PUP.Spigot Application Updater

By CagedTech in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank:	2,583
Threat Level:	10 % (Normal)
Infected Computers:	428,882

First Seen:	April 23, 2010
Last Seen:	January 28, 2026
OS(es) Affected:	Windows

Table of Contents

Aliases

4 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
NOD32	a variant of Win32/Toolbar.Widgi
NOD32	probably a variant of Win32/Adware.Toolbar.Dealio
Comodo	UnclassifiedMalware
NOD32	a variant of Win32/Adware.Toolbar.Dealio

SpyHunter Detects & Remove PUP.Spigot Application Updater

File System Details

PUP.Spigot Application Updater may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	A0171150.rbf	4ba6924e8970e40de0cc19282a2c449a	1,220
Name: A0171150.rbf MD5: 4ba6924e8970e40de0cc19282a2c449a Size: 1.43 MB (1436216 bytes) Detections: 1,220 Path: E:\System Volume Information\_restore{A9FBB36E-4801-45F7-B907-5B0902338F8F}\RP412\A0171150.rbf Group: Malware file Last Updated: August 9, 2022
2.	applicationupdater.exe	7916ee686b26fc01a56808f2fb1a22dd	513
Name: applicationupdater.exe MD5: 7916ee686b26fc01a56808f2fb1a22dd Size: 927.58 KB (927584 bytes) Detections: 513 Type: Executable File Path: c:\program files\application updater\applicationupdater.exe Group: Malware file Last Updated: October 14, 2022
3.	A0171165.rbf	71d85ea8e4d76881239c67795d203549	470
Name: A0171165.rbf MD5: 71d85ea8e4d76881239c67795d203549 Size: 172.08 KB (172088 bytes) Detections: 470 Path: E:\System Volume Information\_restore{A9FBB36E-4801-45F7-B907-5B0902338F8F}\RP412\A0171165.rbf Group: Malware file Last Updated: October 29, 2024
4.	SettingsManager.exe	6f798bbfd755743c6c579afec0efafb6	389
Name: SettingsManager.exe MD5: 6f798bbfd755743c6c579afec0efafb6 Size: 988.91 KB (988912 bytes) Detections: 389 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Settings Manager\SettingsManager.exe Group: Malware file Last Updated: April 21, 2024
5.	CouponsHelper.exe	83373f3ca9c49a68d6484665cbcd320a	305
Name: CouponsHelper.exe MD5: 83373f3ca9c49a68d6484665cbcd320a Size: 550 KB (550000 bytes) Detections: 305 Type: Executable File Path: E:\Documents and Settings\tata\Data aplikací\BrowserExtensions\CouponsHelper.exe Group: Malware file Last Updated: March 8, 2023
6.	OldForDeletion~spDF8C.tmp	d3b3f4319f5847b27cd66dbce901643d	257
Name: OldForDeletion~spDF8C.tmp MD5: d3b3f4319f5847b27cd66dbce901643d Size: 951.44 KB (951448 bytes) Detections: 257 Type: Temporary File Path: C:\Program Files (x86)\Common Files\ProgramManager\OldForDeletion~spDF8C.tmp Group: Malware file Last Updated: April 30, 2024
7.	26E6C7F0-3BBB-19AF-42C9-FBBFDF40B132	b99873d53515412d9d2870eff72ad667	203
Name: 26E6C7F0-3BBB-19AF-42C9-FBBFDF40B132 MD5: b99873d53515412d9d2870eff72ad667 Size: 901.72 KB (901728 bytes) Detections: 203 Path: C:\WINDOWS\System32\MRT\3AC662F4-BBD5-4771-B2A0-164912094D5D\FilesStash\26E6C7F0-3BBB-19AF-42C9-FBBFDF40B132 Group: Malware file Last Updated: January 22, 2022
8.	OldForDeletion~sp3602.tmp	3beb80a4b1ce83c11aa471fcbdd6bb12	144
Name: OldForDeletion~sp3602.tmp MD5: 3beb80a4b1ce83c11aa471fcbdd6bb12 Size: 926.2 KB (926208 bytes) Detections: 144 Type: Temporary File Path: C:\Program Files (x86)\Common Files\ProgramManager\OldForDeletion~sp3602.tmp Group: Malware file Last Updated: November 21, 2022
9.	OldForDeletion~spBFDA.tmp	aaeefd197c2201166159407ea6c04d1d	122
Name: OldForDeletion~spBFDA.tmp MD5: aaeefd197c2201166159407ea6c04d1d Size: 965.35 KB (965352 bytes) Detections: 122 Type: Temporary File Path: C:\Program Files (x86)\Common Files\ProgramManager\OldForDeletion~spBFDA.tmp Group: Malware file Last Updated: June 23, 2023
10.	OldForDeletion~spDB38.tmp	7b21a0c4d629a0f3284da0d24f0b56d4	74
Name: OldForDeletion~spDB38.tmp MD5: 7b21a0c4d629a0f3284da0d24f0b56d4 Size: 799.92 KB (799920 bytes) Detections: 74 Type: Temporary File Path: C:\Users\<username>\AppData\Roaming\Update Manager\OldForDeletion~spDB38.tmp Group: Malware file Last Updated: October 24, 2025
11.	SettingsManager.exe.vir	c203b160b49844ff11ea9d339fa28537	70
Name: SettingsManager.exe.vir MD5: c203b160b49844ff11ea9d339fa28537 Size: 922.6 KB (922608 bytes) Detections: 70 Path: %SYSTEMDRIVE%\AdwCleaner\Quarantine\C\Users\<username>\AppData\Roaming\Settings Manager\SettingsManager.exe.vir Group: Malware file Last Updated: December 10, 2022
12.	A0101351.exe	143decea242024d28dd609223c56c7e1	69
Name: A0101351.exe MD5: 143decea242024d28dd609223c56c7e1 Size: 540.65 KB (540656 bytes) Detections: 69 Type: Executable File Path: %SYSTEMDRIVE%\System Volume Information\_restore{B322D552-2C61-4388-AAC2-5A454AE754F3}\RP613\A0101351.exe Group: Malware file Last Updated: August 23, 2022
13.	SP.EXE	b00b414482240298e03591469939a7ca	55
Name: SP.EXE MD5: b00b414482240298e03591469939a7ca Size: 912.49 KB (912496 bytes) Detections: 55 Type: Executable File Path: %APPDATA%\Search Protection Group: Malware file Last Updated: January 22, 2022
14.	OldForDeletion~sp57DF.tmp	69f51ea7ca0d1efbf533bb0e8fdb1376	55
Name: OldForDeletion~sp57DF.tmp MD5: 69f51ea7ca0d1efbf533bb0e8fdb1376 Size: 642.22 KB (642224 bytes) Detections: 55 Type: Temporary File Path: C:\Users\<username>\AppData\Roaming\Update Manager\OldForDeletion~sp57DF.tmp Group: Malware file Last Updated: July 25, 2022
15.	settingsmanager.VIR.VIR.VIR.VIR.VIR.VIR.VIR.VIR	32d157506e871cfbc1e695e10538ac1e	55
Name: settingsmanager.VIR.VIR.VIR.VIR.VIR.VIR.VIR.VIR MD5: 32d157506e871cfbc1e695e10538ac1e Size: 928.88 KB (928880 bytes) Detections: 55 Path: C:\Users\<username>\AppData\Roaming\Settings Manager\settingsmanager.VIR.VIR.VIR.VIR.VIR.VIR.VIR.VIR Group: Malware file Last Updated: April 23, 2022
16.	46171f13.rbf	ea923862e75d8c75815c29089edb2cd1	48
Name: 46171f13.rbf MD5: ea923862e75d8c75815c29089edb2cd1 Size: 945.81 KB (945816 bytes) Detections: 48 Path: C:\Config.Msi\46171f13.rbf Group: Malware file Last Updated: May 25, 2022
17.	UM.exe.vir	749d85110406b8dd0f3eb48953dfd91f	42
Name: UM.exe.vir MD5: 749d85110406b8dd0f3eb48953dfd91f Size: 776.88 KB (776880 bytes) Detections: 42 Path: %SYSTEMDRIVE%\AdwCleaner\Quarantine\C\Users\<username>\AppData\Roaming\Update Manager\UM.exe.vir Group: Malware file Last Updated: October 27, 2021
18.	PreferencesManager_1.exe	b40bf8c16f80921935b1331052ea5e27	34
