» smu.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (3)

smu.exe

W

Search Module Plus Ltd.

The application smu.exe, “Search Module Plus Update Service” has been detected as a potentially unwanted program by 8 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Search Module Plus Update”. This file is typically installed with the program Search Module Plus by Goobzo LTD which is a potentially unwanted software program. While running, it connects to the Internet address server-54-230-38-173.jfk1.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

smu.exe

Publisher:

Search Module Plus Ltd.

Product:

Description:

Search Module Plus Update Service

Version:

2, 3, 12, 1634

MD5:

d033714f36cfe62ce0808de4a13d7cf1

SHA-1:

7dacd1b64c84a870a7e4fb52d2d5554a1b96f38c

SHA-256:

ead3af0fdc7addb8d5d415974ae20e32ac5b0c5de2163b611cd4234ce2f45831

Scanner detections:

8 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 2:36:19 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win64:Malware-gen

2014.9-150811

Baidu Antivirus

PUA.Win64.SBWatchman

4.0.3.1581

Emsisoft Anti-Malware

Adware.Generic.1286400

8.15.08.11.03

ESET NOD32

Win64/SBWatchman.A potentially unwanted (variant)

9.11915

F-Secure

Adware.Generic.1286400

11.2015-11-08_3

IKARUS anti.virus

PUA.SBWatchman

t3scan.1.9.5.0

Reason Heuristics

Adware.Search.Goobzo.Meta (M)

15.7.9.23

VIPRE Antivirus

Trojan.Win32.Generic

42628

File size:

2.7 MB (2,835,968 bytes)

Product version:

2, 3, 12, 1634

Original file name:

smu.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\common files\goobzo\gbupdateplus\smu.exe

File PE Metadata

Compilation timestamp:

7/8/2015 4:54:05 AM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

12.0

CTPH (ssdeep):

49152:bAtboZQRICOOC5uDcB48xgmSTPF6TXV1lEJFAHDOwbTOtOPSIgO:aLRo0sVxr

Entry address:

0x18E6A8

Entry point:

48, 83, EC, 28, E8, 17, 14, 01, 00, 48, 83, C4, 28, E9, 42, FE, FF, FF, CC, CC, 48, 83, EC, 18, 0F, B6, C2, 4C, 8B, C1, 83, E1, 0F, 44, 8B, D0, 49, 83, E0, F0, 0F, 57, D2, 41, C1, E2, 08, 45, 33, C9, 44, 0B, D0, 83, C8, FF, D3, E0, 66, 41, 0F, 6E, C2, F2, 0F, 70, C8, 00, 66, 0F, 6F, C2, 66, 41, 0F, 74, 00, 66, 0F, 70, D9, 00, 66, 0F, 6F, CB, 66, 41, 0F, 74, 08, 66, 0F, EB, C8, 66, 0F, D7, D1, 23, D0, 75, 22, 49, 83, C0, 10, 66, 0F, 6F, CB, 66, 0F, 6F, C2, 66, 41, 0F, 74, 08, 66, 41, 0F, 74, 00, 66, 0F, EB... 
[+]

Entropy:

6.1934

Code size:

1.9 MB (1,995,776 bytes)

Service

Display name:

Search Module Plus Update

Service name:

SMUpdPlus

Type:

Win32OwnProcess

The file smu.exe has been discovered within the following program.

Search Module Plus by Goobzo LTD

Goobzo's Search Module Plus is a web browser toolbar/extension that will insert itself into IE, Firefox or Chrome and will modify the search and home page providers of the targeted browser. Once installed Search Module Plus changes Windows host file and DNS settings.

79% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-230-38-173.jfk1.r.cloudfront.net (54.230.38.173:80)

TCP (HTTP):

Connects to server-205-251-251-237.jfk5.r.cloudfront.net (205.251.251.237:80)

TCP (HTTP):

Connects to server-205-251-251-21.jfk5.r.cloudfront.net (205.251.251.21:80)

Remove smu.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.