Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

3.0.2 12.00%
3.0.2 0.67%
1.70.0.0000 38.00%
1.70.0.0000 28.00%
1.65.0.0000 15.33%
1.65.0.0000 0.67%
1.62.0.0000 3.33%
1.61.0.0000 1.33%
1.60.1.0000 0.67%

Relationships

Parent processes
Child process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
CryptGetHashParam, CryptAcquireContextW, CryptDeriveKey, CryptGenRandom, CryptDestroyHash, ReportEventW, DeregisterEventSource, RegisterEventSourceW, RegOpenCurrentUser, RegSetValueExW, RegCloseKey, RegEnumKeyExW, RegOpenKeyExW, RegEnumValueW, RegQueryInfoKeyW, RegQueryValueExW, RegCreateKeyExW, IsTextUnicode, OpenProcessToken, GetUserNameW, RevertToSelf, ImpersonateLoggedOnUser, DuplicateTokenEx, CryptHashData, CryptDecrypt, CreateProcessAsUserW, GetTokenInformation, SetEntriesInAclW, SetSecurityInfo, BuildTrusteeWithSidW, GetSecurityInfo, SetSecurityDescriptorDacl, ConvertStringSidToSidW, InitializeSecurityDescriptor, SetServiceStatus, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW, CryptEncrypt, CryptCreateHash, CryptDestroyKey
iphlpapi.dll
_PfAddFiltersToInterface@24, GetIpAddrTable, _PfDeleteInterface@4, _PfMakeLog@4, _PfCreateInterface@24, _PfUnBindInterface@4, _PfBindInterfaceToIPAddress@12, _PfDeleteLog@0, _PfSetLogBuffer@28
kernel32.dll
SystemTimeToFileTime, FileTimeToSystemTime, GetTimeZoneInformation, FileTimeToLocalFileTime, WaitNamedPipeW, TransactNamedPipe, SetNamedPipeHandleState, SetFileAttributesW, LocalFree, GetCurrentProcessId, DeleteFileW, OpenEventW, CreateWaitableTimerW, DeviceIoControl, CreateFileW, MoveFileExW, SetWaitableTimer, GetVersion, GetLastError, GetProcAddress, LoadLibraryW, GetSystemTimeAsFileTime, FreeLibrary, CreateThread, CloseHandle, WaitForMultipleObjects, CreateEventW, ResetEvent, Sleep, SetEvent, WaitForSingleObject, GetFileAttributesW, ReadFile, SetProcessWorkingSetSize, GetComputerNameW, GetModuleHandleW, GetVersionExW, GetACP, GetSystemInfo, CreateProcessW, OpenProcess, TerminateProcess, Process32FirstW, Process32NextW, CreateToolhelp32Snapshot, GetLongPathNameW, GetShortPathNameW, ConnectNamedPipe, CreateNamedPipeW, WriteFile, DisconnectNamedPipe, FlushFileBuffers, WideCharToMultiByte, MultiByteToWideChar, GetFileAttributesExW, FindFirstFileW, FindClose, FindNextFileW, GetSystemWindowsDirectoryW, GetSystemDirectoryW, SetFilePointer, GetFileSizeEx, CreateDirectoryW, CompareFileTime, GetWindowsDirectoryW, ExpandEnvironmentStringsW, GetFileTime, OutputDebugStringW, GetLocalTime, GetSystemTime, InterlockedIncrement, InterlockedDecrement, InterlockedExchange, ExitThread, GetCurrentThreadId, GetCommandLineA, HeapSetInformation, HeapFree, RaiseException, GetCPInfo, RtlUnwind, HeapAlloc, LCMapStringW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, IsProcessorFeaturePresent, HeapSize, ExitProcess, GetStdHandle, GetModuleFileNameW, GetLocaleInfoW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, InitializeCriticalSectionAndSpinCount, GetFileType, GetStartupInfoW, HeapCreate, QueryPerformanceCounter, GetTickCount, GetStringTypeW, GetOEMCP, IsValidCodePage, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, HeapReAlloc, GetConsoleCP, GetConsoleMode, SetStdHandle, WriteConsoleW, GetCurrentProcess, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, LocalFileTimeToFileTime, ProcessIdToSessionId
mbam.dll
_GetMBAMSettings@4, _LicenseIsValid@0, _GetProgramVersion@8, _GetRandomizationTime@0, _UnscheduleTask@16
mbamcore.dll
_SDKExclusionsEnumerate@8, _SDKCreate@12, _SDKExclusionsMigrate@8, _SDKExclusionsAdd@4, _SDKExclusionsIsExcluded@4, _SDKExclusionsWrite@4, _SDKQuarantine@4, _SDKQuarantineSetPath@4, _SDKSessionSetHeader@4, _SDKExclusionsRead@4
mbamnet.dll
_IsTrialActive@0, _ValidateTrial@16, _PerformUpdate@16, _PostDetectionVendors@4, _PostDetectionHashes@4, _QueuePMDetectionHash@4, _QueuePMDetectionVendor@4
mpr.dll
WNetGetConnectionW
psapi.dll
GetModuleFileNameExW
shell32.dll
SHGetFolderPathW
shlwapi.dll
SHRegGetPathW
user32.dll
CharLowerW, CharUpperA, CharUpperW
userenv.dll
DestroyEnvironmentBlock, GetDefaultUserProfileDirectoryW, GetUserProfileDirectoryW, ExpandEnvironmentStringsForUserW, GetProfilesDirectoryW, CreateEnvironmentBlock
version.dll
GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
wtsapi32.dll
WTSQuerySessionInformationW, WTSEnumerateProcessesW, WTSFreeMemory, WTSEnumerateSessionsW

mbamservice.exe

Malwarebytes Anti-Malware by Malwarebytes Corporation (Signed)

Remove mbamservice.exe
Version:   1.70.0.0000
MD5:   e0d7732f2d2e24b2db3f67b6750295b8
SHA1:   1200fee084b2b9de003b9ae899d2c0b78b32b601
SHA256:   aa5ca86af1acec900f60339016b3dc55472db40adb99186005a7abe67b7d66fc

What is mbamservice.exe?

