» smi64.exe
Overview
Analysis
File Details
Programs (1)

smi64.exe

SBInject Application

Goobzo LTD

The application smi64.exe by Goobzo has been detected as adware by 22 anti-malware scanners. This file is typically installed with the program Search Module Plus by Goobzo LTD which is a potentially unwanted software program.

File name:

smi64.exe

Publisher:

Goobzo LTD (signed and verified)

Product:

SBInject Application

Version:

2, 1, 0, 93

MD5:

8197f4757ccea8eb73d0849d766ef770

SHA-1:

4885b934a73e9ab4388ac5018252e274838760fc

SHA-256:

601eb9561c0aaeff22d63f254779db0fb1ee882c3c22fdc2b2cbf58ca1893b01

Scanner detections:

22 / 68

Status:

Adware

Analysis date:

4/19/2024 3:44:08 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.SearchModule.C

735

AhnLab V3 Security

Win-PUP/CrossRider

2014.12.10

avast!

Win32:Adware-CDO [PUP]

150129-1

AVG

Skodna

2016.0.3213

Baidu Antivirus

PUA.MSIL.SBWatchman

4.0.3.15131

Bitdefender

Adware.SearchModule.C

1.0.20.155

Emsisoft Anti-Malware

Adware.SearchModule

8.15.01.31.07

ESET NOD32

MSIL/SBWatchman.A potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/Shopper

1/31/2015

F-Secure

Adware.SearchModule.C

11.2015-31-01_7

G Data

Adware.SearchModule

15.1.24

IKARUS anti.virus

PUA.MSIL.SBWatchman

t3scan.1.8.5.0

K7 AntiVirus

Trojan

13.183.13358

Kaspersky

not-a-virus:AdWare.Win32.Shopper

15.0.0.543

McAfee

Artemis!55CA51021EAB

5600.6869

MicroWorld eScan

Adware.SearchModule.C

16.0.0.93

Norman

Adware.SearchModule.C

11.20150131

nProtect

Trojan-Clicker/W32.Shopper.101224

14.12.09.01

Panda Antivirus

Generic Malware

15.01.31.07

Reason Heuristics

PUP.Goobzo

15.1.31.7

Trend Micro House Call

Suspicious_GEN.F47V0910

7.2.31

VIPRE Antivirus

Goobzo

35578

File size:

98.9 KB (101,224 bytes)

Product version:

2, 1, 0, 93

Original file name:

SBInject.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\common files\goobzo\gbupdateplus\smi64.exe

Digital Signature

Signed by:

Goobzo LTD

Authority:

Thawte, Inc.

Valid from:

5/2/2013 1:00:00 AM

Valid to:

5/3/2015 12:59:59 AM

Subject:

CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

120B25DDE57B88636AD4D97D23B99C88

File PE Metadata

Compilation timestamp:

1/31/2015 7:11:07 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

1536:oGG8FRXVQz9f0QO2CPBTzeXViPoLJSH0TknpLI4sO+zAUR0:ouXVQBMQOhPBTwiPoLJQ0ILI4sO+30

Entry address:

0xA3D8

Entry point:

48, 83, EC, 28, E8, D3, 03, 00, 00, 48, 83, C4, 28, E9, FA, FC, FF, FF, CC, CC, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, F1, C4, 00, 00, FF, 15, 13, 3C, 00, 00, 4C, 8B, 1D, DC, C5, 00, 00, 4C, 89, 5C, 24, 58, 45, 33, C0, 48, 8D, 54, 24, 60, 48, 8B, 4C, 24, 58, E8, 5D, 04, 00, 00, 48, 89, 44, 24, 50, 48, 83, 7C, 24, 50, 00, 74, 41, 48, C7, 44, 24, 38, 00, 00, 00, 00, 48, 8D, 44, 24, 48, 48, 89, 44, 24, 30, 48, 8D, 44, 24, 40, 48, 89, 44, 24, 28, 48, 8D, 05, 9C, C4, 00, 00, 48, 89, 44, 24... 
[+]

Entropy:

5.8554

Code size:

49.5 KB (50,688 bytes)

The file smi64.exe has been discovered within the following program.

Search Module Plus by Goobzo LTD

Goobzo's Search Module Plus is a web browser toolbar/extension that will insert itself into IE, Firefox or Chrome and will modify the search and home page providers of the targeted browser. Once installed Search Module Plus changes Windows host file and DNS settings.

79% remove it

Remove smi64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.