× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 03b39ea56cd46666cfa8467aa246a63924c0f4aacd27e51fd5e1192000b4a577
File name: MBAMService.exe
Detection ratio: 0 / 67
Analysis date: 2018-12-06 17:17:25 UTC ( 5 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20181206
AegisLab 20181206
AhnLab-V3 20181206
Alibaba 20180921
ALYac 20181206
Antiy-AVL 20181205
Arcabit 20181206
Avast 20181206
Avast-Mobile 20181206
AVG 20181206
Avira (no cloud) 20181206
Babable 20180918
Baidu 20181206
BitDefender 20181206
Bkav 20181205
CAT-QuickHeal 20181206
ClamAV 20181206
CMC 20181205
Comodo 20181206
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181206
Cyren 20181206
DrWeb 20181206
eGambit 20181206
Endgame 20181108
ESET-NOD32 20181206
F-Prot 20181206
F-Secure 20181206
Fortinet 20181206
GData 20181206
Ikarus 20181206
Sophos ML 20181128
Jiangmin 20181206
K7AntiVirus 20181206
K7GW 20181206
Kaspersky 20181206
Kingsoft 20181206
Malwarebytes 20181206
MAX 20181206
McAfee 20181206
McAfee-GW-Edition 20181206
Microsoft 20181206
eScan 20181206
NANO-Antivirus 20181206
Palo Alto Networks (Known Signatures) 20181206
Panda 20181206
Qihoo-360 20181206
Rising 20181206
SentinelOne (Static ML) 20181011
Sophos AV 20181206
SUPERAntiSpyware 20181205
Symantec 20181206
Symantec Mobile Insight 20181204
TACHYON 20181206
Tencent 20181206
TheHacker 20181202
Trapmine 20181205
TrendMicro 20181206
TrendMicro-HouseCall 20181206
Trustlook 20181206
VBA32 20181206
ViRobot 20181206
Webroot 20181206
Yandex 20181204
Zillya 20181206
ZoneAlarm by Check Point 20181206
Zoner 20181206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
(C) Malwarebytes. All rights reserved.

Product Malwarebytes Service
Original name MBAMService.exe
Internal name MBAMService.exe
File version 3.2.0.704
Description Malwarebytes Service
Signature verification Signed file, verified signature
Signing date 11:27 PM 9/13/2018
Signers
[+] Malwarebytes Corporation
Status Valid
Issuer DigiCert Assured ID Code Signing CA-1
Valid from 12:00 AM 07/21/2016
Valid to 12:00 PM 07/25/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 249BDA38A611CD746A132FA2AF995A2D3C941264
Serial number 04 4E 3B F5 89 76 88 0F FD 07 44 48 A8 F7 A0 58
[+] DigiCert Assured ID Code Signing CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 01:00 PM 02/11/2011
Valid to 01:00 PM 02/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 409AA4A74A0CDA7C0FEE6BD0BB8823D16B5F1875
Serial number 0F A8 49 06 15 D7 00 A0 BE 21 76 FD C5 EC 6D BD
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 01:00 AM 11/10/2006
Valid to 01:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 01:00 AM 01/01/1997
Valid to 12:59 AM 01/01/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine x64
Compilation timestamp 2018-09-13 20:58:56
Entry Point 0x002DA2B0
Number of sections 6
PE sections
Overlays
MD5 4985c3c25efb6573dd90a9e0745b12a9
File type data
Offset 6277632
Size 69424
Entropy 7.82
PE imports
RegCreateKeyExW
CryptDestroyKey
RegCloseKey
CryptSetHashParam
ReportEventW
OpenServiceW
ControlService
RegDeleteKeyW
DeleteService
OpenThreadToken
CryptHashData
CheckTokenMembership
RegQueryValueExW
CryptCreateHash
SetSecurityDescriptorDacl
CloseServiceHandle
CryptDecrypt
RegisterEventSourceW
DeregisterEventSource
RegOpenKeyExW
CreateProcessAsUserW
CreateServiceW
GetTokenInformation
DuplicateTokenEx
CryptReleaseContext
CryptAcquireContextA
SetServiceStatus
RegQueryInfoKeyW
RegisterServiceCtrlHandlerW
RegEnumKeyExW
CryptGenRandom
CryptAcquireContextW
IsTextUnicode
CryptGetProvParam
CryptDestroyHash
CryptGetUserKey
RegDeleteValueW
CryptEnumProvidersW
RegSetValueExW
CryptSignHashW
FreeSid
CryptGetHashParam
OpenSCManagerW
CryptExportKey
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
CertEnumCertificatesInStore
CertOpenStore
CertFreeCertificateContext
CertCloseStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
GetAdaptersInfo
GetStdHandle
GetDriveTypeW
ReleaseMutex
FileTimeToSystemTime
GetOverlappedResult
DeleteFiber
SetEndOfFile
SignalObjectAndWait
CreateTimerQueue
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
DisconnectNamedPipe
GetCurrentProcess
FreeLibraryAndExitThread
GetConsoleMode
UnhandledExceptionFilter
RtlUnwindEx
UnregisterWait
FreeEnvironmentStringsW
InitializeSListHead
InterlockedPopEntrySList
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
WriteFile
WaitForSingleObject
GetSystemTimeAsFileTime
SetThreadAffinityMask
GetThreadTimes
HeapReAlloc
GetStringTypeW
GetThreadPriority
SetEvent
LocalFree
FormatMessageW
ConnectNamedPipe
InterlockedPushEntrySList
CreateEventW
LoadResource
GetLogicalDriveStringsW
FindClose
TlsGetValue
QueryDosDeviceW
GetFullPathNameW
EncodePointer
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
GetSystemTime
CopyFileW
OutputDebugStringW
RemoveDirectoryW
TryEnterCriticalSection
IsDebuggerPresent
ExitProcess
InitializeCriticalSectionEx
VerSetConditionMask
SetProcessWorkingSetSize
SetThreadPriority
RtlVirtualUnwind
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
VerifyVersionInfoW
SetFilePointerEx
DeleteTimerQueueTimer
InterlockedFlushSList
GetModuleHandleA
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
DeleteCriticalSection
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
IsProcessorFeaturePresent
ExitThread
DecodePointer
ReadConsoleA
GlobalMemoryStatus
GetModuleHandleExW
GlobalAlloc
VirtualQueryEx
ReadConsoleW
GetCurrentThreadId
GetProcAddress
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
PeekNamedPipe
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
FreeLibrary
ConvertFiberToThread
RtlPcToFileHeader
GetWindowsDirectoryW
TzSpecificLocalTimeToSystemTime
GetFileSize
OpenProcess
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
CreateNamedPipeW
GetProcessHeap
QueryDepthSList
CompareStringW
GetFileSizeEx
GetModuleFileNameW
GetFileInformationByHandle
FindNextFileW
RtlLookupFunctionEntry
ResetEvent
CreateTimerQueueTimer
FindFirstFileW
IsValidLocale
DuplicateHandle
FindFirstFileExW
WaitForMultipleObjects
GetProcessAffinityMask
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
GlobalFree
GetConsoleCP
UnregisterWaitEx
GetSystemWindowsDirectoryW
GetEnvironmentStringsW
WaitForSingleObjectEx
Process32NextW
Module32FirstW
SwitchToThread
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
ChangeTimerQueueTimer
ProcessIdToSessionId
GetCommandLineW
GetCPInfo
HeapSize
RegisterWaitForSingleObject
RaiseException
GetCommandLineA
Process32FirstW
GetCurrentThread
QueryPerformanceFrequency
ReleaseSemaphore
TlsFree
SetFilePointer
ReadFile
RtlCaptureContext
CloseHandle
GetACP
GetModuleHandleW
GetLogicalProcessorInformation
GetNumaHighestNodeNumber
GetLocalTime
IsValidCodePage
SetConsoleMode
FindResourceW
VirtualQuery
VirtualFree
Sleep
TerminateProcess
SetConsoleCtrlHandler
VirtualAlloc
WNetGetConnectionW
NetWkstaGetInfo
NetApiBufferFree
SysStringLen
SysStringByteLen
SysAllocString
SafeArrayCreate
VariantCopy
SafeArrayGetElemsize
VariantInit
SafeArrayAccessData
SafeArrayGetLBound
UnRegisterTypeLib
SafeArrayUnaccessData
GetRecordInfoFromGuids
SafeArrayDestroy
SafeArrayUnlock
SafeArrayGetUBound
LoadTypeLib
SysFreeString
SysAllocStringByteLen
SafeArrayLock
LoadRegTypeLib
SafeArrayGetVartype
SafeArrayRedim
VarUI4FromStr
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
RegisterTypeLib
VariantClear
SafeArrayCreateEx
SafeArrayGetDim
GetProcessImageFileNameW
SHGetFolderPathW
GetUserObjectInformationW
PostThreadMessageW
TranslateMessage
CharUpperW
OpenWindowStationW
CloseDesktop
LoadStringW
DispatchMessageW
SetProcessWindowStation
GetMessageW
OpenInputDesktop
GetProcessWindowStation
CharNextW
CloseWindowStation
MessageBoxW
CreateEnvironmentBlock
DestroyEnvironmentBlock
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
getaddrinfo
closesocket
ntohl
inet_addr
send
WSACleanup
WSAStartup
freeaddrinfo
ntohs
getnameinfo
htons
recv
WSASetLastError
WSAGetLastError
WTSQuerySessionInformationW
WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW
CoInitializeEx
CoRevertToSelf
CoRegisterClassObject
CoTaskMemAlloc
CoRevokeClassObject
CoImpersonateClient
CoUninitialize
CoTaskMemRealloc
CoCreateInstance
CoInitializeSecurity
CoAddRefServerProcess
CoResumeClassObjects
CoReleaseServerProcess
CoTaskMemFree
StringFromGUID2
CoSetProxyBlanket
Number of PE resources by type
REGISTRY 20
TYPELIB 14
RT_MESSAGETABLE 1
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 37
NEUTRAL 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.14

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.2.0.704

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Malwarebytes Service

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

InitializedDataSize
2865664

EntryPoint
0x2da2b0

OriginalFileName
MBAMService.exe

MIMEType
application/octet-stream

LegalCopyright
(C) Malwarebytes. All rights reserved.

FileVersion
3.2.0.704

TimeStamp
2018:09:13 22:58:56+02:00

FileType
Win64 EXE

PEType
PE32+

InternalName
MBAMService.exe

ProductVersion
3.2.0.704

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
AMD AMD64

CompanyName
Malwarebytes

CodeSize
3437056

ProductName
Malwarebytes Service

ProductVersionNumber
3.2.0.704

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ecb760b2391608ba4e0a7987ada70ccf
SHA1 fd7842a5a3ae90a60ba4fb3f85e64876e4c2e742
SHA256 03b39ea56cd46666cfa8467aa246a63924c0f4aacd27e51fd5e1192000b4a577
ssdeep
49152:1Sxt5Ck1J/u3SZDTfQJ4EQgTDofRquW8IOh5PBuYVTUvVgnFmoPBivDaXozxZF/Y:4qTARnNKAdivOXozx6nL

authentihash 5577a31630f840efeaeec2e54d54aff7758aca2afd71fd3ee16c55dfe1dd165d
imphash 72b20201768148bcc5ba2856f3e83496
File size 6.1 MB ( 6347056 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (GUI) Mono/.Net assembly

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
64bits peexe assembly signed overlay

VirusTotal metadata
First submission 2018-09-19 20:56:03 UTC ( 8 months, 1 week ago )
Last submission 2019-04-29 04:19:26 UTC ( 3 weeks, 4 days ago )
File names mbamservice.exe
is-ibcam.tmp
MBAMService.exe
mbamservice.exe
MBAMSERVICE.EXE
mbamservice.exe
mbamservice.exe
mbamservice.exe
MBAMService.exe
MBAMService.exe
mbamservice.exe
is-6hghu.tmp
mbamservice.exe
MBAMService.exe
mbamservice.exe
MBAMService.exe
is-batap.tmp
mbamservice.exe
.
MBAMService.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!