» spbiw.sys
Overview
Analysis
File Details
Behaviors (1)

spbiw.sys

Shopper-Pro (GOOBZO LTD)

The file spbiw.sys by Shopper-Pro (GOOBZO) has been detected as adware by 6 anti-malware scanners. It runs as a Windows 64-bit kernel mode device driver named “ShopperPro UpdateD”.

File name:

spbiw.sys

Publisher:

Shopper-Pro (GOOBZO LTD) (signed and verified)

MD5:

8fc921ecd85dfc1e58ef311f0c5a0979

SHA-1:

236216c1fdbb2b7dafb5340471326b58c00d5cde

SHA-256:

4863893b913638a73a00a8e957147f6df957e49ca5589b535e7940f829ac6591

Scanner detections:

6 / 68

Status:

Adware

Analysis date:

4/24/2024 10:39:32 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2016.0.3029

Bkav FE

W64.HfsAdware

1.3.0.6979

IKARUS anti.virus

PUA.SBWatchman

t3scan.1.9.5.0

Reason Heuristics

Adware.Goobzo.ShopperPro (M)

15.8.2.14

VIPRE Antivirus

Goobzo

42480

Zillya! Antivirus

Downloader.Agent.Win32.230505

2.0.0.2320

File size:

40.7 KB (41,632 bytes)

File type:

Driver (Win64 SYS)

Common path:

C:\Program Files\common files\shopperpro\spbiw.sys

Digital Signature

Signed by:

Shopper-Pro (GOOBZO LTD)

Authority:

COMODO CA Limited

Valid from:

2/11/2015 12:00:00 AM

Valid to:

12/31/2015 11:59:59 PM

Subject:

CN=Shopper-Pro (GOOBZO LTD), O=Shopper-Pro (GOOBZO LTD), STREET="Bldg #15 Matam", L=Haifa, S=Haifa, PostalCode=31905, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E616C6CD7010C197E7228F66F5B286BB

File PE Metadata

Compilation timestamp:

7/31/2015 2:09:01 AM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

12.0

CTPH (ssdeep):

768:OtYCVZuGYGqUqqzgdtsNW4cTr0R8oiYqo3KcRBoWCevCb2yRyaujueHV:O3YYzSIUcT3nVXhQaic

Entry address:

0xB000

Entry point:

48, 89, 5C, 24, 08, 55, 56, 57, 48, 83, EC, 30, 33, FF, 33, ED, 48, 8B, F1, 48, 89, 7C, 24, 68, 48, 89, 6C, 24, 20, 48, C7, 44, 24, 60, 00, 00, 00, 00, E8, 65, 7C, FF, FF, 8B, D8, 85, C0, 0F, 88, ED, 00, 00, 00, 4C, 8D, 4C, 24, 60, 8D, 57, 01, 44, 8D, 47, 20, 48, 8B, CE, FF, 15, CE, A0, FF, FF, 8B, D8, 85, C0, 0F, 88, CE, 00, 00, 00, 48, 8B, 4C, 24, 60, 8D, 57, 01, 41, B0, 01, 89, 79, 18, FF, 15, C0, 9F, FF, FF, 48, 8D, 54, 24, 68, 48, 8B, CE, E8, 8B, 83, FF, FF, 8B, D8, 85, C0, 0F, 88, 9E, 00, 00, 00, 48... 
[+]

Code size:

26 KB (26,624 bytes)

Driver

Display name:

ShopperPro UpdateD

Service name:

SPBIUpdd

Type:

Kernel device driver (KernelDriver)

Remove spbiw.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.