Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

3.1.2838 25.00%
3.1.2710 25.00%
3.1.2416 25.00%
3.1.2248 25.00%

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
GetTokenInformation, ReportEventW, DeregisterEventSource, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegDeleteValueW, RegCloseKey, SetServiceStatus, CloseServiceHandle, OpenServiceW, OpenSCManagerW, RegDeleteKeyW, RegCreateKeyExW, RegQueryValueExW, RegSetValueExW, RegQueryInfoKeyW, CopySid, GetLengthSid, IsValidSid, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, RegisterEventSourceW, CreateServiceW, DeleteService, ControlService, RegEnumKeyExW, OpenThreadToken, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW, ChangeServiceConfig2W, ChangeServiceConfigW, CryptDecrypt, CryptEncrypt, CryptReleaseContext, CryptDestroyHash, CryptDestroyKey, CryptDeriveKey, CryptHashData, CryptCreateHash, CryptAcquireContextW, RevertToSelf, FreeSid, EqualSid, AllocateAndInitializeSid, ImpersonateLoggedOnUser, DuplicateTokenEx, RegCreateKeyW, CreateProcessAsUserW, QueryServiceStatus
kernel32.dll
LCMapStringW, LCMapStringA, GetStartupInfoW, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, ExitThread, VirtualQuery, GetSystemInfo, VirtualAlloc, VirtualProtect, MoveFileW, RtlUnwind, HeapSize, HeapDestroy, GetThreadLocale, GetLocaleInfoA, GetACP, SetEndOfFile, CreateFileA, GetDriveTypeA, CompareStringW, CompareStringA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetConsoleMode, GetConsoleCP, GetCPInfo, GetStringTypeA, GetStringTypeW, VirtualFree, HeapCreate, ExitProcess, GetStdHandle, GetModuleFileNameA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetOEMCP, IsValidCodePage, GetTimeFormatA, GetDateFormatA, SetEnvironmentVariableA, SetEnvironmentVariableW, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, SetHandleCount, GetFileType, GetStartupInfoA, GetFullPathNameW, GetLastError, CloseHandle, GetCurrentProcess, CreateEventW, lstrlenW, WaitForSingleObject, RaiseException, InitializeCriticalSection, DeleteCriticalSection, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, lstrcmpiW, GetModuleFileNameW, GetCurrentThread, Sleep, CreateThread, GetModuleHandleW, GetCurrentThreadId, InterlockedIncrement, InterlockedDecrement, SetEvent, FreeLibrary, MultiByteToWideChar, LoadLibraryExW, GetCommandLineW, EnterCriticalSection, LeaveCriticalSection, TerminateThread, FileTimeToSystemTime, FileTimeToLocalFileTime, FlushFileBuffers, WriteFile, CreateFileW, ReadFile, GetFileSize, DeleteFileW, FindClose, FindNextFileW, FindFirstFileW, CopyFileW, CreateDirectoryW, SetThreadPriority, GetTickCount, ResetEvent, WaitForMultipleObjects, GetThreadPriority, lstrlenA, GetProcAddress, LoadLibraryW, FormatMessageW, LocalFree, GetUserDefaultLangID, SetFileAttributesW, WideCharToMultiByte, SystemTimeToFileTime, GetSystemTime, LocalFileTimeToFileTime, GetLocalTime, GetTimeZoneInformation, GetVersionExW, ExpandEnvironmentStringsW, OpenProcess, GetDriveTypeW, SetFilePointer, GetCurrentProcessId, QueryPerformanceCounter, CancelWaitableTimer, CreateWaitableTimerW, SetWaitableTimer, GetProcessHeap, HeapFree, LoadLibraryA, HeapAlloc, GetSystemDirectoryA, HeapReAlloc, GetModuleHandleA, GetVersionExA, ReleaseMutex, GetCurrentDirectoryA, InterlockedExchange, GetSystemTimeAsFileTime, SetThreadExecutionState, GetSystemPowerStatus, CreateMutexW, VerifyVersionInfoW, VerSetConditionMask
