» smstub231.exe
Overview
Analysis
File Details

smstub231.exe

Spigot, Inc.

This component is part of the Spigot browser add-on, a web browser addition that is designed to modify the core search provider in order to redirect search queries through partner portals. The application smstub231.exe by Spigot has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the Spigot Setup installer. It is also typically executed from the user's temporary directory.

File name:

smstub231.exe

Publisher:

Spigot, Inc. (signed and verified)

MD5:

61536aae8a9b34371478987fb13060c2

SHA-1:

063debcee39d22b8f1668d7abd25fa220f16c691

SHA-256:

a70983fbed2dca37b91ae1e892f44ffc6304d6a11e1720c9966f36eb3ac27fc0

Scanner detections:

18 / 68

Status:

Adware

Analysis date:

4/19/2024 11:11:29 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.Widgi

7.1.1

Avira AntiVirus

ADWARE/Spigot.Gen7

8.3.2.2

Bkav FE

W32.HfsAdware

1.3.0.7237

Dr.Web

Adware.Spigot.72

9.0.1.0279

ESET NOD32

Win32/Toolbar.Widgi.U potentially unwanted (variant)

9.12362

Fortinet FortiGate

Adware/Agent

10/6/2015

G Data

Win32.Application.Agent.EA7OVN

15.10.25

K7 AntiVirus

Adware

13.210.17434

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.1317

Malwarebytes

PUP.Optional.Spigot

v2015.10.06.02

McAfee

Artemis!61536AAE8A9B

5600.6620

NANO AntiVirus

Riskware.Win32.Agent.dxepjl

0.30.26.3725

Panda Antivirus

PUP/Spigot

15.10.06.02

Qihoo 360 Security

Win32/Virus.Adware.707

1.0.0.1015

Reason Heuristics

PUP.Spigot.Installer (M)

15.10.6.14

Sophos

Spigot Toolbar (PUA)

4.98

SUPERAntiSpyware

PUP.Spigot/Variant

9586

VIPRE Antivirus

Spigot

44322

File size:

449.3 KB (460,120 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Spigot Setup

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\smstub231.exe

Digital Signature

Signed by:

Spigot, Inc.

Authority:

COMODO CA Limited

Valid from:

11/26/2014 5:30:00 AM

Valid to:

11/27/2015 5:29:59 AM

Subject:

CN="Spigot, Inc.", O="Spigot, Inc.", STREET="774 Mays Blvd. #10-456", L=Incline Village, S=NV, PostalCode=89451, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0082841155378106313886B8DA4A06D2B3

File PE Metadata

Compilation timestamp:

2/25/2012 12:49:59 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:pE9nXP96gMrgqjbfAegA23+k6cfK8tHwKMZsMix9:pQf9FMrzb4rA3k6cVtHwKwdi3

Entry address:

0x39E3

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00... 
[+]

Entropy:

7.9376

Packer / compiler:

Nullsoft install system v2.x

Code size:

28 KB (28,672 bytes)

Remove smstub231.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.