» IEInstaller.exe
Overview
Analysis
File Details
Behaviors (1)

IEInstaller.exe

IEInstaller

Spigot, Inc.

This component is part of the Spigot browser add-on, a web browser addition that is designed to modify the core search provider in order to redirect search queries through partner portals. The application IEInstaller.exe by Spigot has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the uninstaller utility registered in the Windows Control Panel for the program XP by XP.

File name:

IEInstaller.exe

Publisher:

Spigot, Inc. (signed and verified)

Product:

IEInstaller

Version:

1.0.0.0

MD5:

62aba3b26aba29c0cb775757a709e48d

SHA-1:

2c524525c5b6652e382ebeadd590adf5c8e58689

SHA-256:

04f938ffc441d94e325fa5120be291aaddb97210b0e4bed3021101be4d3bfa71

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/27/2024 12:53:34 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Spigot (M)

16.12.9.2

File size:

217.5 KB (222,736 bytes)

Product version:

1.0.0.0

Original file name:

IEInstaller.exe

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\appdata\local\apps\2.0\bdjox5kh.qah\vabbyxh7.o00\down..rnow_de42689ffaeb471f_0001.0000_7e360a6fdd65a038\ieinstaller.exe

Digital Signature

Signed by:

Spigot, Inc.

Authority:

GlobalSign nv-sa

Valid from:

1/9/2016 4:32:31 AM

Valid to:

1/9/2017 4:32:31 AM

Subject:

CN="Spigot, Inc.", O="Spigot, Inc.", L=Incline Village, S=NV, C=US

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112196EC5AC13E36458FC630685E79468219

File PE Metadata

Compilation timestamp:

12/9/2016 2:03:31 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

48.0

.NET CLR dependent:

Yes

Entry address:

0x3713A

Entry point:

4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

4.4351

Code size:

212.5 KB (217,600 bytes)

Program Uninstaller

Program name:

Display publisher:

Display version:

1.4

Uninstall string:

C:\users\{user}\appdata\local\apps\2.0\bdjox5kh.qah\vabbyxh7.o00\down..rnow_de42689ffaeb471f_0001.0000_7e360a6fdd65a038\ieinstaller.exe \u "xp" {04756efc-4ae0-4e92-b0c8-cd55ea108e15}

Remove IEInstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.