widgetserv.exe

Trioris widget server for Internet Explorer

Blabbers Communications Ltd

Part of Blabbers, a potentially unwanted browser application that may hijack or interfere with the browser's standard web searching behaviors in order to display ads. The application widgetserv.exe, “Trioris widgetserv” by Blabbers Communications has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Trioris  (signed by Blabbers Communications Ltd)

Product:
Trioris widget server for Internet Explorer

Description:
Trioris widgetserv

Version:
1.0.2.2

MD5:
6fa430991c9c8d7920de435b1d8fdae1

SHA-1:
9be8b55313fc50cababf337d181314a02679b531

SHA-256:
536820bd5c62d5bdf10939663f3fa12c1f589fabb62c3e884cce25303af8faf4

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/30/2024 8:24:43 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Blabbers.Trioris (M)
16.6.5.11

File size:
214.3 KB (219,440 bytes)

Product version:
1.0.2.2

Copyright:
(c) Trioris. All rights reserved.

Original file name:
widgetserv.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\browsercompanion\widgetserv.exe

Digital Signature
Authority:
The USERTRUST Network

Valid from:
2/10/2011 3:00:00 AM

Valid to:
2/11/2012 2:59:59 AM

Subject:
CN=Blabbers Communications Ltd, O=Blabbers Communications Ltd, STREET=Arad 3, L=Tel Aviv, S=Israel, PostalCode=43034, C=IL

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00D561643A7697D633BCB565E2E1EF7365

File PE Metadata
Compilation timestamp:
11/15/2009 8:18:57 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:PQBNHVZJgDSnM3GQXUGiDOgYhBuRJCKDdVL1wJ7Dga357FDQQ3dnI:PQlZ6WzGiSzhQRJCKDHLuJ7Dza

Entry address:
0x1A428

Entry point:
E8, 6B, 53, 00, 00, E9, 79, FE, FF, FF, CC, CC, 68, E0, 9C, 41, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 9C, 35, 43, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 9D, F5, FF, FF, C7, 06, 0C, 8B, 42, 00, 8B, C6, 5E, 5D...
 
[+]

Entropy:
6.2557

Code size:
150 KB (153,600 bytes)

Remove widgetserv.exe - Powered by Reason Core Security