home

ApplicationUpdater.exe

Application Updater

Spigot, Inc.

This component is part of the Spigot browser add-on, a web browser addition that is designed to modify the core search provider in order to redirect search queries through partner portals. The application ApplicationUpdater.exe by Spigot has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the Spigot Setup installer. It runs as a separate (within the context of its own process) windows Service named “Application Updater”. While running, it connects to the Internet address 2b.1a.36a9.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Spigot, Inc.  (signed and verified)

Product:
Application Updater

Version:
22, 1, 0, 2

MD5:
e79fbe5b64812023e07883ba743d8bcf

SHA-1:
7269337804443555a0b17defc76eba6e6a0d065d

SHA-256:
bc37b39493e3ced2c96c2deefba798d183fb8bfed6df6c72dc19dd5907e3e612

Scanner detections:
15 / 68

Status:
Adware

Analysis date:
4/26/2024 12:22:08 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Spigot.Gen
8.3.1.6

AVG
Generic_r
2016.0.3016

Baidu Antivirus
PUA.Win32.Widgi
4.0.3.15815

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Spigot.76
9.0.1.0227

ESET NOD32
Win32/Toolbar.Widgi.G potentially unwanted (variant)
9.12090

Fortinet FortiGate
Riskware/Widgi
8/15/2015

K7 AntiVirus
Adware
13.204.16076

Malwarebytes
PUP.Optional.Spigot.A
v2015.08.15.06

McAfee
Artemis!330124C63BB1
5600.6672

Panda Antivirus
PUP/Spigot
15.08.15.06

Reason Heuristics
PUP.Spigot.Installer (M)
15.8.15.18

Sophos
Spigot Toolbar (PUA)
4.98

Trend Micro House Call
Suspicious_GEN.F47V0528
7.2.227

VIPRE Antivirus
Spigot
42858

File size:
924.2 KB (946,352 bytes)

Product version:
22, 1, 0, 2

Copyright:
Copyright © 2005-2015 Spigot, Inc.

Original file name:
ApplicationUpdater.exe

File type:
Executable application (Win32 EXE)

Installer:
Spigot Setup

Language:
English (United States)

Common path:
C:\Program Files\application updater\applicationupdater.exe

Digital Signature
Signed by:
Spigot, Inc.

Authority:
COMODO CA Limited

Valid from:
11/25/2014 7:00:00 PM

Valid to:
11/26/2015 6:59:59 PM

Subject:
CN="Spigot, Inc.", O="Spigot, Inc.", STREET="774 Mays Blvd. #10-456", L=Incline Village, S=NV, PostalCode=89451, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0082841155378106313886B8DA4A06D2B3

File PE Metadata
Compilation timestamp:
8/11/2015 9:59:55 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
24576:9zmpvtJBmMTgFFPLetlyjT+Sg475w0sH9H7ixYaFNwDbGmOuqQM1:cdmPKyjT+SrHe9H7iu2wDbGmO/QM1

Entry address:
0x86153

Entry point:
E8, D7, 9B, 00, 00, E9, A5, FE, FF, FF, 8B, FF, 55, 8B, EC, 8D, 45, 14, 50, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, C8, 04, 00, 00, 83, C4, 14, 5D, C3, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, E4, 47, 4D, 00, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, 85, 9C, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9, 02, 83...
 
[+]

Code size:
683.5 KB (699,904 bytes)

Service
Display name:
Application Updater

Description:
Automatically downloads and installs application updates.

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 14.d7.24ae.ip4.static.sl-reverse.com  (174.36.215.20:80)

TCP (HTTP):
Connects to 25.1a.36a9.ip4.static.sl-reverse.com  (169.54.26.37:80)

TCP (HTTP):
Connects to 2c.1a.36a9.ip4.static.sl-reverse.com  (169.54.26.44:80)

TCP (HTTP):
Connects to 2b.1a.36a9.ip4.static.sl-reverse.com  (169.54.26.43:80)

TCP (HTTP):
Connects to 2e.1a.36a9.ip4.static.sl-reverse.com  (169.54.26.46:80)

Remove ApplicationUpdater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.