR_DestroyLock, PR_TicksPerSecond, PR_Sleep, PR_snprintf, PR_SecondsToInterval, PR_Now, PR_MillisecondsToInterval, LL_Zero, PR_ImplodeTime, PR_GetLayersIdentity, PR_PushIOLayer, PR_CreateIOLayerStub, PR_GetUniqueIdentity, PR_GetDefaultIOMethods, PR_SetError, PR_PopIOLayer, PR_GetIdentitiesLayer, PR_GetSockName, PR_WaitCondVar, PR_NotifyCondVar, PR_NewCondVar, PR_DestroyCondVar, PR_NewUDPSocket, PR_NewTCPSocket, PR_ntohs, PR_NetAddrToString, PR_EnumerateHostEnt, PR_GetHostByName, PR_IntervalToSeconds, PR_Recv, PR_Send, PR_SendTo, PR_StringToNetAddr, PR_Bind, PR_InitializeNetAddr, PR_GetConnectStatus, PR_Connect, PR_GetSocketOption, PR_NewMonitor, PR_smprintf
nss3.dll
PK11_FreeSlot, PK11_GetBestSlot, PK11_FreeSymKey, PK11_ImportSymKey, SECITEM_FreeItem, PK11_ParamFromIV, PK11_DestroyContext, PK11_CreateContextBySymKey, PK11_CipherOp, PK11_DigestFinal, NSSBase64_EncodeItem, NSSBase64_DecodeBuffer, NSS_Initialize, CERT_VerifyCertNow, CERT_GetDefaultCertDB, CERT_DestroyCertificate, CERT_VerifyCertName, PK11_FindCertFromNickname, PK11_FindKeyByAnyCert, SECKEY_DestroyPrivateKey, BTOA_DataToAscii, PORT_Free, PK11_CreateDigestContext, PK11_DigestOp, PK11_DigestBegin, PORT_ZAlloc, PK11_NeedLogin, PK11_Authenticate, PK11_IsFriendly, PK11_InitPin, PK11_NeedUserInit, PK11_GetInternalKeySlot, PK11_SetPasswordFunc, SEC_DerSignData, PORT_ArenaZAlloc, NSS_Get_CERT_CertificateTemplate, SEC_ASN1EncodeItem, SECOID_SetAlgorithmID, CERT_CreateCertificate, CERT_CreateValidity, CERT_CreateCertificateRequest, NSS_Shutdown, PK11_HashBuf, CERT_FindCertByNickname, CERT_DecodeTrustString, PK11_ImportCert, CERT_ChangeCertTrust, PK11_RandomUpdate, PK11_GenerateKeyPair, SECKEY_CreateSubjectPublicKeyInfo, CERT_AsciiToName
ole32.dll
CreateStreamOnHGlobal, CoCreateInstance, CoTaskMemAlloc, CoTaskMemRealloc, CoTaskMemFree
pdh.dll
PdhCloseQuery, PdhOpenQueryW, PdhAddCounterW, PdhCollectQueryData, PdhExpandWildCardPathW, PdhLookupPerfNameByIndexW, PdhGetFormattedCounterValue, PdhRemoveCounter
plc4.dll
PL_strncasecmp, PL_strstr, PL_strpbrk, PL_strnstr, PL_strncpyz, PL_strncmp, PL_strndup, PL_strnrstr, PL_strcpy, PL_strcmp, PL_strrchr, PL_strrstr, PL_strdup, PL_strchr, PL_strfree, PL_strcasecmp, PL_strlen
rpcrt4.dll
UuidCreate
sensapi.dll
IsNetworkAlive
shell32.dll
ShellExecuteW, SHGetFolderPathA, ShellExecuteExW, SHGetFolderPathW, SHCreateDirectoryExW
smime3.dll
CERT_DecodeCertFromPackage
ssl3.dll
SSL_SetURL, SSL_AuthCertificateHook, SSL_OptionSet, SSL_ImportFD, SSL_RevealURL, SSL_ConfigSecureServer, SSL_ResetHandshake, SSL_PeerCertificate, SSL_ConfigServerSessionIDCache, NSS_SetDomesticPolicy, SSL_RevealPinArg, NSS_FindCertKEAType, SSL_OptionSetDefault
user32.dll
LoadCursorW, GetClassNameW, LoadStringW, LoadStringA, PostQuitMessage, SetFocus, DialogBoxParamW, EndDialog, DestroyMenu, GetMenuItemCount, AppendMenuW, GetMenuItemInfoW, MessageBeep, GetDC, MonitorFromPoint, PeekMessageW, PtInRect, InvalidateRect, CreatePopupMenu, RemoveMenu, UpdateWindow, ScreenToClient, GetCursorPos, GetDlgCtrlID, ReleaseCapture, DrawTextW, OffsetRect, TrackPopupMenuEx, ReleaseDC, GetCapture, SetCapture, SetCursor, IsWindow, CharNextW, GetWindowTextW, CallWindowProcW, DrawFocusRect, GetFocus, GetSysColor, UnregisterClassA, IsWindowEnabled, FillRect, EndPaint, BeginPaint, DestroyWindow, ShowWindow, SetDlgItemInt, SetDlgItemTextW, EnableWindow, GetDlgItemInt, SendMessageTimeoutW, DispatchMessageW, TranslateMessage, GetMessageW, LoadMenuW, LoadAcceleratorsW, LoadImageW, RegisterWindowMessageW, CreateWindowExW, SendMessageW, SetWindowTextW, GetDlgItem, CheckDlgButton, LoadBitmapW, SetWindowPos, MapWindowPoints, GetClientRect, GetParent, GetWindowRect, GetMonitorInfoW, GetClassInfoExW, wvsprintfW, DefWindowProcW, SetWindowLongW, SetRectEmpty, TranslateAcceleratorW, GetActiveWindow, PostMessageW, IsDlgButtonChecked, MessageBoxW, GetWindow, GetWindowLongW, MonitorFromWindow, KillTimer, SetTimer, RegisterClassExW, GetWindowTextLengthW, GetDesktopWindow, MessageBoxA, GetUserObjectInformationW, SystemParametersInfoW, GetProcessWindowStation, EnumWindows
winhttp.dll
WinHttpOpen, WinHttpSetStatusCallback, WinHttpCloseHandle, WinHttpGetProxyForUrl
wininet.dll
DetectAutoProxyUrl, InternetQueryOptionW
ws2_32.dll
WSALookupServiceNextW, WSALookupServiceEnd, WSALookupServiceBeginW, WSANSPIoctl, getaddrinfo, freeaddrinfo

PMB.exe

Pando Media Booster by Pando Networks (Signed)

Remove PMB.exe
Version:   2,6,0,9
MD5:   6fe3c7ef5d91c21d5fc1283064eead8e
SHA1:   4780c0ba9be758b658f98ae7a4d31a6afa95a35f
SHA256:   3de1becc3ab1801b58401d64ea57bf8dfb0bbb9b0e9a57f484aea6bf8eb02387

Overview

pmb.exe executes as a process with the local user's privileges usually within the context of Windows Explorer. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. This is typically installed with the program Pando Media Booster published by Pando Networks Inc. and is most likely removed by most users once installed (51% removed).

DetailsDetails

File name:pmb.exe
Product name:Pando Media Booster
Typical file path:C:\Program Files\pando networks\media booster\pmb.exe
File version:2,6,0,9
Size:4.09 MB (4,288,048 bytes)
Build date:3/27/2013 3:55 PM
Certificate
Issued to:Pando Networks
Authority (CA):Thawte
Effective date:Wednesday, April 4, 2012
Expiration date:Sunday, June 29, 2014
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++ 9.0
.NET CLR:No
More details

ResourcesPrograms

The following program will install this file
Pando Networks Inc.
  51% remove
Pando Media Booster (PMB) is an application by Pando Networks that is used by game and software publishers to ensure safe, complete and speedy downloads of large files. PMB is primarily used to download MMORPGs. Users of PMB participate in a secure, closed peer-to-peer network where users receive pieces of the download package from a Content Delivery Network (CDN) as well as other active users (peers). Unlike Pando, PMB cannot be used t...

BehaviorsBehaviors

Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'Pando Media Booster' → C:\Program Files\Pando Networks\Media Booster\PMB.exe
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\Program Files\Mozilla Firefox\Pando Networks\Media Booster\PMB.exe'
  • Firewall exception for 'C:\Program Files\Pando Networks\Media Booster\PMB.exe'
  • Firewall exception for 'C:\Program Files\Pando Networks\Media Booster\PMB.exe'
Network connections
Access through an approved Windows firewall exception
  • [UDP] listens on port 57535
  • [UDP] listens on port 58960

  • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00088687%
    0.028634%
    Kernel CPU:0.00037479%
    0.013761%
    User CPU:0.00051208%
    0.014873%
    Kernel CPU time:248,159 ms/min
    100,923,805ms/min
    CPU cycles:9,378,169/sec
    17,470,203/sec
    Memory
    Private memory:21.15 MB
    21.59 MB
    Private (maximum):27.96 MB
    Private (minimum):16.56 MB
    Non-paged memory:21.15 MB
    21.59 MB
    Virtual memory:138.43 MB
    140.96 MB
    Virtual memory (peak):161.07 MB
    169.69 MB
    Working set:17.24 MB
    18.61 MB
    Working set (peak):28.05 MB
    37.95 MB
    Page faults:279,314/min
    2,039/min
    I/O
    I/O read transfer:30.68 KB/sec
    1.02 MB/min
    I/O read operations:6/sec
    343/min
    I/O write transfer:1.54 KB/sec
    274.99 KB/min
    I/O write operations:2/sec
    227/min
    I/O other transfer:1.17 KB/sec
    448.09 KB/min
    I/O other operations:98/sec
    1,671/min
    Resource allocations
    Threads:26
    12
    Handles:513
    600
    GUI GDI count:14
    103
    GUI GDI peak:16
    142
    GUI USER count:12
    49
    GUI USER peak:14
    71

    BehaviorsProcess properties

    Integrety level:Medium
    Platform:64-bit
    Command line:"C:\Program Files\pando networks\media booster\pmb.exe"
    Owner:User
    Parent process:explorer.exe (Windows Explorer by Microsoft Corporation)

    ResourcesThreads

    Averages
     
    PMB.exe (main module)
    Total CPU:0.06843573%
    0.272967%
    Kernel CPU:0.04974910%
    0.107585%
    User CPU:0.01868663%
    0.165382%
    CPU cycles:1,274,138/sec
    5,741,424/sec
    Context switches:1/sec
    79/sec
    Memory:4.13 MB
    1.16 MB
    MSVCR90.dll
    Total CPU:0.00014279%
    Kernel CPU:0.00006460%
    User CPU:0.00007819%
    CPU cycles:37,190/sec
    Context switches:2/sec
    Memory:652 KB
    wow64cpu.dll
    Total CPU:0.00006146%
    Kernel CPU:0.00003342%
    User CPU:0.00002804%
    CPU cycles:304/sec
    Memory:32 KB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Home Premium 27.03%
    Microsoft Windows XP 25.68%
    Windows 7 Ultimate 20.27%
    Windows 8 Pro 8.11%
    Windows 7 Professional 6.76%
    Windows 8 Pro with Media Center 4.05%
    Windows 8 4.05%
    Windows Vista Home Premium 2.70%
    Windows 7 Starter 1.35%

    Distribution by countryDistribution by country

    United States installs about 35.14% of Pando Media Booster.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Toshiba 21.05%
    GIGABYTE 17.54%
    Hewlett-Packard 14.04%
    Acer 14.04%
    Dell 10.53%
    Compaq 7.02%
    Intel 3.51%
    Sony 3.51%
    Sahara 3.51%
    ASUS 3.51%
    American Megatrends 1.75%
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE