SMax4PNP.exe

SMax4PNP Application

Analog Devices, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SoundMAXPnP’.
Publisher:
Analog Devices, Inc.

Product:
SMax4PNP Application

Description:
SMax4PNP

Version:
6,1,5851,170

MD5:
d86427405b68342d943008d596635c9e

SHA-1:
dc97b5e795c83d1bf7415ca2a6fb9f357b8581e6

SHA-256:
d203e678a960120a08b87f0e4166bc125833f7722bb1fc0de06a008356ce810a

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/27/2024 6:36:01 PM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Startup.AnalogDevices.I
188861

File size:
1.4 MB (1,417,216 bytes)

Product version:
6,1,5851,170

Copyright:
Copyright © 2002-2008, Analog Devices

Original file name:
SMax4PNP.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\analog devices\core\smax4pnp.exe

File PE Metadata
Compilation timestamp:
3/7/2000 6:07:56 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:sdE1O9BXnyyo6hnEKj22oR6mYYIbnQBCSctyV+tQtJ+3wj0Lq/neS:6E16kyo6hnEKj22oR6mYYIbnQBCSctbY

Entry address:
0x31E5C

Entry point:
60, 71, 0B, 43, B8, 17, 43, B2, 46, B8, 93, B9, 66, 2D, EB, 02, 04, 5E, 86, C9, 88, EC, 8D, 1D, 00, BC, 65, AA, EB, 04, 8A, F5, 01, D5, 70, 08, BD, 72, 3C, B4, 52, 0F, AF, C5, E8, 6D, 00, 00, 00, 0F, AF, FF, 1A, D5, 69, F0, AC, 43, 66, 58, 0F, AF, F2, 69, EB, 31, AE, 2C, 57, 86, D4, 8D, 09, 89, FF, 0F, BF, F6, FF, C6, 8A, F5, 2B, D9, B6, 51, 84, C8, 6B, D2, 00, 70, 04, FE, C9, 11, CF, F3, 3C, BC, EB, 04, 31, C9, 89, F8, 81, C2, 3A, 0F, 00, 00, EB, 05, BB, 65, 90, 99, 1F, 81, EA, 39, 0F, 00, 00, EB, 09, 87...
 
[+]

Entropy:
6.3333

Code size:
304 KB (311,296 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SoundMAXPnP

Command:
C:\Program Files\analog devices\core\smax4pnp.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to linux.bilimcell.com.tr  (46.45.167.151:80)

TCP (HTTP):
Connects to 2371232.sites.myregisteredsite.com  (209.237.150.20:80)

Scan SMax4PNP.exe - Powered by Reason Core Security