Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

5.0.5116 90.00%
5.0.4464 10.00%

Relationships

Parent process
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
ReportEventW, RegCloseKey, RegDeleteValueW, RegOpenKeyExW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, SetServiceStatus, DeregisterEventSource, RegisterEventSourceW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, RegCreateKeyExW, RegDeleteKeyW, RegQueryValueExW, RegSetValueExW, RegQueryInfoKeyW, CopySid, GetLengthSid, IsValidSid, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, GetTokenInformation, CreateServiceW, DeleteService, ControlService, RegEnumKeyExW, OpenThreadToken, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW, QueryServiceStatus, ChangeServiceConfig2W, ChangeServiceConfigW, CloseEventLog, CryptDestroyHash, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptReleaseContext, CryptAcquireContextW, RevertToSelf, CreateProcessAsUserW, ImpersonateLoggedOnUser, DuplicateTokenEx, AddAccessAllowedAce, InitializeAcl, MakeSelfRelativeSD, FreeSid, AllocateAndInitializeSid, RegCreateKeyW, EqualSid, CryptDecrypt, CryptEncrypt, CryptDestroyKey, CryptDeriveKey, RegEnumValueW
kernel32.dll
DllMain
ole32.dll
CoRegisterClassObject, CoTaskMemRealloc, CoInitialize, CoUninitialize, CoRevokeClassObject, CoTaskMemFree, StringFromGUID2, CoCreateInstance, CoAddRefServerProcess, CoReleaseServerProcess, CoInitializeSecurity, CoDisconnectObject, CoInitializeEx, CoCreateGuid, CoSetProxyBlanket, OleRun, CoTaskMemAlloc
psapi.dll
EmptyWorkingSet, GetModuleFileNameExW
sbap.dll
SBAPStartVolumeWatcher, SBAPStopVolumeWatcher, SBAPStart, SBAPSetExtensionList, SBAPIsStarted, SBAPStartETW, SBAPStopETW, SBAPSetPromptCallback, SBAPSetNotifyCallback, SBAPSetReportCallback, SBAPStop, SBAPSetLoggerCallback, SBAPClearCache, SBAPSetMonitorAction, SBAPSetMonitorActive, SBAPAddAllowedPid, SBAPIsETWRunning, SBAPSetUserKnownEntityCallback, SBAPUninstallDriver
sbhips.dll
SBHIPS_GetState, SBHIPS_Start, SBHIPS_Resume, SBHIPS_ClearProgramList, SBHIPS_Stop, SBHIPS_AddProgram, SBHIPS_Pause
sbte.dll
SBCSSetStringOption, SBCSGetScannerResultsW, SBCSGetScannerResultsSizeW, SBCSRunScanner, SBCSIsFileGood, SBCSClearUserKnownEntityList, SBCSAddUserKnownEntity, SBCSSetScanProgressDetailCallbackW, SBCSResetScanOptions, SBCSSetScanProgressStateCallback, SBCSSetCleanerProgressCallbackW, SBCSGetBootTimeRegistrationStatus, SBCSUnRegisterBootTimeScanner, SBCSRegisterBootTimeScanner, SBCSScanBuffer, SBCSApplyDefinitionUpdateW, SBCSSetScanDescriptionW, SBCSGetDefReleaseDateW, SBCSScanFileTrace, SBCSQueryThreatDataW, SBCSUnquarantineThreatW, SBCSQueryQuarantineIDW, SBCSGetQuarantineRecordSizeW, SBCSGetQuarantineRecordW, SBCSQuarantineBufferW, SBCSSetScanOption, SBCSEnableFileCache, SBCSClearPathsToScan, SBCSQuarantineFile2W, SBCSQuarantineFileW, SBCSDeleteThreatW, SBCSPurgeQuarantine, SBCSSetLoggerCallbackW, SBCSOpenThreatEngineW, SBCSSetQuarantineActionCallbackW, SBCSEnableAV, SBCSEncryptFileW, SBCSCloseThreatEngine, SBCSAddPathToScanW, SBCSSetLowRiskThreatDetection, SBCSEnableRootkitEngine, SBCSClearIgnoredThreats, SBCSAddIgnoredThreat, SBCSGetFileSignatureW, SBCSClearThreatCategoryActions, SBCSAddThreatCategoryActionW, SBCSRunCleanerW, SBCSGetCleanerResultsSizeW, SBCSGetCleanerResultsW, SBCSGetDefVersionW
shell32.dll
SHGetFolderPathW, SHGetSpecialFolderPathW, ShellExecuteExA, ShellExecuteExW, SHCreateDirectoryExW
shlwapi.dll
PathRemoveFileSpecW, UrlGetPartW, PathAppendW, PathFileExistsW
spursdownload.dll
SpursProxyDownload, SetSpursLoggingCallback, ThreatUpdateViaProxy, ThreatUpdate, GetNextVersionNumber, ProxyGetNextVersionNumber, SpursDownload
user32.dll
DispatchMessageW, GetMessageW, PostThreadMessageW, LoadStringW, CharNextW, CharUpperW, MessageBoxW, GetSystemMetrics, PeekMessageW, MsgWaitForMultipleObjects, wsprintfW, TranslateMessage
userenv.dll
GetDefaultUserProfileDirectoryW, CreateEnvironmentBlock, DestroyEnvironmentBlock
version.dll
GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
winhttp.dll
WinHttpSetCredentials, WinHttpConnect, WinHttpQueryDataAvailable, WinHttpReadData, WinHttpQueryAuthSchemes, WinHttpQueryHeaders, WinHttpOpen, WinHttpCloseHandle, WinHttpReceiveResponse, WinHttpSendRequest, WinHttpOpenRequest
winmm.dll
timeGetTime
ws2_32.dll
FreeAddrInfoW, WSASocketW, WSAGetOverlappedResult, WSACreateEvent, WSASetEvent, WSAEventSelect, WSAConnect, WSAEnumNetworkEvents, WSASend, WSAResetEvent, WSARecv, WSACloseEvent, GetAddrInfoW

SBAMSvc.exe

GFI AntiMalware Common SDK Merge Module by GFI Software Development Ltd. (Signed)

Remove SBAMSvc.exe
Version:   5.0.5116
MD5:   bce943896289a91ad75cc5652620b1c6
SHA1:   f985e4839c8e2d30368040f9632b57083396c490
SHA256:   6d261602c210888dd26215115a43fdca29a96ffe649abf0b7e67080b7deaeced

What is SBAMSvc.exe?

GFI Software Anti Malware Service - GFI/VIPRE Antivirus combines antispyware and antivirus together which detects and removes viruses, spyware, rootkits, bots, Trojans and all other types of malware.

About SBAMSvc.exe (from GFI Software Development Ltd.)

Get everything you need to protect your PC with Vipre Internet Security. This anti-malware solution includes a firewall and spam blocker for highly efficient online security that won't slow down your

DetailsDetails

File name:sbamsvc.exe
Publisher:GFI Software
Product name:GFI AntiMalware Common SDK Merge Module
Description:GFI Software Anti Malware Service
Typical file path:C:\Program Files\ad-aware antivirus\sbamsvc.exe
File version:5.0.5116
Size:3.14 MB (3,289,032 bytes)
Certificate
Issued to:GFI Software Development Ltd.
Authority (CA):VeriSign
Digital DNA
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
GFI Software
8% remove
Vipre Antivirus is the essential antivirus software that protects against over 100,000 new web threats every day without slowing down your computer. It also eliminates conflicts during installation with Vipre Easy Install, protects against email viruses and phishing scams and scans USB sticks and other removable drives for malicious software. Vipre Antivirus keeps your personal and financial information safe from identity theft, cybercr...
GFI Software
10% remove
VIPRE Internet Security is the award-winning antivirus software that includes a firewall, a spam filter and bad website blocking into one powerful solution for complete protection against malware. From a two-way firewall that keeps away malicious Internet traffic to VIPRE® Easy Update™ that automatically updates out-of-date software, VIPRE Internet Security 2013 features provide complete PC security. Updates the most common cause of PC ...

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'SBAMSvc' (VIPRE Internet Security)
  • SBAMSvc

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00622319%
0.028634%
Kernel CPU:0.00232273%
0.013761%
User CPU:0.00390045%
0.014873%
Kernel CPU time:56,107 ms/min
100,923,805ms/min
CPU cycles:21,031,427/sec
17,470,203/sec
Context switches:40/sec
284/sec
Memory
Private memory:62.93 MB
21.59 MB
Private (maximum):49.67 MB
Private (minimum):3.87 MB
Non-paged memory:62.93 MB
21.59 MB
Virtual memory:237.88 MB
140.96 MB
Virtual memory (peak):360.42 MB
169.69 MB
Working set:17.88 MB
18.61 MB
Working set (peak):164.82 MB
37.95 MB
Page faults:7,158,417/min
2,039/min
I/O
I/O read transfer:12.16 MB/sec
1.02 MB/min
I/O read operations:281/sec
343/min
I/O write transfer:8.55 MB/sec
274.99 KB/min
I/O write operations:584/sec
227/min
I/O other transfer:539.89 KB/sec
448.09 KB/min
I/O other operations:2,068/sec
1,671/min
Resource allocations
Threads:37
12
Handles:491
600

BehaviorsProcess properties

Integrety level:System
Platform:64-bit
Command lines:
  • "C:\Program Files\ad-aware antivirus\sbamsvc.exe"
  • "C:\Program Files\gfi software\vipre\sbamsvc.exe"
Owner:SYSTEM
Windows Service
Service name:SBAMSvc
Display name:VIPRE Internet Security
Description:“Manages your antispyware and antivirus application”
Type:Win32OwnProcess
Parent process:services.exe (Services and Controller app by Microsoft)

ResourcesThreads

Averages
 
SBAMSvc.exe (main module)
Total CPU:0.06432527%
0.272967%
Kernel CPU:0.01384010%
0.107585%
User CPU:0.05048517%
0.165382%
CPU cycles:1,532,321/sec
5,741,424/sec
Context switches:1/sec
79/sec
Memory:3.16 MB
1.16 MB
wow64.dll
Total CPU:0.00751481%
Kernel CPU:0.00601185%
User CPU:0.00150296%
CPU cycles:265,797/sec
Memory:252 KB
sbap.dll (GFI AntiMalware Common SDK Merge Module by GFI Software)
Total CPU:0.00168727%
Kernel CPU:0.00072698%
User CPU:0.00096030%
CPU cycles:35,279/sec
Memory:576 KB
ntdll.dll
Total CPU:0.00118098%
Kernel CPU:0.00000000%
User CPU:0.00118098%
CPU cycles:7,099/sec
Memory:1.66 MB
ADVAPI32.dll
Total CPU:0.00043216%
Kernel CPU:0.00019644%
User CPU:0.00023573%
CPU cycles:8,419/sec
Memory:792 KB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 40.00%
Windows 7 Professional 30.00%
Windows Vista Home Premium 20.00%
Windows 7 Ultimate 10.00%

Distribution by countryDistribution by country

United States installs about 70.00% of GFI AntiMalware Common SDK Merge Module.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 100.00%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE