home

SearchProtection.exe

Search Protection

Spigot, Inc.

This component is part of the Spigot browser add-on, a web browser addition that is designed to modify the core search provider in order to redirect search queries through partner portals. The application SearchProtection.exe by Spigot has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the Spigot Setup installer. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘SearchProtection’. This file is typically installed with the program Search Protection by Spigot, Inc. which is a potentially unwanted software program.
Publisher:
Spigot, Inc.  (signed and verified)

Product:
Search Protection

Version:
8, 5, 0, 3

MD5:
23da60b2978d0c9779f2db8a929d0c72

SHA-1:
a09fab48432ffd02544c216ed3a81be69f939987

SHA-256:
b8b2614bf2a38a0dff1484665fe8e1a1d7ee7249546e914dd142a6d3c366e68e

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
4/25/2024 11:15:43 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.Widgi
4.0.3.1487

ESET NOD32
Win32/Toolbar.Widgi (variant)
8.9091

Malwarebytes
PUP.Optional.Spigot
v2014.08.07.09

Reason Heuristics
PUP.Startup.Spigot.Q
14.8.7.21

File size:
819.3 KB (838,984 bytes)

Product version:
8, 5, 0, 3

Copyright:
Copyright © 2005-2013 Spigot, Inc.

Original file name:
SearchProtection.exe

File type:
Executable application (Win32 EXE)

Installer:
Spigot Setup

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\search protection\searchprotection.exe

Digital Signature
Signed by:
Spigot, Inc.

Authority:
VeriSign, Inc.

Valid from:
2/26/2012 1:00:00 AM

Valid to:
3/29/2015 12:59:59 AM

Subject:
CN="Spigot, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Spigot, Inc.", L=El Granada, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
494FF8E91607158CD480B23C615CFF8B

File PE Metadata
Compilation timestamp:
1/16/2014 3:14:39 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:j4E/6sqp4eOEex9agL0+4cJnIsy40X4YficS+439vedwvhouCeOMU:0xnp471XagucJwFxi1d39vVhoLB

Entry address:
0x6D3B5

Entry point:
E8, A5, 8B, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 56, 8D, 45, FC, 50, FF, 75, 0C, FF, 75, 08, E8, 1C, 8C, 00, 00, 8B, F0, 83, C4, 0C, 85, F6, 75, 18, 39, 45, FC, 74, 13, E8, 23, 31, 00, 00, 85, C0, 74, 0A, E8, 1A, 31, 00, 00, 8B, 4D, FC, 89, 08, 8B, C6, 5E, C9, C3, 8B, FF, 55, 8B, EC, 33, C0, 39, 45, 0C, 76, 11, 8B, 4D, 08, 66, 83, 39, 00, 74, 08, 40, 41, 41, 3B, 45, 0C, 72, F2, 5D, C3, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, F0, 33, DB, 3B, F3, 75, 1E, E8, DC, 30, 00, 00, 6A, 16...
 
[+]

Packer / compiler:
PEQuake V0.06

Code size:
546.5 KB (559,616 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SearchProtection

Command:
"C:\users\{user}\appdata\roaming\search protection\searchprotection.exe" \autostart


The file SearchProtection.exe has been discovered within the following programs.

Search Protection  by Spigot, Inc.
Publisher's description - “The Spigot Search Settings is an application which is part of the Spigot Toolbar. Spigot searchsettings.”
www.spigot.com
82% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to autoupdate.spigot.com  (108.59.13.15:80)

TCP (HTTP):
Connects to ir1.fp.vip.gq1.yahoo.com  (206.190.36.45:80)

TCP (HTTP):
Connects to autopdate.spigot.com  (108.59.13.13:80)

TCP (HTTP):
Connects to 174.36.215.20-static.reverse.softlayer.com  (174.36.215.20:80)

Remove SearchProtection.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.