» smoi64.dll
Overview
Analysis
File Details
Programs (1)

smoi64.dll

SBWatchman

Goobzo LTD

The module smoi64.dll, “Search Module Plus Update Service” by Goobzo has been detected as adware by 9 anti-malware scanners. This file is typically installed with the program Search Module Plus by Goobzo LTD which is a potentially unwanted software program.

File name:

smoi64.dll

Publisher:

Search Module Plus Ltd. (signed by Goobzo LTD)

Product:

SBWatchman

Description:

Search Module Plus Update Service

Version:

2, 1, 8, 525

MD5:

ea07b9da562c9a7b27d6da75115faa7b

SHA-1:

388662a24830dc0983ed6c07e365790f192ec3b8

SHA-256:

06d97a4f651e0753082eec4cc59d88912563b9006058c78d60af59a33d5c495b

Scanner detections:

9 / 68

Status:

Adware

Analysis date:

4/25/2024 6:10:33 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-PUP/CrossRider

2015.02.01

avast!

Win32:Adware-CDO [PUP]

150129-1

AVG

Skodna

2016.0.3213

ESET NOD32

MSIL/SBWatchman.A potentially unwanted application

7.0.302.0

F-Prot

W64/Goobzo.A

v6.4.7.1.166

Kaspersky

not-a-virus:AdWare.Win32.Shopper

15.0.0.543

Panda Antivirus

Adware/Goobzo

15.01.31.08

Reason Heuristics

PUP.Goobzo

15.1.31.7

VIPRE Antivirus

Threat.4792716

36694

File size:

611.4 KB (626,024 bytes)

Product version:

2, 1, 8, 525

Original file name:

smu.exe

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\Program Files\common files\goobzo\gbupdateplus\smoi64.dll

Digital Signature

Signed by:

Goobzo LTD

Authority:

Thawte, Inc.

Valid from:

5/2/2013 1:00:00 AM

Valid to:

5/3/2015 12:59:59 AM

Subject:

CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

120B25DDE57B88636AD4D97D23B99C88

File PE Metadata

Compilation timestamp:

1/31/2015 7:11:32 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:r4KHtWcYiUjjITzYXmA8NEUBvPx98fWUfxXeInOc6bp5yKgEHvkoZvGPT03jXtNF:UUE834WUfxXbnW7yKgEH9GPT07DdTMs

Entry address:

0x3EC94

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, BB, 04, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 8B, FE, FF, FF, CC, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, 48, 8B, 0D, F4, F8, 04, 00, FF, 15, 4E, AA, 01, 00, 48, 89, 44, 24, 38, 48, 83, F8, FF, 75, 0B, 48, 8B, CB, FF, 15, 02, AA, 01, 00, EB, 7E, B9, 08, 00, 00, 00, E8, 26, 05, 00, 00, 90, 48, 8B, 0D, C6, F8, 04, 00, FF, 15... 
[+]

Entropy:

5.8603

Code size:

350 KB (358,400 bytes)

The file smoi64.dll has been discovered within the following program.

Search Module Plus by Goobzo LTD

Goobzo's Search Module Plus is a web browser toolbar/extension that will insert itself into IE, Firefox or Chrome and will modify the search and home page providers of the targeted browser. Once installed Search Module Plus changes Windows host file and DNS settings.

79% remove it

Remove smoi64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.