home

smu.exe

W

SearchModule (Goobzo Ltd.)

The application smu.exe, “Search Module Plus Update Service” by SearchModule (Goobzo) has been detected as adware by 5 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Search Module Plus Update”. This file is typically installed with the program Search Module Plus by Goobzo LTD which is a potentially unwanted software program.
Publisher:
Search Module Plus Ltd.  (signed by SearchModule (Goobzo Ltd.))

Product:
W

Description:
Search Module Plus Update Service

Version:
2, 1, 9, 461

MD5:
c9c46df7fbfac06503c36dbb9e7882a3

SHA-1:
52c64798f789c91c6245c51c70ee91133f5ff6fd

SHA-256:
a275a7f278d57d1d236fc660c2bfc102e02e3972dc70f27297ec5fcafcf61ec6

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
4/25/2024 8:56:15 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win64:Malware-gen
2014.9-150331

ESET NOD32
Win32/SBWatchman.C potentially unwanted (variant)
9.11402

herdProtect (fuzzy)
variant of smu_iobitdel.exe (Adware)
2015.7.5.0

Panda Antivirus
Adware/Goobzo
15.03.31.03

Reason Heuristics
PUP.Goobzo.Service
15.3.31.3

File size:
2.6 MB (2,717,992 bytes)

Product version:
2, 1, 9, 461

Copyright:
Copyright (C) 2014

Original file name:
smu.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\common files\goobzo\gbupdateplus\smu.exe

Digital Signature
Signed by:
SearchModule (Goobzo Ltd.)

Authority:
COMODO CA Limited

Valid from:
2/10/2015 7:00:00 PM

Valid to:
12/31/2015 6:59:59 PM

Subject:
CN=SearchModule (Goobzo Ltd.), O=SearchModule (Goobzo Ltd.), STREET="Bldg #15 Matam", L=Haifa, S=Haifa, PostalCode=31905, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DD05C384BC880FF0E27B70C27B7E8855

File PE Metadata
Compilation timestamp:
3/29/2015 9:24:50 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
49152:SF36TUQ/+lP6CNFtfiLWSjDiVfTLhYA3uyx1QDJTo5zLsi:SFKv+lo0KoR

Entry address:
0x15E92C

Entry point:
48, 83, EC, 28, E8, 3F, 04, 00, 00, 48, 83, C4, 28, E9, 86, FD, FF, FF, CC, CC, 48, 89, 5C, 24, 10, 44, 89, 44, 24, 18, 48, 89, 4C, 24, 08, 56, 57, 41, 54, 48, 83, EC, 40, 49, 8B, F1, 41, 8B, F8, 4C, 8B, E2, 48, 8B, D9, 83, EF, 01, 89, 7C, 24, 70, 78, 0F, 49, 2B, DC, 48, 89, 5C, 24, 60, 48, 8B, CB, FF, D6, EB, E8, EB, 00, 48, 8B, 5C, 24, 68, 48, 83, C4, 40, 41, 5C, 5F, 5E, C3, CC, 48, 8B, C4, 4C, 89, 48, 20, 44, 89, 40, 18, 48, 89, 50, 10, 53, 56, 57, 41, 54, 48, 83, EC, 38, 4D, 8B, E1, 49, 63, F8, 48, 8B...
 
[+]

Entropy:
6.1316

Code size:
1.7 MB (1,827,840 bytes)

Service
Display name:
Search Module Plus Update

Service name:
SMUpdPlus

Type:
Win32OwnProcess


The file smu.exe has been discovered within the following program.

Search Module Plus  by Goobzo LTD
Goobzo's Search Module Plus is a web browser toolbar/extension that will insert itself into IE, Firefox or Chrome and will modify the search and home page providers of the targeted browser. Once installed Search Module Plus changes Windows host file and DNS settings.
79% remove it
 
Powered by Should I Remove It?

Remove smu.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.