» spbiu.exe
Overview
Analysis
File Details
Behaviors (1)

spbiu.exe

SBWatchman

Shopper-Pro (GOOBZO LTD)

The application spbiu.exe, “ShopperPro Update Service” by Shopper-Pro (GOOBZO) has been detected as adware by 31 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “ShopperPro Update”.

File name:

spbiu.exe

Publisher:

ShopperPro (signed by Shopper-Pro (GOOBZO LTD))

Product:

SBWatchman

Description:

ShopperPro Update Service

Version:

1.4.0.0

MD5:

ba9096229c7126a544a772e8f66aa4ea

SHA-1:

5caf3e1ee93d1c26839ac8aaf741c696ea36c9e5

SHA-256:

69f13c659f92c1c3ed53d042f44ef7095238ac3d4f5fa9a622721396e636832f

Scanner detections:

31 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

5/9/2024 11:26:20 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.1180160

551

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.CrossRider

2015.06.20

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

avast!

Win64:PUP-gen [PUP]

2014.9-150802

AVG

Generic6

2016.0.3029

Baidu Antivirus

PUA.Win64.SBWatchman

4.0.3.1582

Bitdefender

Adware.Generic.1180160

1.0.20.1070

Bkav FE

W64.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Agent-38124

0.98/21511

Dr.Web

Adware.Plugin.209

9.0.1.0214

Emsisoft Anti-Malware

Adware.Generic.1180160

8.15.08.02.02

ESET NOD32

Win64/SBWatchman.A potentially unwanted (variant)

9.11812

Fortinet FortiGate

Adware/SBWatchman

8/2/2015

F-Secure

Gen:Variant.Adware.Graftor

11.2015-02-08_1

G Data

Win64.Application.Agent.E3MAKJ

15.8.25

herdProtect (fuzzy)

variant of unp75778407.tmp (Adware)

2015.9.7.7

IKARUS anti.virus

PUA.MSIL.SBWatchman

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.203.15859

Malwarebytes

PUP.Optional.Goobzo

v2015.08.02.02

McAfee

Artemis!D4F56603D406

5600.6685

MicroWorld eScan

Adware.Generic.1180160

16.0.0.642

NANO AntiVirus

Riskware.Win64.Siggen.dqlnqv

0.30.24.1357

Panda Antivirus

Adware/Goobzo

15.08.02.02

Qihoo 360 Security

Win32/Virus.Downloader.310

1.0.0.1015

Reason Heuristics

Adware.Goobzo.ShopperPro (M)

15.8.2.14

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

9716

Trend Micro House Call

Suspicious_GEN.F47V0323

7.2.214

Trend Micro

TROJ_GEN.R047C0OCP15

10.465.02

VIPRE Antivirus

Adware.Goobzo

41270

Zillya! Antivirus

Downloader.Agent.Win32.236996

2.0.0.2237

File size:

2.2 MB (2,346,416 bytes)

Product version:

1.4.0.0

Original file name:

spbiu.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\common files\shopperpro\spbiu.exe

Digital Signature

Signed by:

Shopper-Pro (GOOBZO LTD)

Authority:

COMODO CA Limited

Valid from:

2/11/2015 12:00:00 AM

Valid to:

12/31/2015 11:59:59 PM

Subject:

CN=Shopper-Pro (GOOBZO LTD), O=Shopper-Pro (GOOBZO LTD), STREET="Bldg #15 Matam", L=Haifa, S=Haifa, PostalCode=31905, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E616C6CD7010C197E7228F66F5B286BB

File PE Metadata

Compilation timestamp:

7/31/2015 2:09:56 AM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

12.0

CTPH (ssdeep):

49152:uj38calhhKz27B4TyQw09uYKVlIwqkV4emSXXwqTc7HCh60GF:YOlD4twH9Xn5E

Entry address:

0x14C8D0

Entry point:

48, 83, EC, 28, E8, 5B, F8, 00, 00, 48, 83, C4, 28, E9, 42, FE, FF, FF, CC, CC, 48, 83, EC, 58, 48, 8B, 05, C9, 4E, 0D, 00, 48, 33, C4, 48, 89, 44, 24, 40, 33, C0, 4C, 8B, D2, 4C, 8B, C9, 48, 83, F8, 20, 73, 7A, C6, 44, 04, 20, 00, 48, FF, C0, 48, 83, F8, 20, 7C, F0, 8A, 02, EB, 22, 44, 0F, B6, C0, 0F, B6, C0, BA, 01, 00, 00, 00, 83, E0, 07, 49, C1, E8, 03, 8A, C8, D2, E2, 42, 08, 54, 04, 20, 49, FF, C2, 41, 8A, 02, 84, C0, 75, DA, EB, 1F, 41, 0F, B6, C8, 41, 0F, B6, C0, BA, 01, 00, 00, 00, 83, E1, 07, 48... 
[+]

Code size:

1.6 MB (1,682,944 bytes)

Service

Display name:

ShopperPro Update

Service name:

SPBIUpd

Type:

Win32OwnProcess

Remove spbiu.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.