» spbiw.sys
Overview
Analysis
File Details
Behaviors (1)

spbiw.sys

The file spbiw.sys has been detected as adware by 15 anti-malware scanners. It runs as a Windows kernel mode device driver named “ShopperPro UpdateD”.

File name:

spbiw.sys

MD5:

961e19b18f426fe53b6877a4afb8d863

SHA-1:

8e5b66be4a32ebb2776fa46ef751451e88b0cab5

SHA-256:

3689a05ccc7c0d84f0b842166636a90c38448a476bff84d48e391587be6849b5

Scanner detections:

15 / 68

Status:

Adware

Analysis date:

4/25/2024 5:02:23 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.ShopperPro.M

618

AhnLab V3 Security

PUP/Win32.ShopperPro

2015.05.27

Bitdefender

Adware.ShopperPro.M

1.0.20.735

Emsisoft Anti-Malware

Adware.ShopperPro.M

8.15.05.27.12

ESET NOD32

Win32/ShopperPro.C potentially unwanted (variant)

9.11689

F-Prot

W32/S-b907102d

v6.4.7.1.166

F-Secure

Adware.ShopperPro.M

11.2015-27-05_4

G Data

Adware.ShopperPro

15.5.25

IKARUS anti.virus

PUA.ShopperPro

t3scan.1.8.9.0

MicroWorld eScan

Adware.ShopperPro.M

16.0.0.441

NANO AntiVirus

Trojan.Win32.ShopperPro.dqutuf

0.30.24.1636

nProtect

Adware.ShopperPro.M

15.05.22.01

Reason Heuristics

Adware.Goobzo.ShopperPro

15.5.27.8

SUPERAntiSpyware

Adware.ShopperPro/Variant

9850

Zillya! Antivirus

Trojan.PolyCrypt.Win32.4087

2.0.0.2190

File size:

25.5 KB (26,112 bytes)

File type:

Driver (Win32 SYS)

Common path:

C:\Program Files\common files\shopperpro\spbiw.sys

File PE Metadata

Compilation timestamp:

5/26/2015 7:08:09 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

12.0

CTPH (ssdeep):

384:4koLqSMjsfpZQuFkJilqAec4YODkgTljamyqUFYSVeP8SjfcYb4Kug:4komSV1q2WBkgTl1yqUFrIfb4I

Entry address:

0x8000

Entry point:

55, 8B, EC, 83, E4, F8, 83, EC, 1C, 53, 8B, 1D, 38, 40, 01, 00, 8D, 44, 24, 10, 56, 57, 68, 7C, 44, 01, 00, 33, FF, C7, 44, 24, 14, 00, 00, 00, 00, 50, 89, 7C, 24, 14, 89, 7C, 24, 1C, FF, D3, 8B, 35, 70, 40, 01, 00, 8D, 44, 24, 18, 50, FF, D6, 85, C0, B9, 10, 23, 01, 00, 68, A8, 44, 01, 00, 0F, 44, C1, A3, 9C, 51, 01, 00, 8D, 44, 24, 24, 50, FF, D3, 8D, 44, 24, 20, 50, FF, D6, A3, A0, 51, 01, 00, 39, 3D, 9C, 51, 01, 00, 74, 08, 85, C0, 74, 04, 33, DB, EB, 05, BB, 02, 00, 00, C0, 85, DB, 0F, 88, 66, 01, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

21 KB (21,504 bytes)

Driver

Display name:

ShopperPro UpdateD

Service name:

SPBIUpdd

Type:

Kernel device driver (KernelDriver)

Remove spbiw.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.