» smi64.exe
Overview
Analysis
File Details

smi64.exe

SearchModule (Goobzo Ltd.)

The application smi64.exe by SearchModule (Goobzo) has been detected as adware by 8 anti-malware scanners.

File name:

smi64.exe

Publisher:

SearchModule (Goobzo Ltd.) (signed and verified)

MD5:

68a06b807a690ec2fa1ea302ac4ee04d

SHA-1:

1ec20230c4eb33cbba6dbf567b565fd6839d9d3e

SHA-256:

8811e251d01f9b62ae6bb391112a726658a1e0d1e396dae2b9d0d01fc1b46b8f

Scanner detections:

8 / 68

Status:

Adware

Analysis date:

4/23/2024 4:30:22 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic_r

2016.0.3133

Bkav FE

W64.HfsAdware

1.3.0.6379

Dr.Web

Adware.Shopper.866

9.0.1.0111

ESET NOD32

MSIL/SBWatchman.A potentially unwanted (variant)

9.11521

IKARUS anti.virus

PUA.MSIL.SBWatchman

t3scan.1.8.9.0

Panda Antivirus

Adware/Goobzo

15.04.21.07

Reason Heuristics

PUP.Goobzo

15.4.21.3

VIPRE Antivirus

Goobzo

39610

File size:

508.8 KB (521,000 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\Program Files\common files\goobzo\gbupdate\smi64.exe

Digital Signature

Signed by:

SearchModule (Goobzo Ltd.)

Authority:

COMODO CA Limited

Valid from:

2/11/2015 10:00:00 AM

Valid to:

1/1/2016 9:59:59 AM

Subject:

CN=SearchModule (Goobzo Ltd.), O=SearchModule (Goobzo Ltd.), STREET="Bldg #15 Matam", L=Haifa, S=Haifa, PostalCode=31905, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00DD05C384BC880FF0E27B70C27B7E8855

File PE Metadata

Compilation timestamp:

4/17/2015 6:02:50 PM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:HD/Ok4QG4zHa464R4BZx/4HGhu+y+t5Nm/GGK/QYxckNAq84fXJAT/NzWpFJv:zOk+m/m/ZrvWVWpj

Entry address:

0x3B2E4

Entry point:

48, 83, EC, 28, E8, 7F, A6, 00, 00, 48, 83, C4, 28, E9, 36, FE, FF, FF, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, C6, 41, 18, 00, 48, 85, D2, 0F, 85, 82, 00, 00, 00, E8, 9D, 8E, 00, 00, 48, 89, 43, 10, 48, 8B, 90, C0, 00, 00, 00, 48, 89, 13, 48, 8B, 88, B8, 00, 00, 00, 48, 89, 4B, 08, 48, 3B, 15, ED, C9, 03, 00, 74, 16, 8B, 80, C8, 00, 00, 00, 85, 05, 57, CB, 03, 00, 75, 08, E8, 58, 8C, 00, 00, 48, 89, 03, 48, 8B, 05, DE, D0, 03, 00, 48, 39, 43, 08, 74, 1B, 48, 8B, 43, 10, 8B, 88, C8, 00, 00, 00, 85, 0D... 
[+]

Entropy:

6.2296

Code size:

358.5 KB (367,104 bytes)

Remove smi64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.