Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

3.1.2838 25.00%
3.1.2710 25.00%
3.1.2416 25.00%
3.1.2248 25.00%

Relationships

Parent process
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
GetTokenInformation, ReportEventW, DeregisterEventSource, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegDeleteValueW, RegCloseKey, SetServiceStatus, CloseServiceHandle, OpenServiceW, OpenSCManagerW, RegDeleteKeyW, RegCreateKeyExW, RegQueryValueExW, RegSetValueExW, RegQueryInfoKeyW, CopySid, GetLengthSid, IsValidSid, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, RegisterEventSourceW, CreateServiceW, DeleteService, ControlService, RegEnumKeyExW, OpenThreadToken, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW, ChangeServiceConfig2W, ChangeServiceConfigW, CryptDecrypt, CryptEncrypt, CryptReleaseContext, CryptDestroyHash, CryptDestroyKey, CryptDeriveKey, CryptHashData, CryptCreateHash, CryptAcquireContextW, RevertToSelf, FreeSid, EqualSid, AllocateAndInitializeSid, ImpersonateLoggedOnUser, DuplicateTokenEx, RegCreateKeyW, CreateProcessAsUserW, QueryServiceStatus
kernel32.dll
LCMapStringW, LCMapStringA, GetStartupInfoW, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, ExitThread, VirtualQuery, GetSystemInfo, VirtualAlloc, VirtualProtect, MoveFileW, RtlUnwind, HeapSize, HeapDestroy, GetThreadLocale, GetLocaleInfoA, GetACP, SetEndOfFile, CreateFileA, GetDriveTypeA, CompareStringW, CompareStringA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetConsoleMode, GetConsoleCP, GetCPInfo, GetStringTypeA, GetStringTypeW, VirtualFree, HeapCreate, ExitProcess, GetStdHandle, GetModuleFileNameA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetOEMCP, IsValidCodePage, GetTimeFormatA, GetDateFormatA, SetEnvironmentVariableA, SetEnvironmentVariableW, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, SetHandleCount, GetFileType, GetStartupInfoA, GetFullPathNameW, GetLastError, CloseHandle, GetCurrentProcess, CreateEventW, lstrlenW, WaitForSingleObject, RaiseException, InitializeCriticalSection, DeleteCriticalSection, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, lstrcmpiW, GetModuleFileNameW, GetCurrentThread, Sleep, CreateThread, GetModuleHandleW, GetCurrentThreadId, InterlockedIncrement, InterlockedDecrement, SetEvent, FreeLibrary, MultiByteToWideChar, LoadLibraryExW, GetCommandLineW, EnterCriticalSection, LeaveCriticalSection, TerminateThread, FileTimeToSystemTime, FileTimeToLocalFileTime, FlushFileBuffers, WriteFile, CreateFileW, ReadFile, GetFileSize, DeleteFileW, FindClose, FindNextFileW, FindFirstFileW, CopyFileW, CreateDirectoryW, SetThreadPriority, GetTickCount, ResetEvent, WaitForMultipleObjects, GetThreadPriority, lstrlenA, GetProcAddress, LoadLibraryW, FormatMessageW, LocalFree, GetUserDefaultLangID, SetFileAttributesW, WideCharToMultiByte, SystemTimeToFileTime, GetSystemTime, LocalFileTimeToFileTime, GetLocalTime, GetTimeZoneInformation, GetVersionExW, ExpandEnvironmentStringsW, OpenProcess, GetDriveTypeW, SetFilePointer, GetCurrentProcessId, QueryPerformanceCounter, CancelWaitableTimer, CreateWaitableTimerW, SetWaitableTimer, GetProcessHeap, HeapFree, LoadLibraryA, HeapAlloc, GetSystemDirectoryA, HeapReAlloc, GetModuleHandleA, GetVersionExA, ReleaseMutex, GetCurrentDirectoryA, InterlockedExchange, GetSystemTimeAsFileTime, SetThreadExecutionState, GetSystemPowerStatus, CreateMutexW, VerifyVersionInfoW, VerSetConditionMask
ole32.dll
OleRun, CoInitializeEx, CoDisconnectObject, CoInitializeSecurity, CoCreateInstance, StringFromGUID2, CoTaskMemFree, CoRegisterClassObject, CoRevokeClassObject, CoTaskMemRealloc, CoTaskMemAlloc, CoUninitialize, CoInitialize
psapi.dll
EmptyWorkingSet
sbap.dll
SBAPSetUserKnownEntityCallback, SBAPClearCache, SBAPSetExtensionList, SBAPStartETW, SBAPStopETW, SBAPIsStarted, SBAPSetMonitorAction, SBAPSetMonitorActive, SBAPSetPromptCallback, SBAPSetNotifyCallback, SBAPSetReportCallback, SBAPSetLoggerCallback, SBAPStop, SBAPIsETWRunning, SBAPUninstallDriver, SBAPStart, SBAPAddAllowedPid
sbsdkxml.dll
_GetNVCollectionFactory@0, _GetAPEventSettingsFactory@0, _GetSystemEventSettingsFactory@0, _GetThreatEngineSettingsFactory@0, _GetNVScanResultsFactory@0, _GetQuarantineFileFactory@0, _GetQuarantineRecordFactory@0, _GetSoftwareUpdateSettingsFactory@0, _GetDefinitionUpdateSettingsFactory@0, _GetWSCSettingsFactory@0, _GetActiveProtectionSettingsFactory@0, _GetRegistrationSettingsFactory@0, _GetEmailAVSettingsFactory@0, _GetServiceSettingsFactory@0, _GetEmailAVEventSettingsFactory@0
sbte.dll
SBCSSetQuarantineActionCallbackW, SBCSEnableAV, SBCSEncryptFileW, SBCSCloseThreatEngine, SBCSSetLoggerCallbackW, SBCSOpenThreatEngineW, SBCSDeleteThreatW, SBCSQuarantineFileW, SBCSQuarantineFile2W, SBCSQuarantineBufferW, SBCSGetQuarantineRecordW, SBCSGetQuarantineRecordSizeW, SBCSQueryQuarantineIDW, SBCSRunScanner, SBCSGetScannerResultsSizeW, SBCSGetScannerResultsW, SBCSUnquarantineThreatW, SBCSQueryThreatDataW, SBCSApplyDefinitionUpdateW, SBCSGetDefReleaseDateW, SBCSGetDefVersionW, SBCSScanBuffer, SBCSRegisterBootTimeScanner, SBCSUnRegisterBootTimeScanner, SBCSGetBootTimeRegistrationStatus, SBCSSetCleanerProgressCallbackW, SBCSSetScanProgressStateCallback, SBCSSetScanProgressDetailCallbackW, SBCSScanFileTrace, SBCSGetFileSignatureW, SBCSPurgeQuarantine, SBCSAddPathToScanW, SBCSClearPathsToScan, SBCSSetScanOption, SBCSSetScanDescriptionW, SBCSSetLowRiskThreatDetection, SBCSResetScanOptions, SBCSAddUserKnownEntity, SBCSClearUserKnownEntityList, SBCSGetCleanerResultsW, SBCSGetCleanerResultsSizeW, SBCSRunCleanerW, SBCSAddThreatCategoryActionW, SBCSClearThreatCategoryActions, SBCSAddIgnoredThreat, SBCSClearIgnoredThreats
shell32.dll
SHCreateDirectoryExW, SHGetFolderPathW
shlwapi.dll
PathFileExistsW, PathRemoveFileSpecW
spursdownload.dll
ThreatUpdate, ThreatUpdateViaProxy, SetSpursLoggingCallback, ProxyGetNextVersionNumber, SpursProxyDownload, SpursDownload, GetNextVersionNumber
user32.dll
TranslateMessage, DispatchMessageW, GetMessageW, CharNextW, PostThreadMessageW, LoadStringW, CharUpperW, MessageBoxW, PeekMessageW, MsgWaitForMultipleObjects, UnregisterClassA, GetSystemMetrics, wsprintfW
version.dll
GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
winhttp.dll
WinHttpReadData, WinHttpSetCredentials, WinHttpQueryAuthSchemes, WinHttpQueryHeaders, WinHttpReceiveResponse, WinHttpSendRequest, WinHttpOpenRequest, WinHttpCloseHandle, WinHttpConnect, WinHttpOpen, WinHttpQueryDataAvailable
winmm.dll
timeGetTime
ws2_32.dll
WSACloseEvent, WSASend, WSAGetOverlappedResult, WSAEnumNetworkEvents, WSAConnect, WSARecv, WSAResetEvent, WSAEventSelect, WSASocketW, WSACreateEvent, WSASetEvent

SBAMSvc.exe

Sunbelt AntiMalware Common SDK Merge Module by SUNBELT SOFTWARE DISTRIBUTION (Signed)

Remove SBAMSvc.exe
Version:   3.1.2838
MD5:   6880216a707fb4061b96d18b7c7e3ef1
SHA1:   61082486c0a379e1cb2c04e51b2f4154d79ea664
SHA256:   7f1960eb3c5902e9e959d52b6b1c5ebdd5012d83b68b936bfb9520944beb5f4f

Overview

sbamsvc.exe runs as a service under the name AntiMalware (SBAMSvc) with extensive SYSTEM privileges (full administrator access). The file is digitally signed by SUNBELT SOFTWARE DISTRIBUTION which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:sbamsvc.exe
Publisher:Sunbelt Software
Product name:Sunbelt AntiMalware Common SDK Merge Module
Description:Sunbelt Software Anti Malware Service
Typical file path:C:\Program Files\common files\antivirus\sbamsvc.exe
File version:3.1.2838
Size:988.32 KB (1,012,040 bytes)
Certificate
Issued to:SUNBELT SOFTWARE DISTRIBUTION
Authority (CA):VeriSign
Effective date:Sunday, October 22, 2006
Expiration date:Thursday, October 22, 2009
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'SBAMSvc' (AntiMalware)

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.08631558%
0.028634%
Kernel CPU:0.03707195%
0.013761%
User CPU:0.04924364%
0.014873%
Kernel CPU time:11,466 ms/min
100,923,805ms/min
Memory
Private memory:21.18 MB
21.59 MB
Private (maximum):26.39 MB
Private (minimum):12.56 MB
Non-paged memory:21.18 MB
21.59 MB
Virtual memory:111 MB
140.96 MB
Virtual memory (peak):113.55 MB
169.69 MB
Working set:26.39 MB
18.61 MB
Working set (peak):26.52 MB
37.95 MB
Resource allocations
Threads:12
12
Handles:361
600

BehaviorsProcess properties

Integrety level:System
Platform:32-bit
Command line:"C:\Program Files\ascentive\spyware striker\sbamsvc.exe"
Owner:SYSTEM
Windows Service
Service name:SBAMSvc
Display name:AntiMalware
Description:“Manages your antispyware and antivirus application”
Type:Win32OwnProcess
Parent process:services.exe (Services and Controller app by Microsoft)

ResourcesThreads

Averages
 
ADVAPI32.dll
Total CPU:2.12972782%
0.272967%
Kernel CPU:1.62483545%
0.107585%
User CPU:0.50489237%
0.165382%
CPU cycles:42,960,118/sec
5,741,424/sec
Memory:792 KB
1.16 MB
SBAMSvc.exe (main module)
Total CPU:0.01655815%
Kernel CPU:0.01149376%
User CPU:0.00506439%
CPU cycles:281,436/sec
Memory:984 KB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 25.00%
Windows Vista Home Premium 25.00%
Microsoft Windows XP 25.00%
Windows Vista Home Basic 25.00%

Distribution by countryDistribution by country

United States installs about 100.00% of Sunbelt AntiMalware Common SDK Merge Module.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 100.00%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE