1399617238_spwrapper.exe

ClientConnect LTD

The file belongs to the ClientConnect (Conduit/Perion) platform, a utility that bundles and monetizes search toolbars and browser add-ons. The application 1399617238_spwrapper.exe by ClientConnect has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program IMVU Avatar Chat Software by IMVU Inc.. While running, it connects to the Internet address cms.dmccint.com on port 80 using the HTTP protocol.
Remove 1399617238_spwrapper.exe - Powered by Reason Core Security
Publisher:
ClientConnect LTD  (signed and verified)

Description:
Custom Installer

Version:
1.1.100.1

MD5:
4d741d6d2f7eed511927243979a3fc40

SHA-1:
32ff6bd4342cc55791e0e133e60ecdb65e0a39a5

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:
12/8/2016 5:07:35 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Toolbar.Conduit
2015.0.3447

Baidu Antivirus
Adware.Win32.Conduit
4.0.3.14610

Dr.Web
Adware.Conduit.45
9.0.1.0161

Fortinet FortiGate
Riskware/Toolbar_Conduit
6/10/2014

Kaspersky
not-a-virus:Downloader.NSIS.Agent
14.0.0.3732

Malwarebytes
PUP.Optional.Conduit.A
v2014.06.10.12

McAfee
Artemis!4D741D6D2F7E
5600.7103

McAfee Web Gateway
Artemis!4D741D6D2F7E
7.7103

Reason Heuristics
PUP.Installer.ClientConnect.U
14.6.10.12

Sophos
Generic PUA DC
4.98

Trend Micro House Call
TROJ_GEN.F47V0331
7.2.161

Vba32 AntiVirus
Downloader.Agent
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
30146

Remove 1399617238_spwrapper.exe - Powered by Reason Core Security
File size:
113.5 KB (116,208 bytes)

Copyright:
ClientConnect Ltd.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Local settings\temp\1399617238_spwrapper.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/3/2014 10:00:00 PM

Valid to:
2/5/2016 9:59:59 PM

Subject:
CN=ClientConnect LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Stub, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
454C936FBC51DA40868FE2AB4727B946

File PE Metadata
Compilation timestamp:
2/24/2012 4:20:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:f5BuYAVrgUCPnqCX8fTZpJoum3VuLbKiCgecU5YHtRv/:f50gUCrmTdIFuqiXecU5stB/

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file 1399617238_spwrapper.exe has been discovered within the following program.

Publisher's description - “IMVU is an instant messaging tool that lets you chat with people from all over the globe in a 3D environment, instead of the plain, text-only chat room we're all used to.”
About 8% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to cms.dmccint.com  (23.67.242.80:80)

 
http://cms.dmccint.com/DynamicOffer/6374878/6396001/?mainofferId=6371444&CurrentStep=2&TotalSteps=4&DownloadBrowser=IE&CType=-1&UserMode=-1&DMVersion=1.3.3.39.6394867.01&Language=US-EN

Remove 1399617238_spwrapper.exe - Powered by Reason Core Security