home

smei64.dll

W

Goobzo LTD

The module smei64.dll, “Search Module Plus Update Service” by Goobzo has been detected as adware by 14 anti-malware scanners. This file is typically installed with the program Search Module Plus by Goobzo LTD which is a potentially unwanted software program.
Publisher:
Search Module Plus Ltd.  (signed by Goobzo LTD)

Product:
W

Description:
Search Module Plus Update Service

Version:
2, 1, 8, 525

MD5:
c0834c7406af30a7c54087a1cc97a328

SHA-1:
2255d9ef2a91d26654ebcb0dc4788e8789e09534

SHA-256:
fccecbbe44d66d46c09c779acf154563ed37c0fe4ada1b77419947f5b7e43e3b

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
4/19/2024 3:44:53 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.1159438
689

AhnLab V3 Security
Win-PUP/CrossRider
2015.02.01

avast!
Win32:Adware-CDO [PUP]
150101-1

AVG
Skodna
2016.0.3213

Bitdefender
Adware.Generic.1159438
1.0.20.385

Emsisoft Anti-Malware
Adware.Generic.1159438
8.15.03.18.12

ESET NOD32
MSIL/SBWatchman.A potentially unwanted application
7.0.302.0

F-Secure
Adware.Generic.1159438
11.2015-18-03_4

G Data
Adware.Generic.1159438
15.3.25

Kaspersky
not-a-virus:AdWare.Win32.Shopper
15.0.0.543

MicroWorld eScan
Adware.Generic.1159438
16.0.0.231

Panda Antivirus
Adware/Goobzo
15.01.31.08

Reason Heuristics
PUP.Goobzo
15.1.31.7

VIPRE Antivirus
Threat.4792716
36666

File size:
1 MB (1,082,728 bytes)

Product version:
2, 1, 8, 525

Copyright:
Copyright (C) 2014

Original file name:
smu.exe

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\Program Files\common files\goobzo\gbupdateplus\smei64.dll

Digital Signature
Signed by:
Goobzo LTD

Authority:
Thawte, Inc.

Valid from:
5/2/2013 1:00:00 AM

Valid to:
5/3/2015 12:59:59 AM

Subject:
CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
120B25DDE57B88636AD4D97D23B99C88

File PE Metadata
Compilation timestamp:
1/31/2015 7:11:48 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:fT8ShWwp5N3KdjpEcUKwgA2B5dh5HscC5EQWQgEHIyOZ8rHJl4IPmr5Y:fISIdjNUKwgA2Bd5HNCiQWnx2kYmVY

Entry address:
0x7B5C8

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, E3, 02, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 8B, FE, FF, FF, CC, CC, CC, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, 25, 59, 07, 00, FF, 15, CF, 4C, 02, 00, 4C, 8B, 1D, 10, 5A, 07, 00, 4C, 89, 5C, 24, 58, 45, 33, C0, 48, 8D, 54, 24, 60, 48, 8B, 4C, 24, 58, E8, 59, 0A, 00, 00, 48, 89, 44, 24, 50, 48, 83, 7C, 24...
 
[+]

Entropy:
5.9991

Code size:
634.5 KB (649,728 bytes)

The file smei64.dll has been discovered within the following program.

Search Module Plus  by Goobzo LTD
Goobzo's Search Module Plus is a web browser toolbar/extension that will insert itself into IE, Firefox or Chrome and will modify the search and home page providers of the targeted browser. Once installed Search Module Plus changes Windows host file and DNS settings.
79% remove it
 
Powered by Should I Remove It?

Remove smei64.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.