ole32.dll
OleRun, CoInitializeEx, CoDisconnectObject, CoInitializeSecurity, CoCreateInstance, StringFromGUID2, CoTaskMemFree, CoRegisterClassObject, CoRevokeClassObject, CoTaskMemRealloc, CoTaskMemAlloc, CoUninitialize, CoInitialize
psapi.dll
EmptyWorkingSet
sbap.dll
SBAPSetUserKnownEntityCallback, SBAPClearCache, SBAPSetExtensionList, SBAPStartETW, SBAPStopETW, SBAPIsStarted, SBAPSetMonitorAction, SBAPSetMonitorActive, SBAPSetPromptCallback, SBAPSetNotifyCallback, SBAPSetReportCallback, SBAPSetLoggerCallback, SBAPStop, SBAPIsETWRunning, SBAPUninstallDriver, SBAPStart, SBAPAddAllowedPid
sbsdkxml.dll
_GetNVCollectionFactory@0, _GetAPEventSettingsFactory@0, _GetSystemEventSettingsFactory@0, _GetThreatEngineSettingsFactory@0, _GetNVScanResultsFactory@0, _GetQuarantineFileFactory@0, _GetQuarantineRecordFactory@0, _GetSoftwareUpdateSettingsFactory@0, _GetDefinitionUpdateSettingsFactory@0, _GetWSCSettingsFactory@0, _GetActiveProtectionSettingsFactory@0, _GetRegistrationSettingsFactory@0, _GetEmailAVSettingsFactory@0, _GetServiceSettingsFactory@0, _GetEmailAVEventSettingsFactory@0
sbte.dll
SBCSSetQuarantineActionCallbackW, SBCSEnableAV, SBCSEncryptFileW, SBCSCloseThreatEngine, SBCSSetLoggerCallbackW, SBCSOpenThreatEngineW, SBCSDeleteThreatW, SBCSQuarantineFileW, SBCSQuarantineFile2W, SBCSQuarantineBufferW, SBCSGetQuarantineRecordW, SBCSGetQuarantineRecordSizeW, SBCSQueryQuarantineIDW, SBCSRunScanner, SBCSGetScannerResultsSizeW, SBCSGetScannerResultsW, SBCSUnquarantineThreatW, SBCSQueryThreatDataW, SBCSApplyDefinitionUpdateW, SBCSGetDefReleaseDateW, SBCSGetDefVersionW, SBCSScanBuffer, SBCSRegisterBootTimeScanner, SBCSUnRegisterBootTimeScanner, SBCSGetBootTimeRegistrationStatus, SBCSSetCleanerProgressCallbackW, SBCSSetScanProgressStateCallback, SBCSSetScanProgressDetailCallbackW, SBCSScanFileTrace, SBCSGetFileSignatureW, SBCSPurgeQuarantine, SBCSAddPathToScanW, SBCSClearPathsToScan, SBCSSetScanOption, SBCSSetScanDescriptionW, SBCSSetLowRiskThreatDetection, SBCSResetScanOptions, SBCSAddUserKnownEntity, SBCSClearUserKnownEntityList, SBCSGetCleanerResultsW, SBCSGetCleanerResultsSizeW, SBCSRunCleanerW, SBCSAddThreatCategoryActionW, SBCSClearThreatCategoryActions, SBCSAddIgnoredThreat, SBCSClearIgnoredThreats
shell32.dll
SHCreateDirectoryExW, SHGetFolderPathW
shlwapi.dll
PathFileExistsW, PathRemoveFileSpecW
spursdownload.dll
ThreatUpdate, ThreatUpdateViaProxy, SetSpursLoggingCallback, ProxyGetNextVersionNumber, SpursProxyDownload, SpursDownload, GetNextVersionNumber
user32.dll
TranslateMessage, DispatchMessageW, GetMessageW, CharNextW, PostThreadMessageW, LoadStringW, CharUpperW, MessageBoxW, PeekMessageW, MsgWaitForMultipleObjects, UnregisterClassA, GetSystemMetrics, wsprintfW
version.dll
GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
winhttp.dll
WinHttpReadData, WinHttpSetCredentials, WinHttpQueryAuthSchemes, WinHttpQueryHeaders, WinHttpReceiveResponse, WinHttpSendRequest, WinHttpOpenRequest, WinHttpCloseHandle, WinHttpConnect, WinHttpOpen, WinHttpQueryDataAvailable
winmm.dll
timeGetTime
ws2_32.dll
WSACloseEvent, WSASend, WSAGetOverlappedResult, WSAEnumNetworkEvents, WSAConnect, WSARecv, WSAResetEvent, WSAEventSelect, WSASocketW, WSACreateEvent, WSASetEvent

