» smw.sys
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

smw.sys

sbw

Goobzo LTD

The file smw.sys by Goobzo has been detected as adware by 8 anti-malware scanners. It runs as a Windows 64-bit kernel mode device driver named “Search Module Plus UpdateD”. This file is typically installed with the program Search Module Plus by Goobzo LTD which is a potentially unwanted software program.

File name:

smw.sys

Publisher:

Goobzo LTD (signed and verified)

Product:

sbw

Version:

1, 0, 0, 1

MD5:

88c7472a7199916bbec24c680bbbdba3

SHA-1:

72cb1f2731178751bff1a4e515a72a7d2a66651d

SHA-256:

43f6dfddcdebcbb9fd395defb947f046c3a1b664de24c716157454e831a33aa1

Scanner detections:

8 / 68

Status:

Adware

Analysis date:

4/24/2024 5:14:48 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Adware-CDO [PUP]

150101-1

AVG

Skodna

2016.0.3213

Dr.Web

Adware.Searcher.2656

9.0.1.05190

ESET NOD32

Win32/SBWatchman.C potentially unwanted application

7.0.302.0

Kaspersky

not-a-virus:AdWare.Win32.Shopper

15.0.0.543

Panda Antivirus

Adware/Goobzo

15.01.31.07

Reason Heuristics

PUP.Goobzo

15.1.31.7

VIPRE Antivirus

Threat.4792716

36666

File size:

41.9 KB (42,856 bytes)

Product version:

1, 0, 0, 1

Original file name:

sbw

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Program Files\common files\goobzo\gbupdateplus\smw.sys

Digital Signature

Signed by:

Goobzo LTD

Authority:

Thawte, Inc.

Valid from:

5/2/2013 1:00:00 AM

Valid to:

5/3/2015 12:59:59 AM

Subject:

CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

120B25DDE57B88636AD4D97D23B99C88

File PE Metadata

Compilation timestamp:

1/31/2015 7:10:43 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

768:RnyOa05pLZTpaSFrsdYCpyEM4cTtTKWEijqK3ISpelxDjNduRyaSDAg:ddhsHpbc3CxDMu9

Entry address:

0xB000

Entry point:

48, 89, 5C, 24, 08, 55, 56, 57, 48, 83, EC, 30, 33, FF, 33, ED, 48, 8B, F1, 48, 89, 7C, 24, 68, 48, 89, 6C, 24, 20, 48, C7, 44, 24, 60, 00, 00, 00, 00, E8, 05, 76, FF, FF, 8B, D8, 85, C0, 0F, 88, ED, 00, 00, 00, 4C, 8D, 4C, 24, 60, 8D, 57, 01, 44, 8D, 47, 20, 48, 8B, CE, FF, 15, CE, A0, FF, FF, 8B, D8, 85, C0, 0F, 88, CE, 00, 00, 00, 48, 8B, 4C, 24, 60, 8D, 57, 01, 41, B0, 01, 89, 79, 18, FF, 15, C0, 9F, FF, FF, 48, 8D, 54, 24, 68, 48, 8B, CE, E8, 5B, 7C, FF, FF, 8B, D8, 85, C0, 0F, 88, 9E, 00, 00, 00, 48... 
[+]

Entropy:

6.2979

Code size:

26 KB (26,624 bytes)

Driver

Display name:

Search Module Plus UpdateD

Service name:

SMUpdd

Type:

Kernel device driver (KernelDriver)

The file smw.sys has been discovered within the following program.

Search Module Plus by Goobzo LTD

Goobzo's Search Module Plus is a web browser toolbar/extension that will insert itself into IE, Firefox or Chrome and will modify the search and home page providers of the targeted browser. Once installed Search Module Plus changes Windows host file and DNS settings.

79% remove it

Remove smw.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.