home

perfh009.dat

Widgi Toolbar

Spigot, Inc.

This component is part of the Spigot browser add-on, a web browser addition that is designed to modify the core search provider in order to redirect search queries through partner portals. The file perfh009.dat by Spigot has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Spigot, Inc.  (signed and verified)

Product:
Widgi Toolbar

Version:
5, 0, 0, 6

MD5:
c4b4e7d397764488ee9edbbde227c4ba

SHA-1:
1badacc509311b47e00b82f8b46c2e7ad9eac053

SHA-256:
b491b4cf0a67f6a16c1dca7b89ab2e287ceee7ceb282d28d473d6963db97e0ee

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/8/2024 10:39:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Spigot (M)
16.10.22.11

File size:
593 KB (607,190 bytes)

Product version:
5, 0, 0, 6

Copyright:
Copyright © 2005-2012 Spigot, Inc.

Original file name:
WidgiInstallHelper.dll

Common path:
C:\Windows\System32\perfh009.dat

Digital Signature
Signed by:
Spigot, Inc.

Authority:
VeriSign, Inc.

Valid from:
3/29/2011 3:00:00 AM

Valid to:
3/29/2012 2:59:59 AM

Subject:
CN="Spigot, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Spigot, Inc.", L=El Granada, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
205AA0CBA0AA4891C4AF524CA2EE072C

File PE Metadata
Compilation timestamp:
2/6/2012 6:55:57 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:sju2fo6C8FeP1mebueHexfSW6RO4m7jEoqdwOWHpk9:sju2guFeo4ueHK97jEocWHpk9

Entry address:
0x5DCDE

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 46, 87, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 10, 75, 20, E8, C9, 11, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 29, ED, FF, FF, 83, C4, 14, 83, C8, FF, E9, A1, 00, 00, 00, 8B, 45, 0C, 56, 8B, 75, 08, 3B, C3, 74, 21, 3B, F3, 75, 1D, E8, 9A, 11, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, FA, EC, FF, FF, 83, C4, 14, 83, C8, FF, EB, 74, C7...
 
[+]

Entropy:
6.6342

Code size:
450.5 KB (461,312 bytes)

Remove perfh009.dat - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.