» ApplicationUpdater.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

ApplicationUpdater.exe

Application Updater

Spigot, Inc.

This component is part of the Spigot browser add-on, a web browser addition that is designed to modify the core search provider in order to redirect search queries through partner portals. The application ApplicationUpdater.exe by Spigot has been detected as adware by 15 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Application Updater”. While running, it connects to the Internet address 14.d7.24ae.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.

File name:

Publisher:

Spigot, Inc. (signed and verified)

Product:

Application Updater

Version:

21, 9, 0, 5

MD5:

2ea22345aa9048d4fb8ab2990a20e21d

SHA-1:

8aff602cbb810df5b1ed0b725d770494548a346f

SHA-256:

0ad0119600c471a26a6f5cb5952fcb2c4fa551e55fb25c5175bf4b8c93328085

Scanner detections:

15 / 68

Status:

Adware

Analysis date:

4/23/2024 6:30:01 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/Spigot.Gen

8.3.1.6

AVG

Generic_r

2016.0.3041

Baidu Antivirus

PUA.Win32.Widgi

4.0.3.15721

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Adware.Spigot.76

9.0.1.0202

ESET NOD32

Win32/Toolbar.Widgi.G potentially unwanted (variant)

9.11942

Fortinet FortiGate

Riskware/Widgi

7/21/2015

K7 AntiVirus

Adware

13.204.16076

Malwarebytes

PUP.Optional.Spigot.A

v2015.07.21.03

McAfee

Artemis!330124C63BB1

5600.6697

Panda Antivirus

PUP/Spigot

15.07.21.03

Reason Heuristics

PUP.Spigot (M)

15.7.21.15

Sophos

Spigot Toolbar

4.98

Trend Micro House Call

Suspicious_GEN.F47V0528

7.2.202

VIPRE Antivirus

Spigot

42020

File size:

920.2 KB (942,256 bytes)

Product version:

21, 9, 0, 5

Original file name:

ApplicationUpdater.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\application updater\applicationupdater.exe

Digital Signature

Signed by:

Spigot, Inc.

Authority:

COMODO CA Limited

Valid from:

11/26/2014 8:00:00 AM

Valid to:

11/27/2015 7:59:59 AM

Subject:

CN="Spigot, Inc.", O="Spigot, Inc.", STREET="774 Mays Blvd. #10-456", L=Incline Village, S=NV, PostalCode=89451, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0082841155378106313886B8DA4A06D2B3

File PE Metadata

Compilation timestamp:

7/18/2015 3:03:17 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

24576:zJx3SxQD33iRQUEmeLRU0veAbs2/TB50UqkYAsqx+KjZ:3MQjy/EmetjeAbxkUqkYAsqx+KjZ

Entry address:

0x856D3

Entry point:

E8, 28, 9C, 00, 00, E9, A5, FE, FF, FF, 8B, FF, 55, 8B, EC, 8D, 45, 14, 50, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, C8, 04, 00, 00, 83, C4, 14, 5D, C3, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, E4, 37, 4D, 00, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, D6, 9C, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9, 02, 83... 
[+]

Entropy:

6.5542

Code size:

680.5 KB (696,832 bytes)

Service

Display name:

Application Updater

Description:

Automatically downloads and installs application updates.

Type:

Win32OwnProcess

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 14.d7.24ae.ip4.static.sl-reverse.com (174.36.215.20:80)

Remove ApplicationUpdater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.