Name: PreferencesManager_1.exe MD5: b40bf8c16f80921935b1331052ea5e27 Size: 1.36 MB (1366640 bytes) Detections: 34 Type: Executable File Path: C:\Program Files\Panda Security\WAC\LostandFound\PreferencesManager_1.exe Group: Malware file Last Updated: January 9, 2023
19.	OldForDeletion~spA206.tmp	4e5824292d394c19c768bd65d11ea92c	31
Name: OldForDeletion~spA206.tmp MD5: 4e5824292d394c19c768bd65d11ea92c Size: 795.82 KB (795824 bytes) Detections: 31 Type: Temporary File Path: C:\Users\<username>\AppData\Roaming\Update Manager\OldForDeletion~spA206.tmp Group: Malware file Last Updated: January 25, 2024
20.	UM.EXE	ed3349c8bd42ec6b28b8736b7ad464e0	26
Name: UM.EXE MD5: ed3349c8bd42ec6b28b8736b7ad464e0 Size: 1.6 MB (1604840 bytes) Detections: 26 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\Update Manager\UM.EXE Group: Malware file Last Updated: December 8, 2021
21.	CouponsHelper.exe.vir	175ff41ca3ef01f1e566372b652f914f	12
Name: CouponsHelper.exe.vir MD5: 175ff41ca3ef01f1e566372b652f914f Size: 540.65 KB (540656 bytes) Detections: 12 Path: %SYSTEMDRIVE%\AdwCleaner\Quarantine\C\Users\<username>\AppData\Roaming\Browser Extensions\CouponsHelper.exe.vir Group: Malware file Last Updated: July 3, 2022
22.	21f28.rbf	9717eb4339304ca3d1163a6ea26174cb	7
Name: 21f28.rbf MD5: 9717eb4339304ca3d1163a6ea26174cb Size: 952.98 KB (952984 bytes) Detections: 7 Path: C:\Config.Msi\21f28.rbf Group: Malware file Last Updated: November 10, 2021
23.	BEHelper.exe	16b95fc56b2ee6725d3f02a612f64c7d	4
Name: BEHelper.exe MD5: 16b95fc56b2ee6725d3f02a612f64c7d Size: 553.96 KB (553968 bytes) Detections: 4 Type: Executable File Path: %APPDATA%\BrowserExtensions Group: Malware file Last Updated: November 16, 2021
24.	searchprotection.exe	bf13dc5caa45f161da2af1a5ff53d223	3
Name: searchprotection.exe MD5: bf13dc5caa45f161da2af1a5ff53d223 Size: 840.55 KB (840552 bytes) Detections: 3 Type: Executable File Path: %APPDATA%\search protection Group: Malware file Last Updated: March 26, 2016
25.	SearchSettings64.exe	8b8a102dc9874f6a0ed331110e5a2e73	1
Name: SearchSettings64.exe MD5: 8b8a102dc9874f6a0ed331110e5a2e73 Size: 170.48 KB (170480 bytes) Detections: 1 Type: Executable File Path: %COMMONPROGRAMFILES(x86)%\Spigot\Search Settings Group: Malware file Last Updated: March 23, 2016
26.	SearchSettings.exe	69080450cb791af25639d7a73788e28d	1
Name: SearchSettings.exe MD5: 69080450cb791af25639d7a73788e28d Size: 1.43 MB (1439552 bytes) Detections: 1 Type: Executable File Path: %COMMONPROGRAMFILES(x86)%\Spigot\Search Settings Group: Malware file Last Updated: March 23, 2016
27.	PreferencesManager.exe	421626cffc886a942bc15558cf25fd16	1
Name: PreferencesManager.exe MD5: 421626cffc886a942bc15558cf25fd16 Size: 1.34 MB (1341792 bytes) Detections: 1 Type: Executable File Path: %COMMONPROGRAMFILES%\Spigot\Preferences Manager Group: Malware file Last Updated: March 23, 2016
28.	ProgramManager.exe	50a16f8f4d37181ec0e68a9d9da287e9	1
Name: ProgramManager.exe MD5: 50a16f8f4d37181ec0e68a9d9da287e9 Size: 5 KB (5009 bytes) Detections: 1 Type: Executable File Path: %COMMONPROGRAMFILES%\ProgramManager Group: Malware file Last Updated: April 14, 2016

More files

Registry Details

PUP.Spigot Application Updater may create the following registry entry or registry entries:

Regexp file mask

%APPDATA%\Settings Manager\SettingsManager.exe

%APPDATA%\Update Manager\UM.exe

%LOCALAPPDATA%\maps and driving direction\maps and driving direction.exe

Directories

PUP.Spigot Application Updater may create the following directory or directories:

%COMMONPROGRAMFILES%\ProgramManager

%COMMONPROGRAMFILES(x86)%\ProgramManager

%ProgramFiles%\Common Files\Spigot

%appdata%\SpigotSettings

Analysis Report

General information

Family Name:	PUP.Spigot Application Updater
Signature status:	Hash Mismatch

Known Samples

MD5: ecd7e8a145baf238f7897496c6817268

SHA1: 75a06dd37ade38c61ef9ca13040ea0e02a665853

SHA256: 70596C932E4E2060997E7D3576E8CF6C7FA656F09EB298570A52AC86B4521614

File Size: 1.36 MB, 1359656 bytes

MD5: 334bc02d786f3966fc3b1fdc795b6be6

SHA1: 56bcd7ae8ebd923ecc588871622095c1d2e9e589

SHA256: ACBC24A3CB510205FD47E57D96CD64477EF3370590125C0ECE52A9A56BE3ACA0

File Size: 424.36 KB, 424363 bytes

MD5: 4c0a7504310f87fab91edb55137058c4

SHA1: 31972dc993d92cd1aeacf2b96775a6c24bf114fa

SHA256: A536EA9DBD87452A92828407BC032CE603C048AB365E7BC8E600257B8CC348B2

File Size: 4.42 MB, 4422112 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has exports table
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)

File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	This installation was built with Inno Setup.
Company Name	BlueSprig
File Description	JetClean Setup Settings Manager
File Version	26,7,0,2 1.5.0.0
Legal Copyright	Copyright © 2011-2013
Product Name	JetClean
Product Version	26,7,0,2 1.5.0

Digital Signatures

Signer	Root	Status
Cloud Software	DigiCert SHA2 Assured ID Code Signing CA	Self Signed
BlueSprig, Inc.	VeriSign Class 3 Code Signing 2010 CA	Hash Mismatch

Block Information

Similar Families

Spigot.A

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\is-99pe3.tmp\31972dc993d92cd1aeacf2b96775a6c24bf114fa_0004422112.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-uj3dd.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-uj3dd.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-uj3dd.tmp\getcountry	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-uj3dd.tmp\inno_english.lng	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-uj3dd.tmp\itdownload.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-uj3dd.tmp\rdzone.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-uj3dd.tmp\upgrade.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskd9cb.tmp\sm.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nspd8b1.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete

c:\users\user\appdata\local\temp\nstd797.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\~nsu.tmp\au_.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\downloads	Synchronize,Write Attributes
c:\users\user\downloads\56bcd7ae8ebd923ecc588871622095c1d2e9e589_0000424363	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Windows\SystemTemp\a9dd6c3f-d641-4292-855a-e9c09c1b694b.tmp\??\C:\Windows\SystemTemp\85968c61-a19d-4e7b-a80f-d2a1fc3c08	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey

Windows API Usage

Category	API
Syscall Use	ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtClose ntdll.dll!NtCreateFile ntdll.dll!NtCreateSection ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenProcessToken ntdll.dll!NtProtectVirtualMemory Show More ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtReadFile ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationProcess ntdll.dll!NtTestAlert ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory win32u.dll!NtUserGetKeyboardLayout win32u.dll!NtUserGetThreadState
Process Shell Execute	CreateProcess ShellExecuteEx
Anti Debug	NtQuerySystemInformation
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen InternetQueryOption InternetReadFile InternetSetOption
Process Manipulation Evasion	NtUnmapViewOfSection
Other Suspicious	AdjustTokenPrivileges
User Data Access	GetUserObjectInformation
Keyboard Access	GetKeyState

Shell Command Execution


							C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\75a06dd37ade38c61ef9ca13040ea0e02a665853_0001359656.,LiQMAxHB


							"C:\Users\Diwdgtfo\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


							"C:\Users\Mzegqazq\AppData\Local\Temp\is-99PE3.tmp\31972dc993d92cd1aeacf2b96775a6c24bf114fa_0004422112.tmp" /SL5="$B003EA,3913143,153600,c:\users\user\downloads\31972dc993d92cd1aeacf2b96775a6c24bf114fa_0004422112"


							(NULL) C:\Users\Mzegqazq\AppData\Local\Temp\is-UJ3DD.tmp\Upgrade.exe /Upgrade

PUP.Spigot Application Updater

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove PUP.Spigot Application Updater

File System Details

Registry Details

Directories

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

Block Information

Block Information

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed