» ApplicationUpdater.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

ApplicationUpdater.exe

Application Updater

Spigot, Inc.

This component is part of the Spigot browser add-on, a web browser addition that is designed to modify the core search provider in order to redirect search queries through partner portals. The application ApplicationUpdater.exe has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the Spigot Setup installer, however the file is not signed with an authenticode signature from a trusted source. It runs as a separate (within the context of its own process) windows Service named “Application Updater”.

File name:

Publisher:

Spigot, Inc.

Product:

Application Updater

Version:

6, 6, 0, 4

MD5:

2c349460e40ef6b9604d774aaf367730

SHA-1:

7bb20ac45d08cb5c55227e135926bf6a8e24ccd1

SHA-256:

18a86d0e2f7b8a4b546617edd18cc95daf046755c262b9cea051bb9d4e54f8a5

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

5/5/2024 6:09:18 AM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Optional.Service.Spigot.S

188163

Reason Heuristics

PUP.Updater.Installer.Spigot

15.4.21.11

File size:

775 KB (793,600 bytes)

Product version:

6, 6, 0, 4

Original file name:

ApplicationUpdater.exe

File type:

Executable application (Win32 EXE)

Installer:

Spigot Setup

Common path:

C:\Program Files\application updater\applicationupdater.exe

File PE Metadata

Compilation timestamp:

11/28/2012 6:34:16 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

12288:N5GtVu58udGq2oVmErMPuHeSFdaYw6G4JKrnddrB++/jNdwxheOR:HGsdGrmmCMWHeqw6SDddrBliR

Entry address:

0x71D38

Entry point:

E8, 02, 88, 00, 00, E9, A5, FE, FF, FF, 8B, FF, 55, 8B, EC, 8D, 45, 14, 50, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, FD, 00, 00, 00, 83, C4, 14, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 14, 75, 20, E8, EE, 62, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 05, F3, FF, FF, 83, C4, 14, 83, C8, FF, E9, C5, 00, 00, 00, 56, 8B, 75, 0C, 57, 8B, 7D, 10, 3B, FB, 74, 24, 3B, F3, 75, 20, E8, BE, 62, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, D5, F2, FF, FF, 83, C4, 14... 
[+]

Code size:

579.5 KB (593,408 bytes)

Service

Display name:

Application Updater

Description:

Automatically downloads and installs application updates.

Type:

Win32OwnProcess

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 14.d7.24ae.ip4.static.sl-reverse.com (174.36.215.20:80)

Remove ApplicationUpdater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.