» SmdmFService.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

SmdmFService.exe

SmdmF Service

Aztec Media inc.

The application SmdmFService.exe by Aztec Media inc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a windows Service named “SmdmF Service”. This file is typically installed with the program Assets Manager by Aztec Media inc. which is a potentially unwanted software program.

File name:

SmdmFService.exe

Publisher:

Aztec Media Inc (signed by Aztec Media inc.)

Product:

SmdmF Service

Version:

5.0.0.16068

MD5:

6d031ee72329772b665e37ae34573b08

SHA-1:

9b89d25490a836baad1fa1485b609fad6971f9a8

SHA-256:

87ecf1de4fcaa3c111442c9ff6f1f234b4a93b542b942ac5d7504bfb3e0532ed

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/23/2024 12:36:19 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Bandoo.AztecMed (M)

16.7.2.4

File size:

3.1 MB (3,203,840 bytes)

Product version:

5.0.0.16068

Original file name:

SmdmFService.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\assets manager\smdmf\smdmfservice.exe

Digital Signature

Signed by:

Aztec Media inc.

Authority:

VeriSign, Inc.

Valid from:

4/1/2015 1:00:00 AM

Valid to:

2/1/2018 11:59:59 PM

Subject:

CN=Aztec Media inc., O=Aztec Media inc., L=Panama City, S=Panama City, C=PA

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2AF6396322BF5B08910274FFE4241447

File PE Metadata

Compilation timestamp:

4/16/2015 10:26:23 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:dQUykb6J0xnBHkT0+s5nNmokqn94IHRPcPwLbKPVGN82+9V580WXCBQ:OSxnBHkTnsH94oRPcII9sH

Entry address:

0x147B14

Entry point:

E8, A4, AF, 00, 00, E9, 89, FE, FF, FF, 6A, 10, 68, 38, E9, 6A, 00, E8, A6, 84, 00, 00, 33, C0, 89, 45, E0, 89, 45, FC, 89, 45, E4, 8B, 45, E4, 3B, 45, 10, 7D, 13, 8B, 75, 08, 8B, CE, FF, 55, 14, 03, 75, 0C, 89, 75, 08, FF, 45, E4, EB, E5, C7, 45, E0, 01, 00, 00, 00, C7, 45, FC, FE, FF, FF, FF, E8, 08, 00, 00, 00, E8, AD, 84, 00, 00, C2, 14, 00, 83, 7D, E0, 00, 75, 11, FF, 75, 18, FF, 75, E4, FF, 75, 0C, FF, 75, 08, E8, 4D, F8, FF, FF, C3, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 57, 33, DB, 6A, 07, 33, C0, 59... 
[+]

Entropy:

6.4029

Code size:

2.5 MB (2,599,424 bytes)

Service

Display name:

SmdmF Service

Service name:

SmdmFService

Description:

Serving SmdmF modules functionality

Type:

Win32OwnProcess, InteractiveProcess

The file SmdmFService.exe has been discovered within the following program.

Assets Manager by Aztec Media inc.

Asset Manager is an adware web browser add-on that injects advertising in the user's browser as well as hijacks various browser settings such as the home page, search provider and new tab page. Its is protected and difficult to remove.

80% remove it

Remove SmdmFService.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.