Home / malwarePDF  

PUA:Win32/Spigot


First posted on 24 February 2019.
Source: Microsoft

Aliases :

PUA:Win32/Spigot is also known as not-a-virus:Downloader.Win32.Agent.hcmd, Adware-SearchProtect, a variant of Win32/Toolbar.Widgi.J potentially unwanted appl, Spigot Toolbar, ADW_SPIGOT, Application.SearchProtect.BL, SearchProtection.

Explanation :

Installation

This application can be downloaded from websites that offer third-party software downloads. For example, we have seen it downloaded from:

gsf-cf.softonic.com www.tucows.com d3876fpuz5dglk.cloudfront.net dl-vip.appstore.baidu.co.th files.downloadnow.com

We have seen this application use the following file names:

YTDSetup.exe VuzeLeapSetup.exe YTDSetup (1).exe FrpSetup.exe SetupYTD.exe media.player.codec.pack.v4.3.0.setup.exe media.player.codec.pack.v4.3.1.setup.exe windows.7.codec.pack.v4.0.9.setup.exe media.player.codec.pack.v4.3.2.setup.exe

It can be digitally signed by the following vendors:

Spigot, Inc. Cloud Software GMGP, LLC Cloud Installer Greentree Applications SRL

We have seen this application using product names such as:

Search Protection Widgi Toolbar npEB YTD Video Downloader SDSPlugin Dynamic Link Library

This application communicates with domains such as:

update.apps-prodownload.com djtti5123lues.cloudfront.net update2.downloadnetworkhost.com update.cloudnetworktools.com download2.mybrowserbar.com

For example:

update.apps-prodownload.com/kits/um/UM.exe djtti5123lues.cloudfront.net/images/pixel.gif? update2.downloadnetworkhost.com/update/wt/ie/coupons/BrowserExtensionsSetup.exe Payload

Exhibits suspicious behaviors

We have observed this application exhibit the following potentially unwanted behavior on PCs:

Installs programs that start automatically when your PC starts Changes the Google Chrome secure preferences - this behavior is commonly associated with tampering with the default homepage or search provider in Chrome Changes your browser's proxy settings - we often see this used to inject ads into your browser as you browse the web

Installs other programs

We have seen this application install other software on your PC. Some of these applications might be bundled during the installation process and not intended to be installed. We have seen it installing programs such as:

Browser Extensions Settings Manager Malware Protection Live YTD Video Downloader 5.7 PDFCreator Advanced SystemCare 7 Avast Free Antivirus LimeWire Music Mozilla Firefox 47.0 (x86 en-US)

This description was published using automated analysis.

Last update 24 February 2019

 

TOP