home

SearchProtection.exe

Search Protection

Spigot, Inc.

This component is part of the Spigot browser add-on, a web browser addition that is designed to modify the core search provider in order to redirect search queries through partner portals. The application SearchProtection.exe by Spigot has been detected as adware by 7 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘SearchProtection’. This file is typically installed with the program Search Protection by Spigot, Inc. which is a potentially unwanted software program.
Publisher:
Spigot, Inc.  (signed and verified)

Product:
Search Protection

Version:
9, 4, 0, 2

MD5:
fa24303230bdddcf37c785760f907ecd

SHA-1:
accadf2e1dbd86f2ac8dcb470f3304336ddfb5d8

SHA-256:
6f016b13929c0fc4eef5f88478a9f86cf806c34c98b6529847cdcea842752c69

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
4/18/2024 10:27:19 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Trash.Gen
7.11.154.136

Baidu Antivirus
PUA.Win32.Widgi
4.0.3.1487

Dr.Web
Trojan.Damaged.1
9.0.1.0219

ESET NOD32
Win32/Toolbar.Widgi (variant)
8.9119

Malwarebytes
PUP.Optional.Spigot
v2014.08.07.09

Reason Heuristics
PUP.Startup.Spigot.Q
14.8.7.21

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10435

File size:
827.4 KB (847,208 bytes)

Product version:
9, 4, 0, 2

Copyright:
Copyright © 2005-2014 Spigot, Inc.

Original file name:
SearchProtection.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\search protection\searchprotection.exe

Digital Signature
Signed by:
Spigot, Inc.

Authority:
VeriSign, Inc.

Valid from:
2/25/2012 6:00:00 PM

Valid to:
3/28/2015 6:59:59 PM

Subject:
CN="Spigot, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Spigot, Inc.", L=El Granada, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
494FF8E91607158CD480B23C615CFF8B

File PE Metadata
Compilation timestamp:
6/18/2014 12:59:37 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:zkagOQkKdfWk3CF1V1HKclvDvGrs5T+qCPgV1AD813RdwU0sosvlpop:zpYOygHRKclv/YPPD813Ecpo

Entry address:
0x6E515

Entry point:
E8, C5, 88, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 33, C0, 39, 45, 0C, 76, 11, 8B, 4D, 08, 66, 83, 39, 00, 74, 08, 40, 41, 41, 3B, 45, 0C, 72, F2, 5D, C3, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, F0, 33, DB, 3B, F3, 75, 1E, E8, 51, 2E, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, 10, F4, FF, FF, 83, C4, 14, 8B, C6, E9, C2, 00, 00, 00, 57, 39, 5D, 0C, 77, 1E, E8, 2D, 2E, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, EC, F3, FF, FF, 83, C4, 14, 8B, C6, E9, 9D, 00, 00, 00, 33, C0, 39, 5D, 14...
 
[+]

Entropy:
6.3070

Code size:
551.5 KB (564,736 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SearchProtection

Command:
"C:\users\{user}\appdata\roaming\search protection\searchprotection.exe" \autostart


The file SearchProtection.exe has been discovered within the following programs.

Search Protection  by Spigot, Inc.
Publisher's description - “The Spigot Search Settings is an application which is part of the Spigot Toolbar. Spigot searchsettings.”
www.spigot.com
82% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 174.36.215.20-static.reverse.softlayer.com  (174.36.215.20:80)

TCP (HTTP):
Connects to autoupdate.spigot.com  (108.59.13.14:80)

TCP (HTTP):
Connects to 25.1a.36a9.ip4.static.sl-reverse.com  (169.54.26.37:80)

TCP (HTTP):
Connects to autopdate.spigot.com  (108.59.13.13:80)

TCP (HTTP):
Connects to 2e.1a.36a9.ip4.static.sl-reverse.com  (169.54.26.46:80)

Remove SearchProtection.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.