{c902ed9e-f1b8-458b-afb3-55c7dbb4ee5a}.exe

The application {c902ed9e-f1b8-458b-afb3-55c7dbb4ee5a}.exe has been detected as a potentially unwanted program by 5 anti-malware scanners.
Remove {c902ed9e-f1b8-458b-afb3-55c7dbb4ee5a}.exe - Powered by Reason Core Security
MD5:
7cdb87bf7d4bc1dcef26d663ed11446a

SHA-1:
c4f7b4a4a45885cf40c474cd4dfef46283b8d405

SHA-256:
51e3962b10c20a58dd3729afa981d2884b2e3efddd51405908eea612119c6f05

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
12/10/2016 5:57:34 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Conduit
4.0.3.14610

Dr.Web
Threat.Undefined
9.0.1.05190

ESET NOD32
Win32/Conduit.SearchProtect.N potentially unwanted application
7.0.302.0

Malwarebytes
PUP.Optional.SearchProtect.A
v2014.06.10.11

VIPRE Antivirus
Conduit
30154

Remove {c902ed9e-f1b8-458b-afb3-55c7dbb4ee5a}.exe - Powered by Reason Core Security
File size:
126.7 KB (129,776 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\roaming\iolo\safetynet\manual\{b0b40951-9dc1-4b3f-99f7-361045ab9ad1}\{c902ed9e-f1b8-458b-afb3-55c7dbb4ee5a}.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
3072:A+S1MhkCkOWYh8EQbzU/p+pSa1TwtMHxDc0:iuW8EceHxI0

Entry point:
50, 4B, 03, 04, 14, 00, 00, 00, 08, 00, 8B, 54, AE, 44, DE, E1, 73, FF, 3A, FA, 01, 00, 08, 3A, 02, 00, 2A, 00, 00, 00, 7B, 43, 39, 30, 32, 45, 44, 39, 45, 2D, 46, 31, 42, 38, 2D, 34, 35, 38, 42, 2D, 41, 46, 42, 33, 2D, 35, 35, 43, 37, 44, 42, 42, 34, 45, 45, 35, 41, 7D, 2E, 65, 78, 65, EC, BD, 0F, 78, 54, D5, B5, F0, 7D, 26, 33, 09, 03, 24, 4C, D0, 44, A3, 06, 8D, 82, 15, 05, 29, 35, A0, C4, 80, 0E, 90, 09, 58, 13, 1C, 18, 32, 83, E5, 6F, 84, 84, C9, 18, 12, 9A, 9C, C3, 9F, 96, 68, C2, 24, CA, 78, 18, 6B...
 
[+]

Entropy:
7.9983  (probably packed)

Remove {c902ed9e-f1b8-458b-afb3-55c7dbb4ee5a}.exe - Powered by Reason Core Security