iobitappstoolbar.exe

IObit Apps Toolbar v8.5

Spigot, Inc.

The application iobitappstoolbar.exe, “Setup Launcher Unicode” by Spigot has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.
Publisher:
Spigot, Inc.  (signed and verified)

Product:
IObit Apps Toolbar v8.5

Description:
Setup Launcher Unicode

Version:
8.5

MD5:
611d7fab75e87133cf809312243f605f

SHA-1:
b9a338eccada4add82581e6efb96e9998b6f8b90

SHA-256:
408a2d5850536e83b78ce26bb3c726efb45f439604ae374fc009bd6848b2f204

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
8/8/2014 1:09:54 AM UTC  (26 days ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.Spigot.Q
14.8.7.21

File size:
5.2 MB (5,500,880 bytes)

Product version:
8.5

Copyright:
Copyright © 2005-2013 Spigot, Inc.

Original file name:
InstallShield Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\temp\iobitappstoolbar.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
2/25/2012 9:00:00 AM

Valid to:
3/28/2015 8:59:59 AM

Subject:
CN="Spigot, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Spigot, Inc.", L=El Granada, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
494FF8E91607158CD480B23C615CFF8B

File PE Metadata
Compilation timestamp:
4/24/2012 10:16:12 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:XnA5OLieju6rZPpdZto0gaCg7aC06q21C/k84fRUUFBwabQ/zhzP:3A50jhPpdZto09BO5t21KUhFBEtz

Entry address:
0x6AABB

Entry point:
E8, 6E, 27, 01, 00, E9, 79, FE, FF, FF, 85, C0, 74, 0D, 33, C9, 85, C0, 0F, 9F, C1, 8D, 4C, 09, FF, 8B, C1, C3, 0F, B6, 00, 0F, B6, 09, 2B, C1, 74, 0D, 33, C9, 85, C0, 0F, 9F, C1, 8D, 4C, 09, FF, 8B, C1, C3, 66, 8B, 06, 66, 3B, 01, 74, 35, 0F, B6, 11, 0F, B6, C0, 2B, C2, 74, 11, 33, D2, 85, C0, 0F, 9F, C2, 8D, 54, 12, FF, 8B, C2, 85, C0, 75, 1C, 0F, B6, 46, 01, 0F, B6, 49, 01, 2B, C1, 74, 10, 33, C9, 85, C0, 0F, 9F, C1, 8D, 4C, 09, FF, 8B, C1, C3, 33, C0, C3, 8B, 06, 3B, 01, 74, 6F, 0F, B6, 11, 0F, B6, C0...
 
[+]

Code size:
697 KB (713,728 bytes)

1 / 68      (Adware)
iobitappstoolbar.exe  8.5  (cf15522d1258e8eb9579636d352075e768152631)

3 / 68      (Adware)
wth163.dll  (8d388e96dd2826ed5a7af349e8f0009d05ab4b5f)

9 / 68      (Adware)
ApplicationUpdater.exe  (898aadfce61761cf221c8e20bbfa8980b94a5437)

11 / 68    (Adware)
SearchSettings.exe  (a7f8d70816b7a109c3e547aac73d1b96ec5166a5)

2 / 68      (Adware)
Coupons.dll  (54c4467a3d5b3b069fc8c0e85e1060e2cd739246)

6 / 68      (Adware)
ytdtoolbarie.dll  (48b5d4bfd6a336a1a090a1f4036331b003ef79db)

3 / 68      (Adware)
youtubedownloadertoolbar-stub-1.exe  (4b75d6be75d8d6b969b84686b998c105e6a82405)

2 / 68      (Adware)
wth164.dll  (08b8a42ca2352b577cbc00181289a73e2a136885)

3 / 68      (Adware)
CouponsHelper.exe  (0134850f2c7ba78487260e09c899f55c6438df81)

3 / 68      (Adware)
dealiotoolbar.exe  (04110902eebcf5c67e4351d8d7f5bb08b1ba69df)

2 / 68      (Adware)
wth172.dll  (61717591cec145973acf703b4c1662fc230a2f4f)

1 / 68      (Adware)
vuzetoolbar.exe  (c9af496e61057836414acd3c19b7328f4789847f)

1 / 68      (Adware)
ytdtoolbar.exe  (600e9c0b75d7c9cc6afb3a6a5d883d3087565384)

5 / 68      (Adware)
SearchProtection.exe  (2c7c651d15d2771ee89e1fcf9148b071f5980b0e)

1 / 68      (Adware)
wth173.dll  (6d7091e72fe35711c31fe0794c598b3ac8479e9c)

4 / 68      (Adware)
iobitappstoolbarff.dll  (6868496c6e591a1aec167726bf79ef96f87750f1)

5 / 68      (Adware)
iobitappstoolbarie.dll  (5d5a6e64337e00c433aa77fd7a4ec2d7d3d19e39)

Detection Incidence by Country