home

smu.exe

W

Search Module Ltd.

The application smu.exe, “Search Module Update Service” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Search Module Update”. While running, it connects to the Internet address server-54-192-75-151.hkg50.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Search Module Ltd.

Product:
W

Description:
Search Module Update Service

Version:
2, 6, 8, 5693

MD5:
ce75f608e2cc58d309477b81a887cf43

SHA-1:
4d6f5a7a35ec7bdcb79db5cb1d8cd3a12bdc2907

SHA-256:
dc4e1a02d70246078cb5e7f34473725b78eba4277bd9b98aba269980f6598221

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/7/2024 6:48:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Search.Toolbar (M)
17.2.19.14

File size:
2.1 MB (2,228,128 bytes)

Product version:
2, 6, 8, 5693

Copyright:
Copyright (C) 2014

Original file name:
smu.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\common files\noobzo\gnupdate\smu.exe

File PE Metadata
Compilation timestamp:
2/8/2017 6:47:23 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
14.0

Entry address:
0x1F9000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, CE, B2, 01, 20, 2B, 85, 35, BA, 01, 20, 89, 85, 31, BA, 01, 20, B0, 00, 86, 85, 66, BC, 01, 20, 3C, 01, 0F, 85, BC, 01, 00, 00, 83, BD, 61, BB, 01, 20, 00, 74, 33, 83, BD, 65, BB, 01, 20, 00, 74, 2A, 8B, 85, 31, BA, 01, 20, 2B, 85, 61, BB, 01, 20, 8B, 00, 89, 85, 9E, BB, 01, 20, 8B, 85, 31, BA, 01, 20, 2B, 85, 65, BB, 01, 20, 8B, 00, 89, 85, A2, BB, 01, 20, EB, 61, 83, BD, 69, BB, 01, 20, 00, 74, 58, 8B, 85, 31, BA, 01, 20, 2B, 85, 69, BB, 01, 20, FF, 30, 8D, 85...
 
[+]

Entropy:
6.7079

Packer / compiler:
ASPack v1.08.04

Code size:
1.4 MB (1,479,680 bytes)

Service
Display name:
Search Module Update

Service name:
SMUpd

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-85-151-87.hkg51.r.cloudfront.net  (52.85.151.87:80)

TCP (HTTP):
Connects to server-52-85-151-74.hkg51.r.cloudfront.net  (52.85.151.74:80)

TCP (HTTP):
Connects to server-52-85-151-36.hkg51.r.cloudfront.net  (52.85.151.36:80)

TCP (HTTP):
Connects to server-54-192-75-151.hkg50.r.cloudfront.net  (54.192.75.151:80)

TCP (HTTP):
Connects to server-52-85-151-248.hkg51.r.cloudfront.net  (52.85.151.248:80)

TCP (HTTP):
Connects to server-52-85-151-246.hkg51.r.cloudfront.net  (52.85.151.246:80)

TCP (HTTP):
Connects to server-52-85-151-123.hkg51.r.cloudfront.net  (52.85.151.123:80)

TCP (HTTP):
Connects to server-54-192-75-160.hkg50.r.cloudfront.net  (54.192.75.160:80)

TCP (HTTP):
Connects to server-52-85-151-159.hkg51.r.cloudfront.net  (52.85.151.159:80)

TCP (HTTP):
Connects to server-54-192-75-31.hkg50.r.cloudfront.net  (54.192.75.31:80)

TCP (HTTP):
Connects to server-52-85-151-27.hkg51.r.cloudfront.net  (52.85.151.27:80)

Remove smu.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.