» smu.exe
Overview
Analysis
File Details
Behaviors (1)

smu.exe

W

Search Module Ltd.

The application smu.exe, “Search Module Update Service” has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Search Module Update”.

File name:

smu.exe

Publisher:

Search Module Ltd.

Product:

Description:

Search Module Update Service

Version:

2, 3, 13, 1725

MD5:

3696a9b9567a67746f574c36b63fc44e

SHA-1:

42115bff42b569a94b5877569287348915c9a031

SHA-256:

2ce04473dbd674a92b8a1aa29a23d8f1cb5c5a5189fdf73bb2b286e5a0b9a1f9

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 11:33:43 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

ESET NOD32

Win64/SBWatchman.A potentially unwanted (variant)

9.12058

Reason Heuristics

PUP.Search.Toolbar.Meta (M)

15.8.2.16

File size:

2.7 MB (2,866,176 bytes)

Product version:

2, 3, 13, 1725

Original file name:

smu.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\common files\goobzo\gbupdate\smu.exe

File PE Metadata

Compilation timestamp:

8/2/2015 6:16:33 AM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

12.0

CTPH (ssdeep):

49152:SUswXwjxQAC8UZVA+9fgpXJnh4z1qEwDTNARky6a/TQjSWvkYKu:BXIIumvwZE

Entry address:

0x192A0C

Entry point:

48, 83, EC, 28, E8, 37, 16, 01, 00, 48, 83, C4, 28, E9, 42, FE, FF, FF, CC, CC, 48, 83, EC, 18, 0F, B6, C2, 4C, 8B, C1, 83, E1, 0F, 44, 8B, D0, 49, 83, E0, F0, 0F, 57, D2, 41, C1, E2, 08, 45, 33, C9, 44, 0B, D0, 83, C8, FF, D3, E0, 66, 41, 0F, 6E, C2, F2, 0F, 70, C8, 00, 66, 0F, 6F, C2, 66, 41, 0F, 74, 00, 66, 0F, 70, D9, 00, 66, 0F, 6F, CB, 66, 41, 0F, 74, 08, 66, 0F, EB, C8, 66, 0F, D7, D1, 23, D0, 75, 22, 49, 83, C0, 10, 66, 0F, 6F, CB, 66, 0F, 6F, C2, 66, 41, 0F, 74, 08, 66, 41, 0F, 74, 00, 66, 0F, EB... 
[+]

Entropy:

6.1974

Code size:

1.9 MB (2,018,816 bytes)

Service

Display name:

Search Module Update

Service name:

SMUpd

Type:

Win32OwnProcess

Remove smu.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.