home

WidgiToolbarFF.dll

Widgi Toolbar

Spigot, Inc.

This component is part of the Spigot browser add-on, a web browser addition that is designed to modify the core search provider in order to redirect search queries through partner portals. The module WidgiToolbarFF.dll by Spigot has been detected as adware by 5 anti-malware scanners.
Publisher:
Spigot, Inc.  (signed and verified)

Product:
Widgi Toolbar

Version:
4, 4, 0, 1

MD5:
af45e4b83b21c41912496baa9c154760

SHA-1:
2799dfa3f0e6553d489d23ebba86f04697bbdab5

SHA-256:
ca31f965ce506f608aad8970b4c8c8f90900f3e7b57b55f8a254645de15e33eb

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
4/23/2024 11:13:39 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Spigot
188838

Comodo Security
ApplicUnsaf.Win32.AdWare.cinmus.175
11513

Emsisoft Anti-Malware
Adware.Win32.Toolbar.Dealio.AMN!A2
8.16.01.31.07

ESET NOD32
Win32/Adware.Toolbar.Dealio (variant)
10.6881

Reason Heuristics
PUP.Spigot.Toolbar (M)
16.1.31.19

File size:
588.8 KB (602,976 bytes)

Product version:
4, 4, 0, 1

Copyright:
Copyright © 2005-2011 Spigot, Inc.

Original file name:
WidgiToolbarFF.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\common files\spigot\wtxpcom\components\widgitoolbarff.dll

Digital Signature
Signed by:
Spigot, Inc.

Authority:
VeriSign, Inc.

Valid from:
3/29/2011 3:00:00 AM

Valid to:
3/29/2012 2:59:59 AM

Subject:
CN="Spigot, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Spigot, Inc.", L=El Granada, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
205AA0CBA0AA4891C4AF524CA2EE072C

File PE Metadata
Compilation timestamp:
4/27/2011 12:53:56 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:0Mbcy81iyRGlusLrxJIV3FbgX+8DapWx/gfgQKS5dzPZu4aTV8PsyOo5gygz0Otr:ByY4sLrxJIVVUeW4aBJoajnVf

Entry address:
0x2F957

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 2F, 04, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, CC, FE, FF, FF, 59, 5D, C2, 0C, 00, FF, 25, D0, 82, 03, 10, 6A, 10, 68, D8, 09, 04, 10, E8, 60, 00, 00, 00, 33, C0, 89, 45, E0, 89, 45, FC, 89, 45, E4, 8B, 45, E4, 3B, 45, 10, 7D, 13, 8B, 75, 08, 8B, CE, FF, 55, 14, 03, 75, 0C, 89, 75, 08, FF, 45, E4, EB, E5, C7, 45, E0, 01, 00, 00, 00, C7, 45, FC, FE, FF, FF, FF, E8, 08, 00, 00, 00, E8, 67, 00, 00, 00, C2, 14, 00, 83, 7D, E0, 00, 75, 11, FF, 75, 18, FF...
 
[+]

Entropy:
5.0792

Code size:
217 KB (222,208 bytes)

Remove WidgiToolbarFF.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.