» browserextensionssetupuac.exe
Overview
Analysis
File Details

browserextensionssetupuac.exe

Spigot, Inc.

This component is part of the Spigot browser add-on, a web browser addition that is designed to modify the core search provider in order to redirect search queries through partner portals. The application browserextensionssetupuac.exe by Spigot has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the Spigot Setup installer. It is also typically executed from the user's temporary directory.

File name:

Publisher:

Spigot, Inc. (signed and verified)

Version:

2.6

MD5:

0de4c6e8455c4c5c62a1ed15c124e317

SHA-1:

457e7594acf02699235dc9db872e4cea10691446

SHA-256:

aa84a26d5fa5e010a50dda4e865ad81540f5c84965708f595530d41476547977

Scanner detections:

4 / 68

Status:

Adware

Analysis date:

4/20/2024 11:25:00 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Spigot.40

9.0.1.061

ESET NOD32

Win32/Toolbar.Widgi.H potentially unwanted

9.11252

Reason Heuristics

PUP.Installer.Spigot

15.3.2.3

Trend Micro House Call

Suspicious_GEN.F47V0126

7.2.61

File size:

451.1 KB (461,968 bytes)

Product version:

2.6

File type:

Executable application (Win32 EXE)

Installer:

Spigot Setup

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\browserextensionssetupuac.exe

Digital Signature

Signed by:

Spigot, Inc.

Authority:

COMODO CA Limited

Valid from:

11/26/2014 8:00:00 AM

Valid to:

11/27/2015 7:59:59 AM

Subject:

CN="Spigot, Inc.", O="Spigot, Inc.", STREET="774 Mays Blvd. #10-456", L=Incline Village, S=NV, PostalCode=89451, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0082841155378106313886B8DA4A06D2B3

File PE Metadata

Compilation timestamp:

2/25/2012 3:19:59 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:6EUXsgSpAKtCbxn4Z4lxE/1dpIOTCjce55die/hr0k24/w4OHxqXC+yy8QX:6EewAKsbx4u8ddiqMDhr0k2J4M+7d

Entry address:

0x39E3

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00... 
[+]

Entropy:

7.4185

Packer / compiler:

Nullsoft install system v2.x

Code size:

28 KB (28,672 bytes)

Remove browserextensionssetupuac.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.