Should I block it?

No, this file is 100% safe to run.

Additional versions

4.06	50.00%
4.06	37.50%
4.04	12.50%

Relationships

Parent process

services.exe (Services and Controller app by Microsoft)

Related files

PE file structure

Show functions

Import table

advapi32.dll

SetServiceStatus, EnumServicesStatusW, QueryServiceConfigW, QueryServiceConfig2W, QueryServiceStatusEx, CloseServiceHandle, StartServiceW, CryptAcquireContextW, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, CryptReleaseContext, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, DuplicateToken, SetThreadToken, OpenThreadToken, GetLengthSid, AddAccessAllowedAce, GetTokenInformation, GetSecurityDescriptorSacl, SetSecurityInfo, DuplicateTokenEx, SetTokenInformation, CreateProcessAsUserW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RevertToSelf, ConvertStringSecurityDescriptorToSecurityDescriptorW, LookupPrivilegeValueW, OpenProcessToken, AdjustTokenPrivileges, ConvertStringSidToSidW, LookupAccountSidW, RegOpenKeyExW, OpenEventLogW, ReportEventW, ControlService, OpenServiceW, OpenSCManagerW, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW, RegCloseKey, RegQueryValueExW

crypt32.dll

CryptUnprotectData, CryptProtectData

gdi32.dll

GetDeviceCaps, CreateFontW, SelectObject, SetBkColor, SetTextColor, TextOutW, CreateSolidBrush

kernel32.dll

MulDiv, GetModuleFileNameW, SuspendThread, DeleteCriticalSection, TryEnterCriticalSection, CreateMutexW, CreateProcessW, OpenMutexW, DefineDosDeviceW, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetStartupInfoA, QueueUserWorkItem, CancelIo, HeapCreate, GetSystemWindowsDirectoryW, HeapReAlloc, GetFileAttributesW, CopyFileW, SetFileAttributesW, SetEndOfFile, OpenFileMappingW, DeleteFileW, SetUnhandledExceptionFilter, VirtualAlloc, ExitProcess, RaiseException, VirtualFree, InitializeCriticalSectionAndSpinCount, InterlockedExchange, GetCurrentThreadId, LeaveCriticalSection, OutputDebugStringW, EnterCriticalSection, InterlockedCompareExchange, InterlockedIncrement, SetCurrentDirectoryW, InterlockedDecrement, HeapAlloc, GetProcessHeap, GetPrivateProfileStringW, GetFullPathNameW, GlobalFree, GlobalUnlock, GlobalLock, Sleep, GetEnvironmentVariableW, GetLastError, HeapFree, GetCommandLineW, GetSystemInfo, GetModuleHandleW, InitializeCriticalSection, TerminateThread, WaitForMultipleObjects, CloseHandle, TerminateProcess, GetProcessTimes, OpenProcess, WaitForSingleObject, GlobalAlloc, DuplicateHandle, ReadProcessMemory, WriteProcessMemory, VirtualAllocEx, SetLastError, VirtualProtectEx, WriteFile, SetFilePointer, CreateFileW, LocalFree, GetProcAddress, LockResource, LoadResource, SizeofResource, FindResourceW, GetLocalTime, LocalAlloc, SetThreadPriority, GetCurrentThread, GetCurrentProcess, GetVersionExW, CreateThread, GetTickCount, TlsSetValue, TlsGetValue, ProcessIdToSessionId, OpenThread, TlsAlloc, GetCurrentProcessId, CreateEventW, ResetEvent, SetInformationJobObject, CreateJobObjectW, QueryInformationJobObject, AssignProcessToJobObject, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, UnregisterWait, GetConsoleWindow, LoadLibraryW, GlobalSize, IsProcessInJob, RegisterWaitForSingleObject, GetConsoleProcessList, SetEvent, AllocConsole, OpenEventW, ResumeThread, GetWindowsDirectoryW

msvcrt.dll

DllMain

netapi32.dll

NetUseAdd

ntdll.dll

NtWriteFile, NtClose, NtSetInformationThread, NtDuplicateToken, NtFilterToken, NtQueryInformationToken, NtOpenProcessToken, NtOpenThreadToken, NtRequestPort, NtUnloadKey, NtOpenKey, RtlInitUnicodeString, LdrFindEntryForAddress, NtOpenFile, RtlNtStatusToDosError, NtAllocateVirtualMemory, NtDuplicateObject, NtOpenProcess, NtRequestWaitReplyPort, NtConnectPort, RtlCreateSecurityDescriptor, RtlSetDaclSecurityDescriptor, NtSetInformationFile, NtQueryDirectoryFile, NtCreateFile, NtQueryInformationFile, NtCreatePort, NtReadFile, NtLoadKey, NtOpenDirectoryObject, NtSetInformationProcess, NtQueryInformationProcess, NtImpersonateClientOfPort, NtAcceptConnectPort, NtCompleteConnectPort, NtLoadDriver, RtlInitString, NtReplyWaitReceivePort

ole32.dll

CoRevokeClassObject, CoRegisterClassObject, CoInitialize, CoTaskMemFree, CoInitializeEx, CoInitializeSecurity, CoMarshalInterface, CoCopyProxy, CoSetProxyBlanket, CoQueryProxyBlanket, CreateStreamOnHGlobal, CoUnmarshalInterface, StringFromGUID2, CoGetObject, CoGetClassObject

sbiedll.dll

_SbieApi_QueryConfBool@12, SbieApi_LogEx, _SbieApi_GetUnmountHive@4, _SbieApi_EnumProcessEx@16, _SbieApi_QueryProcess@20, _SbieApi_CallOne@8, _SbieApi_GetHomePath@16, _SbieApi_SetUserName@8, _SbieDll_GetServiceRegistryValue@12, _SbieDll_FormatMessage2@12, _SbieApi_GetWork@12, _SbieApi_CallZero@4, _SbieApi_GetVersion@4, _SbieDll_PortName@0, _SbieDll_FreeMem@4, _SbieDll_QueuePutRpl@16, _SbieDll_QueueGetReq@24, _SbieApi_IsBoxEnabled@4, _SbieApi_QueryPathList@16, _SbieDll_KillOne@4, _SbieApi_QueryProcessEx2@28, _SbieDll_QueueCreate@8, _SbieApi_CallTwo@12, _SbieApi_QueryConf@20, _SbieDll_RunFromHome@16, _SbieApi_SessionLeader@8, _SbieApi_ReloadConf@4, _SbieApi_QueryProcessPath@28, _SbieDll_FormatMessage0@4, _SbieApi_OpenProcess@8, _SbieDll_GetLanguage@4, _SbieDll_RunSandboxed@24, _SbieDll_ComCreateStub@16, _SbieDll_IsOpenClsid@12, _SbieApi_CheckInternetAccess@12, _SbieApi_QueryProcessInfo@8, SbieApi_Log

secur32.dll

LsaDeregisterLogonProcess, LsaConnectUntrusted, LsaLookupAuthenticationPackage

user32.dll

SetThreadDesktop, CreateDesktopW, SetProcessWindowStation, CreateWindowStationW, GetThreadDesktop, GetProcessWindowStation, IsZoomed, IsIconic, IsWindowUnicode, IsWindowEnabled, IsWindowVisible, IsWindow, GetWindowLongA, GetWindowLongW, GetClassLongA, GetClassLongW, GetPropA, GetPropW, GetWindow, GetParent, GetShellWindow, GetClassNameA, GetClassNameW, GetClientRect, GetWindowRect, GetWindowInfo, GetIconInfo, FindWindowExA, FindWindowExW, FindWindowA, FindWindowW, MapWindowPoints, ScreenToClient, ClientToScreen, EnumClipboardFormats, UserHandleGrantAccess, GetClipboardSequenceNumber, ClipCursor, SetForegroundWindow, MonitorFromWindow, ChangeDisplaySettingsExA, ChangeDisplaySettingsExW, GetWindowThreadProcessId, DestroyWindow, KillTimer, PostMessageW, SetPropW, SendMessageW, CreateWindowExW, RegisterClassW, DefWindowProcW, SetWindowPos, SendMessageTimeoutW, SendNotifyMessageA, SendNotifyMessageW, SendMessageA, PostMessageA, PackDDElParam, EnumThreadWindows, EnumChildWindows, EnumWindows, EndPaint, BeginPaint, ShowWindow, GetMonitorInfoW, RegisterClassExW, DispatchMessageW, GetMessageW, SetTimer, CloseClipboard, SetClipboardData, GetDesktopWindow, OpenClipboard, GetClipboardData, EmptyClipboard, wsprintfW

userenv.dll

DestroyEnvironmentBlock, CreateEnvironmentBlock

wtsapi32.dll

WTSQueryUserToken

SbieSvc.exe

Sandboxie by SANDBOXIE L.T.D (Signed)

Remove SbieSvc.exe

Version:	4.04
MD5:	dd78d286ff9032d9e0938f815928c2fd
SHA1:	cd12adee50e9219394215053e79d586a511d98f3

Overview

sbiesvc.exe runs as a service under the name Sandboxie Service (SbieSvc) with extensive SYSTEM privileges (full administrator access). It is installed with a couple of know programs including Sandboxie 4.04 (64-bit) published by SANDBOXIE L.T.D and TeamSpeak 3 Client published by TeamSpeak Systems GmbH. The file is digitally signed by SANDBOXIE L.T.D which was issued by the GlobalSign nv-sa certificate authority (CA).

Details

File name:	sbiesvc.exe
Publisher:	Sandboxie Holdings, LLC
Product name:	Sandboxie
Description:	Sandboxie Service
Typical file path:	C:\Program Files\sandboxie\sbiesvc.exe
File version:	4.04
Size:	179.59 KB (183,896 bytes)
Build date:	7/8/2013 5:28 AM
Certificate
Issued to:	SANDBOXIE L.T.D
Authority (CA):	GlobalSign nv-sa
Effective date:	Wednesday, December 5, 2012
Expiration date:	Saturday, March 7, 2015
Digital DNA
PE subsystem:	Windows GUI
File packed:	No
Code language:	Microsoft Visual C++
.NET CLR:	No

More details

Programs

The following programs will install this file

Sandboxie 64-bit

SANDBOXIE L.T.D

10% remove

“Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer. Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially. Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don't leak...”

TeamSpeak 3 Client

TeamSpeak Systems GmbH

4% remove

“TeamSpeak 3 continues the legacy of the original TeamSpeak communication system previously offered in TeamSpeak Classic (1.5) and TeamSpeak 2. TeamSpeak 3 is not merely an extension of its predecessors but rather a complete rewrite in C++ of its proprietary protocol and core technology. With over nine years of experience and leadership in the VoIP sector, our engineers have created a flexible, powerful, and scalable solution granting yo...”

Behaviors

Service

Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)

'SbieSvc' (Sandboxie Service)

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

Memory
Private memory:	2.21 MB	21.59 MB
Private (maximum):	4.33 MB
Private (minimum):	4.2 MB
Non-paged memory:	2.21 MB	21.59 MB
Virtual memory:	32.98 MB	140.96 MB
Virtual memory (peak):	35.32 MB	169.69 MB
Working set:	4.24 MB	18.61 MB
Working set (peak):	4.36 MB	37.95 MB
Page faults:	1,160/min	2,039/min
I/O
I/O other transfer:	0 Bytes/sec	448.09 KB/min
I/O other operations:	1/sec	1,671/min
Resource allocations
Threads:	19	12
Handles:	92	600

Process properties

Integrety level:	System
Platform:	64-bit
Command line:	"C:\Program Files\sandboxie\sbiesvc.exe"
Owner:	SYSTEM
Windows Service
Service name:	SbieSvc
Display name:	Sandboxie Service
Type:	Win32OwnProcess
Parent process:	services.exe (Services and Controller app by Microsoft)

Distribution by Windows OS

OS version	distribution
Windows 7 Home Premium	75.00%
Microsoft Windows XP	25.00%

Distribution by country

United States installs about 75.00% of Sandboxie.

Distribution by PC manufacturer

PC Manufacturer	distribution
Hewlett-Packard	55.56%
GIGABYTE	22.22%
ASUS	22.22%

Remove Adware and Spyware Programs, FREE Download!