» SBAMTray.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

SBAMTray.exe

GFI Business Agent

ThreatTrack Security, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SBAMTray’.

File name:

SBAMTray.exe

Publisher:

ThreatTrack Security, Inc. (signed and verified)

Product:

GFI Business Agent

Description:

SBAMTray Application

Version:

6.2.5537

MD5:

f9c24814ba954860a99183f4d809da63

SHA-1:

f0f29ae7df26037703adc39b95be46b118d322d0

SHA-256:

0b8de5ccfb5bd64efc344fe73a8ca53c9bc5bec40441e54cb3c050266b436222

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 1:29:07 AM UTC (today)

File size:

3.1 MB (3,232,144 bytes)

Product version:

6.2.5537

Original file name:

SBAMTray.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\gfi software\gfiagent\sbamtray.exe

Digital Signature

Signed by:

ThreatTrack Security, Inc.

Authority:

DigiCert Inc

Valid from:

5/13/2013 8:00:00 PM

Valid to:

7/22/2015 8:00:00 AM

Subject:

CN="ThreatTrack Security, Inc.", O="ThreatTrack Security, Inc.", L=Clearwater, S=Florida, C=US

Issuer:

CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

09D4BCAF771ADF6588CF63A3A3A12C31

File PE Metadata

Compilation timestamp:

4/18/2014 3:25:34 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:bdsvMSuTmWQR4YncdpAZc6NynLQBQY+inuonLRxvDd:eJGQXcCainuo1D

Entry address:

0x1A3636

Entry point:

E8, F0, A7, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, A0, 9C, 67, 00, 75, 02, F3, C3, E9, 77, A8, 00, 00, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, 08, 23, 5F, 00, 57, FF, 35, 88, B5, 68, 00, FF, D6, FF, 35, 84, B5, 68, 00, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE, 2B, FB, 8D, 47, 04, 83, F8, 04, 72, 75, 53, E8, E0, 84, 00, 00, 8B, D8, 8D, 47, 04, 59, 3B, D8, 73, 48, B8, 00, 08, 00, 00, 3B, D8, 73, 02, 8B, C3, 03, C3, 3B, C3, 72, 0F, 50, FF, 75, FC, E8, AA, A9, 00, 00, 59, 59, 85... 
[+]

Entropy:

6.3376

Code size:

1.9 MB (2,034,688 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

SBAMTray

Command:

"C:\Program Files\gfi software\gfiagent\sbamtray.exe"

The file SBAMTray.exe has been discovered within the following program.

GFI Business Agent by GFI Software

Publisher's description - “GFI VIPRE® Antivirus Business is a scalable Endpoint Solution that protects your networked machines from all types of malware and viruses and includes a firewall (Premium only).”

www.GFI.com

9% remove it

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.