k7offlineupdater.exe

Spigot, Inc.

This component is part of the Spigot browser add-on, a web browser addition that is designed to modify the core search provider in order to redirect search queries through partner portals. The application k7offlineupdater.exe by Spigot has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Spigot Setup installer. The file has been seen being downloaded from d3s8yh4ki1ad1i.cloudfront.net.
Publisher:
Spigot, Inc.  (signed and verified)

MD5:
cd72799da0965312980cdc5feb3c1d9d

SHA-1:
5dbbc3c6b7ba495ac2c60371bc72c2f00316293c

SHA-256:
a4dfabc395de5f33956ea282dc016265257fcee0e1af01783b7ef9b59d65d40e

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 1:28:08 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Spigot.Installer (M)
16.6.26.10

File size:
225.3 KB (230,744 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Spigot Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\k7offlineupdater.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
12/2/2014 5:30:00 AM

Valid to:
11/30/2015 5:30:00 PM

Subject:
CN="Spigot, Inc.", O="Spigot, Inc.", L=Incline Village, S=Nevada, C=US, PostalCode=89451, STREET="774 Mays Blvd. #10-456", SERIALNUMBER=E0212222011-9, OID.1.3.6.1.4.1.311.60.2.1.2=Nevada, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization

Issuer:
CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0B1416CEF5FC0B6BC571376D2D93F5C4

File PE Metadata
Compilation timestamp:
12/6/2009 4:20:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:IQIURTXJqIHVY2BNjcjcLJ2C4Qr5iQVuTJdD29vog8:IsVVYe3dvP5i1b29vog8

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.0407

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file k7offlineupdater.exe has been seen being distributed by the following URL.

Remove k7offlineupdater.exe - Powered by Reason Core Security