home

SMax4PNP.exe

SMax4PNP Application

Analog Devices, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SoundMAXPnP’.
Publisher:
Analog Devices, Inc.

Product:
SMax4PNP Application

Description:
SMax4PNP

Version:
6,1,5851,170

MD5:
d86427405b68342d943008d596635c9e

SHA-1:
dc97b5e795c83d1bf7415ca2a6fb9f357b8581e6

SHA-256:
d203e678a960120a08b87f0e4166bc125833f7722bb1fc0de06a008356ce810a

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/24/2024 12:40:07 PM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Startup.AnalogDevices.I
188861

File size:
1.4 MB (1,417,216 bytes)

Product version:
6,1,5851,170

Copyright:
Copyright © 2002-2008, Analog Devices

Original file name:
SMax4PNP.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\analog devices\core\smax4pnp.exe

File PE Metadata
Compilation timestamp:
3/7/2000 6:07:56 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:sdE1O9BXnyyo6hnEKj22oR6mYYIbnQBCSctyV+tQtJ+3wj0Lq/neS:6E16kyo6hnEKj22oR6mYYIbnQBCSctbY

Entry address:
0x31E5C

Entry point:
60, 71, 0B, 43, B8, 17, 43, B2, 46, B8, 93, B9, 66, 2D, EB, 02, 04, 5E, 86, C9, 88, EC, 8D, 1D, 00, BC, 65, AA, EB, 04, 8A, F5, 01, D5, 70, 08, BD, 72, 3C, B4, 52, 0F, AF, C5, E8, 6D, 00, 00, 00, 0F, AF, FF, 1A, D5, 69, F0, AC, 43, 66, 58, 0F, AF, F2, 69, EB, 31, AE, 2C, 57, 86, D4, 8D, 09, 89, FF, 0F, BF, F6, FF, C6, 8A, F5, 2B, D9, B6, 51, 84, C8, 6B, D2, 00, 70, 04, FE, C9, 11, CF, F3, 3C, BC, EB, 04, 31, C9, 89, F8, 81, C2, 3A, 0F, 00, 00, EB, 05, BB, 65, 90, 99, 1F, 81, EA, 39, 0F, 00, 00, EB, 09, 87...
 
[+]

Entropy:
6.3333

Code size:
304 KB (311,296 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SoundMAXPnP

Command:
C:\Program Files\analog devices\core\smax4pnp.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to linux.bilimcell.com.tr  (46.45.167.151:80)

TCP (HTTP):
Connects to 2371232.sites.myregisteredsite.com  (209.237.150.20:80)

Scan SMax4PNP.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.