» smri64.dll
Overview
Analysis
File Details
Programs (1)

smri64.dll

SBWatchman

Goobzo LTD

The module smri64.dll, “Search Module Plus Update Service” by Goobzo has been detected as adware by 8 anti-malware scanners. This file is typically installed with the program Search Module Plus by Goobzo LTD which is a potentially unwanted software program.

File name:

smri64.dll

Publisher:

Search Module Plus Ltd. (signed by Goobzo LTD)

Product:

SBWatchman

Description:

Search Module Plus Update Service

Version:

2, 1, 8, 525

MD5:

b149ff07054e22663fede4f600632f1b

SHA-1:

d92cc8baa5ee300830ff4661b94431076b44793f

SHA-256:

788027ae38789e996ce8eb911e05084df5d78f8b49e52fab4cd2803b4d490af8

Scanner detections:

8 / 68

Status:

Adware

Analysis date:

4/26/2024 3:32:02 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-PUP/CrossRider

2015.02.01

avast!

Win32:Adware-CDO [PUP]

150101-1

AVG

Skodna

2016.0.3213

ESET NOD32

MSIL/SBWatchman.A potentially unwanted application

7.0.302.0

F-Prot

W64/Goobzo.A

v6.4.7.1.166

Kaspersky

not-a-virus:AdWare.Win32.Shopper

15.0.0.543

Reason Heuristics

PUP.Goobzo

15.1.31.7

VIPRE Antivirus

Goobzo

37128

File size:

610.4 KB (625,000 bytes)

Product version:

2, 1, 8, 525

Original file name:

smu.exe

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\Program Files\common files\goobzo\gbupdateplus\smri64.dll

Digital Signature

Signed by:

Goobzo LTD

Authority:

Thawte, Inc.

Valid from:

5/2/2013 1:00:00 AM

Valid to:

5/3/2015 12:59:59 AM

Subject:

CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

120B25DDE57B88636AD4D97D23B99C88

File PE Metadata

Compilation timestamp:

1/31/2015 7:11:23 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

6144:6sO5HQebejIFOTrYe1uRRUJBBTQn6mgtHXDwFuRbC/XYvPaPZiH2lMr9pazeydg0:Na36/38kb9vPaPZiH8MxdydgEHEC4Yoa

Entry address:

0x3EAB4

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, BB, 04, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 8B, FE, FF, FF, CC, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, 48, 8B, 0D, 4C, FA, 04, 00, FF, 15, FE, AB, 01, 00, 48, 89, 44, 24, 38, 48, 83, F8, FF, 75, 0B, 48, 8B, CB, FF, 15, B2, AB, 01, 00, EB, 7E, B9, 08, 00, 00, 00, E8, 26, 05, 00, 00, 90, 48, 8B, 0D, 1E, FA, 04, 00, FF, 15... 
[+]

Entropy:

5.8486

Code size:

349.5 KB (357,888 bytes)

The file smri64.dll has been discovered within the following program.

Search Module Plus by Goobzo LTD

Goobzo's Search Module Plus is a web browser toolbar/extension that will insert itself into IE, Firefox or Chrome and will modify the search and home page providers of the targeted browser. Once installed Search Module Plus changes Windows host file and DNS settings.

79% remove it

Remove smri64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.