» SearchProtection.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (5)

SearchProtection.exe

Search Protection

Spigot, Inc.

This component is part of the Spigot browser add-on, a web browser addition that is designed to modify the core search provider in order to redirect search queries through partner portals. The application SearchProtection.exe by Spigot has been detected as adware by 7 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘SearchProtection’. This file is typically installed with the program Search Protection by Spigot, Inc. which is a potentially unwanted software program.

File name:

Publisher:

Spigot, Inc. (signed and verified)

Product:

Search Protection

Version:

7, 5, 0, 1

MD5:

a9c71d2c838ddce573888d82b3e17a8b

SHA-1:

2c7c651d15d2771ee89e1fcf9148b071f5980b0e

SHA-256:

3f95dd81df4e27e1097104de2544a478c4174b2a6366a7ea1ee92545d2805c42

Scanner detections:

7 / 68

Status:

Adware

Analysis date:

5/14/2024 5:17:30 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Trash.Gen

7.11.154.136

Baidu Antivirus

PUA.Win32.Widgi

4.0.3.1487

Dr.Web

Trojan.Damaged.1

9.0.1.0272

ESET NOD32

Win32/Toolbar.Widgi (variant)

7.9119

Malwarebytes

PUP.Optional.Spigot

v2014.08.07.09

Reason Heuristics

PUP.Startup.Spigot.Q

14.8.7.21

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10330

File size:

812.9 KB (832,360 bytes)

Product version:

7, 5, 0, 1

Original file name:

SearchProtection.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\search protection\searchprotection.exe

Digital Signature

Signed by:

Spigot, Inc.

Authority:

VeriSign, Inc.

Valid from:

2/25/2012 7:00:00 PM

Valid to:

3/28/2015 7:59:59 PM

Subject:

CN="Spigot, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Spigot, Inc.", L=El Granada, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

494FF8E91607158CD480B23C615CFF8B

File PE Metadata

Compilation timestamp:

9/3/2013 5:17:20 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:xVylBkz1tKdYlbYPl5kjAjLlQybexNOjZ8zvxj8eYG6dwDs6Z/p:xV0kDcY1YnkjAlQYd8tj8e75sM/

Entry address:

0x6BDE5

Entry point:

E8, C5, 88, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 33, C0, 39, 45, 0C, 76, 11, 8B, 4D, 08, 66, 83, 39, 00, 74, 08, 40, 41, 41, 3B, 45, 0C, 72, F2, 5D, C3, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, F0, 33, DB, 3B, F3, 75, 1E, E8, 51, 2E, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, 10, F4, FF, FF, 83, C4, 14, 8B, C6, E9, C2, 00, 00, 00, 57, 39, 5D, 0C, 77, 1E, E8, 2D, 2E, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, EC, F3, FF, FF, 83, C4, 14, 8B, C6, E9, 9D, 00, 00, 00, 33, C0, 39, 5D, 14... 
[+]

Entropy:

6.2971

Code size:

540.5 KB (553,472 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

SearchProtection

Command:

"C:\users\{user}\appdata\roaming\search protection\searchprotection.exe" \autostart

The file SearchProtection.exe has been discovered within the following programs.

Search Protection by Spigot, Inc.

Publisher's description - “The Spigot Search Settings is an application which is part of the Spigot Toolbar. Spigot searchsettings.”

www.spigot.com

82% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to autoupdate.spigot.com (108.59.13.14:80)

TCP (HTTP):

Connects to autopdate.spigot.com (108.59.13.13:80)

TCP (HTTP):

Connects to 174.36.215.20-static.reverse.softlayer.com (174.36.215.20:80)

TCP (HTTP):

Connects to static.67.70.4.46.clients.your-server.de (46.4.70.67:80)

TCP (HTTP):

Connects to 2b.1a.36a9.ip4.static.sl-reverse.com (169.54.26.43:80)

Remove SearchProtection.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.