This is the Malwarebytes' main Windows Service. Malwarebytes' Anti-Malware is an application that finds and removes malware. It is available in a free version, which scans for and removes malware when started manually, and a paid version, which provides scheduled scans, real-time protection and a flash memory scanner. Malwarebytes' is intended to find malware that other anti-virus and anti-spyware programs generally miss, including rogue security software, adware, and spyware.

About mbamservice.exe (from Malwarebytes Corporation)

Malware is big and malware is bad. Your computer is constantly at risk from infection by malware including viruses, worms, trojans, rootkits, dialers and spyware. Malwarebytes specializes in fighting

DetailsDetails

File name:mbamservice.exe
Publisher:Malwarebytes Corporation
Product name:Malwarebytes Anti-Malware
Typical file path:C:\Program Files\malwarebytes' anti-malware\mbamservice.exe
File version:1.70.0.0000
Size:685.07 KB (701,512 bytes)
Certificate
Issued to:Malwarebytes Corporation
Authority (CA):VeriSign
Expiration date:Wednesday, June 5, 2013
Digital DNA
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following program will install this file
Microsoft SQL Server 2005 Compact Edition [ENU]
 Microsoft Corporation
7% remove
Microsoft SQL Server 2005 Compact Edition (SQL Server Compact Edition) is designed for developers who need light weight, in process relational database solution for their applications that can be developed and deployed on desktop as well as on mobile devices. SQL Server Compact Edition Runtime can be used to develop and deploy applications on desktop.

BehaviorsBehaviors

Service
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'MBAMService'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00490252%
0.028634%
Kernel CPU:0.00385241%
0.013761%
User CPU:0.00105011%
0.014873%
Kernel CPU time:37,880,160 ms/min
100,923,805ms/min
CPU cycles:4,268,894/sec
17,470,203/sec
Context switches:26/sec
284/sec
Memory
Private memory:126.03 MB
21.59 MB
Private (maximum):76.28 MB
Private (minimum):29.97 MB
Non-paged memory:126.03 MB
21.59 MB
Virtual memory:244.07 MB
140.96 MB
Virtual memory (peak):369.9 MB
169.69 MB
Working set:48.79 MB
18.61 MB
Working set (peak):199.44 MB
37.95 MB
Page faults:11,039,606/min
2,039/min
I/O
I/O read transfer:3.28 MB/sec
1.02 MB/min
I/O read operations:10/sec
343/min
I/O write transfer:20 Bytes/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:361.89 KB/sec
448.09 KB/min
I/O other operations:12,171/sec
1,671/min
Resource allocations
Threads:6
12
Handles:145
600
GUI GDI count:5
103
GUI USER count:1
49

BehaviorsProcess properties

Integrety level:System
Platform:64-bit
Command lines:
  • "C:\Program Files\malwarebytes' anti-malware\mbamservice.exe"
  • "C:\programmer\malwarebytes' anti-malware\mbamservice.exe"
  • "C:\Program Files\malwarebytes anti-malware\mbamservice.exe"
Owner:SYSTEM
Windows Service
Service name:MBAMService
Description:“Malwarebytes Anti-Malware service”
Type:Win32OwnProcess
Parent process:services.exe (Services and Controller app by Microsoft)

ResourcesThreads

Averages
 
sechost.dll
Total CPU:0.35433147%
0.272967%
Kernel CPU:0.05470331%
0.107585%
User CPU:0.29962816%
0.165382%
CPU cycles:7,870,084/sec
5,741,424/sec
Context switches:25/sec
79/sec
Memory:100 KB
1.16 MB
mbamservice.exe (main module)
Total CPU:0.08721921%
Kernel CPU:0.06953271%
User CPU:0.01768650%
CPU cycles:2,108,932/sec
Context switches:3/sec
Memory:696 KB
advapi32.dll (Advanced Windows 32 Base API by Microsoft)
Total CPU:0.08342213%
Kernel CPU:0.02921697%
User CPU:0.05420516%
Memory:620 KB
wow64.dll
Total CPU:0.02282611%
Kernel CPU:0.00382173%
User CPU:0.01900438%
CPU cycles:529,935/sec
Context switches:1/sec
Memory:252 KB
ntdll.dll
Total CPU:0.00000215%
Kernel CPU:0.00000215%
User CPU:0.00000000%
CPU cycles:83/sec
Memory:1.66 MB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 38.26%
Windows 7 Ultimate 15.44%
Microsoft Windows XP 12.75%
Windows 7 Professional 10.07%
Windows 8 4.70%
Windows Vista Home Premium 4.70%
Windows 8 Pro with Media Center 4.70%
Windows 8 Pro 4.03%
Windows 8.1 3.36%
Windows 8.1 Pro 0.67%
Windows Vista Business 0.67%
Windows 7 Enterprise 0.67%

Distribution by countryDistribution by country

United States installs about 61.49% of Malwarebytes Anti-Malware.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 21.37%
Hewlett-Packard 21.37%
Dell 16.79%
Toshiba 15.27%
Acer 6.11%
Lenovo 4.58%
GIGABYTE 3.05%
Sony 3.05%
Intel 3.05%
Samsung 1.53%
Gateway 1.53%
MSI 1.53%
American Megatrends 0.76%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE