Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

8.1.0.33 10.00%
8.0.0.9 30.00%
7.0.0.22 20.00%
7.0.0.13 10.00%
7.0.0.10 10.00%
7.0.0.9 10.00%
7.0.0.8 10.00%

Relationships

Parent process
Related files

PE structurePE file structure
Show functions
Import table
a2engine.dll
ScanBootRecordsEx, ScanProcessEx, ScanMemoryEx, ScanTracesEx, ScanCookiesEx, ScanDirectoryEx, ScanFileEx, GetDefaultIncludeExtensionList, GetDefaultExcludeExtensionList, CloseScanTaskHandle, ChangeScanTaskPriority, GetScanEngineInformationString, ScanBootRecords, FreeScanBufferString, ScanBuffer, ScanProcess, ScanMemory, ScanTraces, ScanCookies, ScanDirectory, ScanFile, WaitForScanTaskToFinish, StopScanTask, ResumeScanTask, PauseScanTask, RequestScanTaskStatus, ClearWhiteList, RemoveItemFromWhiteList, AddItemToWhiteList, GetScanSettings, SetScanSettings, GetSignatureCount, LoadSignatureDatabase, SetDatabaseDirectoryPath, IsDdaDriverInstalled, UninstallDdaDriver, InstallDdaDriver
advapi32.dll
RegQueryValueExW, RegOpenKeyExW, RegCloseKey, SetSecurityDescriptorDacl, RevertToSelf, ReportEventW, RegisterEventSourceW, RegUnLoadKeyW, RegSetValueExW, RegSaveKeyW, RegRestoreKeyW, RegReplaceKeyW, RegQueryValueExA, RegQueryInfoKeyW, RegOpenKeyExA, RegLoadKeyW, RegFlushKey, RegEnumValueW, RegEnumKeyExA, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegConnectRegistryW, OpenProcessToken, LookupPrivilegeValueW, LookupPrivilegeNameA, LookupPrivilegeNameW, LookupAccountSidW, LogonUserW, IsValidSid, InitializeSecurityDescriptor, ImpersonateLoggedOnUser, GetUserNameA, GetUserNameW, GetTokenInformation, GetSecurityDescriptorDacl, GetAce, FreeSid, DuplicateTokenEx, DeregisterEventSource, CreateProcessAsUserW, AllocateAndInitializeSid, AdjustTokenPrivileges, UnlockServiceDatabase, StartServiceW, StartServiceCtrlDispatcherW, SetServiceStatus, SetServiceObjectSecurity, RegisterServiceCtrlHandlerW, QueryServiceStatus, QueryServiceObjectSecurity, QueryServiceConfigW, OpenServiceW, OpenSCManagerW, LockServiceDatabase, DeleteService, CreateServiceW, ControlService, CloseServiceHandle, ChangeServiceConfigW, CryptEncrypt, CryptImportKey, CryptDestroyKey, CryptReleaseContext, CryptAcquireContextW, SetNamedSecurityInfoW, SetEntriesInAclA, SetEntriesInAclW, BuildExplicitAccessWithNameA, ChangeServiceConfig2W
comctl32.dll
ImageList_Destroy, ImageList_Add, ImageList_Create, InitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_GetImageInfo, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Copy, ImageList_LoadImageW, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_SetOverlayImage, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_SetImageCount, ImageList_GetImageCount
crypt32.dll
CryptQueryObject, CertGetNameStringW, CertFindCertificateInStore, CertCloseStore, CryptMsgGetParam, CryptMsgClose
gdi32.dll
UnrealizeObject, TextOutA, StretchDIBits, StretchBlt, StartPage, StartDocW, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PolyBezierTo, PolyBezier, PlayEnhMetaFile, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32A, GetTextExtentPoint32W, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectW, GetMapMode, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionW, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetCurrentObject, GetClipBox, GetBrushOrgEx, GetBitmapBits, FrameRgn, ExtTextOutW, ExtFloodFill, ExcludeClipRect, EnumFontsW, EnumFontFamiliesExW, EndPage, EndDoc, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgnIndirect, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateICW, CreateHalftonePalette, CreateFontIndirectA, CreateFontIndirectW, CreateFontA, CreateDIBitmap, CreateDIBSection, CreateDCW, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileW, CombineRgn, Chord, BitBlt, Arc, AbortDoc, TranslateCharsetInfo
iphlpapi.dll
GetAdaptersInfo, GetNumberOfInterfaces
kernel32.dll
lstrcmpiA, LoadLibraryA, LocalFree, LocalAlloc, GetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryW, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, IsValidLocale, GetSystemDefaultUILanguage, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetUserDefaultUILanguage, GetLocaleInfoW, GetLastError, GetCurrentDirectoryW, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, ExitThread, CreateThread, CompareStringW, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, CreateFileW, CloseHandle, TlsSetValue, TlsGetValue, DllMain, GetVolumePathNamesForVolumeNameW, GetVolumeNameForVolumeMountPointW, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, SetFilePointerEx, GetLongPathNameW
msimg32.dll
AlphaBlend
ntdll.dll
RtlInitUnicodeString, NtQuerySymbolicLinkObject, NtOpenSymbolicLinkObject, NtOpenDirectoryObject, NtClose
ole32.dll
CoTaskMemFree, StringFromCLSID, OleUninitialize, OleInitialize, CoTaskMemAlloc, CoCreateGuid, CoCreateInstance, IsEqualGUID
oleaut32.dll
SysFreeString, SysReAllocStringLen, SysAllocStringLen, SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
sfc.dll
SfcIsFileProtected
shell32.dll
SHFileOperationW, ShellExecuteA, ShellExecuteW, SHGetSpecialFolderPathW
user32.dll
LoadStringW, MessageBoxA, CharNextW, DllMain
version.dll
VerQueryValueA, VerQueryValueW, GetFileVersionInfoSizeA, GetFileVersionInfoSizeW, GetFileVersionInfoA, GetFileVersionInfoW
winspool.drv
OpenPrinterW, EnumPrintersW, DocumentPropertiesW, ClosePrinter, GetDefaultPrinterW
wintrust.dll
WinVerifyTrust, CryptCATAdminReleaseCatalogContext, CryptCATCatalogInfoFromContext, CryptCATAdminEnumCatalogFromHash, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminReleaseContext, CryptCATAdminAcquireContext
Export table
EurekaLog_AttachedFilesRequestEvent
EurekaLog_CallCreateThread
EurekaLog_CallExceptObject
EurekaLog_CallExitThread
EurekaLog_CallGeneralRaise
EurekaLog_CallResumeThread
EurekaLog_CustomButtonClickEvent
EurekaLog_CustomDataRequestEventEx
EurekaLog_CustomWebFieldsRequestEvent
EurekaLog_ExceptionActionNotifyEvent
EurekaLog_ExceptionErrorNotifyEvent
EurekaLog_ExceptionNotifyEvent
EurekaLog_HandledExceptionNotifyEvent
EurekaLog_LastDelphiException
EurekaLog_PasswordRequestEvent
EurekaLog_PasswordRequestEventEx
ExceptionManager

a2service.exe

Emsisoft Anti-Malware by Emsisoft GmbH (Signed)

Remove a2service.exe
Version:   7.0.0.8
MD5:   e327c0de1d7013be360881801c0ab0fa
SHA1:   6718755287c4ca84515b03f0cc382ea899d64e90
SHA256:   0f5abcd843711bb3df50105665ec9593f32c8b0d279066a15e8e6ad5eb287043

Overview

a2service.exe runs as a service under the name a2AntiMalware (a2AntiMalware) with extensive SYSTEM privileges (full administrator access). It is installed with a couple of know programs including Emsisoft Anti-Malware published by Emsisoft GmbH, Emsisoft Anti-Malware from Emsisoft GmbH and Emsisoft Anti-Malware by Emsisoft GmbH. The file is digitally signed by Emsisoft GmbH which was issued by the DigiCert Inc certificate authority (CA).

DetailsDetails

File name:a2service.exe
Publisher:Emsisoft GmbH
Product name:Emsisoft Anti-Malware
Description:Emsisoft Anti-Malware Service
Typical file path:C:\Program Files\emsisoft anti-malware\a2service.exe
File version:7.0.0.8
Product version:7.0.0.0
Size:2.94 MB (3,084,176 bytes)
Certificate
Issued to:Emsisoft GmbH
Authority (CA):DigiCert Inc
Effective date:Thursday, April 12, 2012
Expiration date:Tuesday, June 16, 2015
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
Emsisoft Anti-Malware
 Emsisoft GmbH
8% remove
Emsisoft Anti-Malware (formerly named a-squared Anti-Malware) is a antivirus and antispyware protection suite developed by Austria-based Emsisoft GmbH. The program makes use of three different security layers and has a dual-engine scanner (BitDefender and Emsisoft's own Anti-Malware scanner) with more than 13 million signatures. Behavior blocker which is developed inhouse since 2005 and is able to detect unknown zero-day attacks without...

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • a2AntiMalware
  • 'a2AntiMalware' (Emsisoft Anti-Malware 6.0 - Service)

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00025573%
0.028634%
Kernel CPU:0.00014260%
0.013761%
User CPU:0.00011313%
0.014873%
Kernel CPU time:565,816 ms/min
100,923,805ms/min
CPU cycles:15,338,166/sec
17,470,203/sec
Memory
Private memory:439.52 MB
21.59 MB
Private (maximum):112.54 MB
Private (minimum):1.74 MB
Non-paged memory:439.52 MB
21.59 MB
Virtual memory:595.32 MB
140.96 MB
Virtual memory (peak):672.5 MB
169.69 MB
Working set:26.72 MB
18.61 MB
Working set (peak):332.71 MB
37.95 MB
Page faults:8,446,867/min
2,039/min
I/O
I/O read transfer:52.29 KB/sec
1.02 MB/min
I/O read operations:9/sec
343/min
I/O write transfer:4.82 KB/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:1.47 MB/sec
448.09 KB/min
I/O other operations:820/sec
1,671/min
Resource allocations
Threads:26
12
Handles:210
600

BehaviorsProcess properties

Integrety level:System
Platform:64-bit
Command line:"C:\Program Files\emsisoft anti-malware\a2service.exe"
Owner:SYSTEM
Windows Service
Service name:a2AntiMalware
Display name:a2AntiMalware
Description:“Scans the PC for unwanted software and provides protection from malicious code”
Type:Win32OwnProcess
Parent process:services.exe (Services and Controller app by Microsoft)

ResourcesThreads

Averages
 
a2service.exe (main module)
Total CPU:0.04884868%
0.272967%
Kernel CPU:0.01868472%
0.107585%
User CPU:0.03016396%
0.165382%
CPU cycles:1,384,393/sec
5,741,424/sec
Memory:3.15 MB
1.16 MB
wow64.dll
Total CPU:0.00000567%
Kernel CPU:0.00000567%
User CPU:0.00000000%
CPU cycles:11/sec
Memory:252 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Microsoft Windows XP 40.00%
Windows 7 Home Premium 30.00%
Windows 8 10.00%
Windows 7 Professional 10.00%
Windows 7 Ultimate 10.00%

Distribution by countryDistribution by country

Slovakia installs about 40.00% of Emsisoft Anti-Malware.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Sony 40.00%
Dell 40.00%
GIGABYTE 20.00%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE