» 7274388874
Overview
Analysis
File Details

7274388874

Conduit

This is part of the Conduit platform, a browser extension desigend to manage and control the web browser's search provider functionality. The file 7274388874, “Search Protect Identifier by conduit” has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. It is also typically executed from the user's temporary directory.

File name:

7274388874

Publisher:

Conduit

Description:

Search Protect Identifier by conduit

Version:

1.0.2.0

MD5:

dff57bf811a4322f03987f1fe479b7ed

SHA-1:

41e57e4ec10f0f89e2a92f3422cec90cdc9f481b

SHA-256:

ff7a72705e30e8fbf65bf0a85333cede79199ede46b19917367bdd99c4748802

Scanner detections:

9 / 68

Status:

Potentially unwanted

Explanation:

Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:

4/26/2024 4:48:23 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

PUA.Win32.Conduit.BSearchProtect

4.0.3.141121

ESET NOD32

Win32/Conduit.SearchProtect.Q potentially unwanted application

7.0.302.0

G Data

Win32.Application.SearchProtect

14.11.24

IKARUS anti.virus

PUA.Conduit

t3scan.1.8.3.0

Kaspersky

not-a-virus:WebToolbar.Win32.Agent

15.0.0.543

Malwarebytes

PUP.Optional.Conduit.A

v2014.11.21.11

Panda Antivirus

Trj/Genetic.gen

14.11.21.11

Reason Heuristics

PUP.Conduit.K

14.11.21.23

VIPRE Antivirus

Conduit

35008

File size:

2.5 MB (2,588,040 bytes)

Conduit Ltd.

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\7274388874

File PE Metadata

Compilation timestamp:

2/24/2012 12:20:04 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:bAbh1Xqx6BHVBPvcS0SfpBjEldLO4gpUXSrVYyZUPDxDGqTQGsuMjSw:bAb3Hf1VBjESUXSrFGGYUf

Entry address:

0x38AF

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00... 
[+]

Entropy:

7.9894

Packer / compiler:

Nullsoft install system v2.x

Code size:

29 KB (29,696 bytes)

Remove 7274388874 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.