» wth172.dll
Overview
Analysis
File Details

wth172.dll

Widgi Toolbar

Spigot, Inc.

This component is part of the Spigot browser add-on, a web browser addition that is designed to modify the core search provider in order to redirect search queries through partner portals. The module wth172.dll, “WTH Dynamic Link Library” by Spigot has been detected as adware by 5 anti-malware scanners.

File name:

wth172.dll

Publisher:

Spigot, Inc. (signed and verified)

Product:

Widgi Toolbar

Description:

WTH Dynamic Link Library

Version:

8, 2, 0, 3

MD5:

ff9a01c7c2affd0d8297c9df52b79936

SHA-1:

61717591cec145973acf703b4c1662fc230a2f4f

SHA-256:

f6fee711a868bcf15e5bbfecd44d9253d456ecf283bbbe20f4555469ea8a736d

Scanner detections:

5 / 68

Status:

Adware

Analysis date:

4/26/2024 10:48:18 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

Dr.Web

Trojan.Damaged.1

9.0.1.0270

ESET NOD32

Win32/Toolbar.Widgi

8.9313

Reason Heuristics

PUP.Toolbar.Spigot.G

14.8.7.21

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10335

File size:

114.8 KB (117,568 bytes)

Product version:

8, 2, 0, 3

Original file name:

wth.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\common files\spigot\search settings\wth172.dll

Digital Signature

Signed by:

Spigot, Inc.

Authority:

VeriSign, Inc.

Valid from:

2/26/2012 12:00:00 AM

Valid to:

3/28/2015 11:59:59 PM

Subject:

CN="Spigot, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Spigot, Inc.", L=El Granada, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

494FF8E91607158CD480B23C615CFF8B

File PE Metadata

Compilation timestamp:

11/8/2013 1:52:01 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:2qM89E9eC+0IksZWllnMLOuaRktSjXcP5DS9Umi:fM8b90kZWl+L4Rfa3

Entry address:

0x6BB6

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 79, 5A, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00... 
[+]

Entropy:

6.3148

Code size:

69.5 KB (71,168 bytes)

Remove wth172.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.