home

tmp0000000d8fbc06cf2b3b03f0

Widgi Toolbar

Spigot, Inc.

This component is part of the Spigot browser add-on, a web browser addition that is designed to modify the core search provider in order to redirect search queries through partner portals. The file tmp0000000d8fbc06cf2b3b03f0, “WTH Dynamic Link Library” by Spigot has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Spigot, Inc.  (signed and verified)

Product:
Widgi Toolbar

Description:
WTH Dynamic Link Library

Version:
5, 0, 0, 6

MD5:
a810b69fd21a37f1b3cfba3ed19fd17c

SHA-1:
a09ca2e8ca82c4f2e16adfda6da2796e2b28746d

SHA-256:
75fdd6fdb8b63f1f46dc8c76f64a928b09340e940b83de68595324bbb7c437c5

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 12:00:46 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Spigot (M)
16.9.3.0

File size:
512 KB (524,288 bytes)

Product version:
5, 0, 0, 6

Copyright:
Copyright © 2005-2012 Spigot, Inc.

Original file name:
wth.dll

Common path:
C:\windows\temp\tmp0000000d8fbc06cf2b3b03f0

Digital Signature
Signed by:
Spigot, Inc.

Authority:
VeriSign, Inc.

Valid from:
3/29/2011 3:00:00 AM

Valid to:
3/29/2012 2:59:59 AM

Subject:
CN="Spigot, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Spigot, Inc.", L=El Granada, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
205AA0CBA0AA4891C4AF524CA2EE072C

File PE Metadata
Compilation timestamp:
2/6/2012 6:51:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:NfMhXqR6j9VOc9Umxe2OG8pixJkGCl6klluPxw538nO:yhXqR6j9L962Ol6klluPxG8n

Entry address:
0x1B24

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 22, 04, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, CC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 30, 41, 00, 10, 89, 0D, 2C, 41, 00, 10, 89, 15, 28, 41, 00, 10, 89, 1D, 24, 41, 00, 10, 89, 35, 20, 41, 00, 10, 89, 3D, 1C, 41, 00, 10, 66, 8C, 15, 48, 41, 00, 10, 66, 8C, 0D, 3C, 41, 00, 10, 66, 8C, 1D, 18, 41, 00, 10, 66, 8C, 05, 14, 41, 00, 10, 66, 8C, 25, 10, 41, 00, 10, 66, 8C, 2D, 0C, 41, 00, 10, 9C, 8F, 05, 40, 41...
 
[+]

Entropy:
1.2994

Code size:
4.5 KB (4,608 bytes)

Remove tmp0000000d8fbc06cf2b3b03f0 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.