home

{a145b05b-b25a-49f8-8b35-ce1cefbef4f0}.exe

The application {a145b05b-b25a-49f8-8b35-ce1cefbef4f0}.exe has been detected as a potentially unwanted program by 11 anti-malware scanners.
MD5:
6f8b1b24106a3938c4e7bd8f4456303c

SHA-1:
f6822e85460711785324c1f37ea47ab9cb850392

SHA-256:
01b5d2e45ad640b5530c058a5faac644b2899ccfc4c315444bfbaf1077681ce0

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
4/26/2024 9:13:33 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3256

Dr.Web
Threat.Undefined
9.0.1.05190

ESET NOD32
Win32/ClientConnect.A potentially unwanted application
7.0.302.0

K7 AntiVirus
Trojan
13.188.14380

Kaspersky
not-a-virus:WebToolbar.Win32.Agent
15.0.0.543

Malwarebytes
PUP.Optional.Conduit.A
v2014.12.19.03

Sophos
PUA 'SearchProtect' (of type Adware)
5.09

Trend Micro House Call
ADW_SEA.9F07B91E
7.2.353

Trend Micro
ADW_SEA.9F07B91E
10.465.19

VIPRE Antivirus
Conduit
35858

ViRobot
Adware.Agent.177432[h]
2014.3.20.0

File size:
157.5 KB (161,283 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\roaming\iolo\safetynet\sched\{7f4cebda-63e1-4558-bec0-118b184c98f9}\{a145b05b-b25a-49f8-8b35-ce1cefbef4f0}.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
3072:M5cAIqX2IhXxp09TXY5kM1e1PIhTQzVbwd7Q3p3m1zb+qvHmVyFDg2J:FAdD/0xXCkMuIZQzV3ms+GQD7

Entry point:
50, 4B, 03, 04, 14, 00, 00, 00, 08, 00, BA, BD, 92, 45, 33, F5, 8E, 11, 4D, 75, 02, 00, 18, B5, 02, 00, 2A, 00, 00, 00, 7B, 41, 31, 34, 35, 42, 30, 35, 42, 2D, 42, 32, 35, 41, 2D, 34, 39, 46, 38, 2D, 38, 42, 33, 35, 2D, 43, 45, 31, 43, 45, 46, 42, 45, 46, 34, 46, 30, 7D, 2E, 65, 78, 65, EC, BD, 0F, 78, 54, D5, B5, F0, 7D, 26, 33, 09, 03, 24, 4C, D0, 44, A3, 06, 0D, 82, 15, 05, 29, 1A, 50, 62, 40, 07, C8, 04, AC, 09, 0E, 0C, 99, C1, F2, 37, 42, E2, 64, 0C, 09, 4D, CE, E1, 4F, 4B, 34, 61, 12, 65, 3C, 8C, B5...
 
[+]

Entropy:
7.9986  (probably packed)

Remove {a145b05b-b25a-49f8-8b35-ce1cefbef4f0}.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.