» sma.exe
Overview
Analysis
File Details
Programs (1)
Network (9)

sma.exe

W

.

The application sma.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Search Module Plus by Goobzo LTD which is a potentially unwanted software program. While running, it connects to the Internet address server-54-230-38-160.jfk1.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

sma.exe

Publisher:

Product:

Description:

agent

Version:

2, 3, 12, 1634

MD5:

d270ee1c0c46badeecc45571e01bea37

SHA-1:

ddd612834b3c59b0ecbba1420412f16884ceb8cb

SHA-256:

dc28e227409fbaac64d9e6aeb28b70f6f439102af07783cede02f5f6a34c5c1f

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 12:26:41 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Goobzo.Meta (M)

15.12.9.17

File size:

319.5 KB (327,168 bytes)

Product version:

2, 3, 12, 1634

Original file name:

sma.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\common files\goobzo\gbupdateplus\sma.exe

File PE Metadata

Compilation timestamp:

7/8/2015 4:53:33 AM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

12.0

CTPH (ssdeep):

6144:w6cOh4EgsgvzgeEC5w6TBvKgcrpMBrKWMywM4jTBMI:/cyMPUeEp+MOrKWMywM4j

Entry address:

0x1B7D0

Entry point:

48, 83, EC, 28, E8, 03, AD, 00, 00, 48, 83, C4, 28, E9, 42, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 18, 48, 89, 54, 24, 10, 57, 48, 83, EC, 20, 48, 8B, DA, 8B, F1, 33, FF, 33, C0, 48, 85, D2, 0F, 95, C0, 85, C0, 75, 18, E8, 30, 0F, 00, 00, C7, 00, 16, 00, 00, 00, E8, 69, 54, 00, 00, 83, C8, FF, E9, C1, 00, 00, 00, 48, 8B, CA, E8, 99, 01, 00, 00, 90, F6, 43, 18, 40, 0F, 85, 80, 00, 00, 00, 48, 8B, CB, E8, D6, 75, 00, 00, 4C, 63, C0, 41, 8D, 48, 02, 4C, 8D, 0D, A4, 32, 03, 00, 83, F9, 01, 76... 
[+]

Entropy:

6.0296

Code size:

206.5 KB (211,456 bytes)

The file sma.exe has been discovered within the following program.

Search Module Plus by Goobzo LTD

Goobzo's Search Module Plus is a web browser toolbar/extension that will insert itself into IE, Firefox or Chrome and will modify the search and home page providers of the targeted browser. Once installed Search Module Plus changes Windows host file and DNS settings.

79% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-230-39-21.jfk1.r.cloudfront.net (54.230.39.21:80)

TCP (HTTP):

Connects to server-54-230-39-184.jfk1.r.cloudfront.net (54.230.39.184:80)

TCP (HTTP):

Connects to server-54-230-38-160.jfk1.r.cloudfront.net (54.230.38.160:80)

TCP (HTTP):

Connects to server-54-192-48-3.jfk5.r.cloudfront.net (54.192.48.3:80)

TCP (HTTP):

Connects to server-205-251-251-84.jfk5.r.cloudfront.net (205.251.251.84:80)

TCP (HTTP):

Connects to server-205-251-251-234.jfk5.r.cloudfront.net (205.251.251.234:80)

TCP (HTTP):

Connects to server-205-251-251-164.jfk5.r.cloudfront.net (205.251.251.164:80)

TCP (HTTP):

Connects to server-205-251-251-13.jfk5.r.cloudfront.net (205.251.251.13:80)

TCP (HTTP):

Connects to server-205-251-251-105.jfk5.r.cloudfront.net (205.251.251.105:80)

Remove sma.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.