SBAMSvc.exe

Sunbelt AntiMalware Common SDK Merge Module by SUNBELT SOFTWARE DISTRIBUTION (Signed)

Remove SBAMSvc.exe
Version:   3.1.2416
MD5:   2124a1b885cec34611a01151ebb6b402
SHA1:   4f1e1c38d51a4a94921b8a854b12a2151cb94d89
SHA256:   48ec3c6f34749d6d645823ebf7f2f1dcf964b5dce98665d4a1353d1f54a36186

Overview

sbamsvc.exe runs as a service under the name AntiMalware (SBAMSvc) with extensive SYSTEM privileges (full administrator access). It is installed with a couple of know programs including Spyware Striker published by Ascentive and Spyware Striker published by Ascentive. The file is digitally signed by SUNBELT SOFTWARE DISTRIBUTION which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:sbamsvc.exe
Publisher:Sunbelt Software
Product name:Sunbelt AntiMalware Common SDK Merge Module
Description:Sunbelt Software Anti Malware Service
Typical file path:C:\Program Files\common files\antivirus\sbamsvc.exe
File version:3.1.2416
Size:865.29 KB (886,056 bytes)
Certificate
Issued to:SUNBELT SOFTWARE DISTRIBUTION
Authority (CA):VeriSign
Effective date:Sunday, October 22, 2006
Expiration date:Thursday, October 22, 2009
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
Ascentive
  53% remove
From the site: "The free download of Ascentive’s Registry Cleaner, Anti-Malware Software, and other trial products are intended to find issues, errors, threats, junk, and clutter that can be removed by single or multiple Ascentive products after paid activation. The free scans do not require payment and are set to run automatically every 7 days for your convenience. Uninstall is easy and can be done at any time using “Add/Remove Program...

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'SBAMSvc' (AntiMalware)

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00201098%
0.028634%
Kernel CPU:0.00104388%
0.013761%
User CPU:0.00096710%
0.014873%
Kernel CPU time:242,000 ms/min
100,923,805ms/min
Context switches:14/sec
284/sec
Memory
Private memory:38.19 MB
21.59 MB
Private (maximum):53.54 MB
Private (minimum):76 KB
Non-paged memory:38.19 MB
21.59 MB
Virtual memory:127.23 MB
140.96 MB
Virtual memory (peak):257.61 MB
169.69 MB
Working set:31.35 MB
18.61 MB
Working set (peak):162.85 MB
37.95 MB
Page faults:11,331,516/min
2,039/min
I/O
I/O read transfer:14.19 MB/sec
1.02 MB/min
I/O read operations:9,153/sec
343/min
I/O write transfer:1.04 MB/sec
274.99 KB/min
I/O write operations:200/sec
227/min
I/O other transfer:170.69 KB/sec
448.09 KB/min
I/O other operations:3,660/sec
1,671/min
Resource allocations
Threads:12
12
Handles:427
600
GUI GDI count:22
103
GUI USER count:9
49

BehaviorsProcess properties

Integrety level:Undefined
Platform:32-bit
Command line:"C:\Program Files\common files\antivirus\sbamsvc.exe"
Owner:SYSTEM
Windows Service
Service name:SBAMSvc
Display name:AntiMalware
Description:“Manages your antispyware and antivirus application”
Type:Win32OwnProcess
Parent process:services.exe (Services and Controller app by Microsoft)

ResourcesThreads

Averages
 
SBAMSvc.exe (main module)
Total CPU:0.41764909%
0.272967%
Kernel CPU:0.05146555%
0.107585%
User CPU:0.36618354%
0.165382%
Context switches:2/sec
79/sec
Memory:872 KB
1.16 MB
advapi32.dll (Advanced Windows 32 Base API by Microsoft)
Total CPU:0.00663315%
Kernel CPU:0.00313286%
User CPU:0.00350029%
Memory:620 KB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 25.00%
Windows Vista Home Premium 25.00%
Microsoft Windows XP 25.00%
Windows Vista Home Basic 25.00%

Distribution by countryDistribution by country

United States installs about 100.00% of Sunbelt AntiMalware Common SDK Merge Module.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 100.00%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE