home

cltmng.exe

Search Protect

Conduit Ltd.

The file belongs to the Conduit API platform, a utility that bundles and monetizes search toolbars and web browser extensions. The application cltmng.exe, “Search Protect by Conduit” by Conduit has been detected as a potentially unwanted program by 20 anti-malware scanners. This file is typically installed with the program Search Protect by Conduit Ltd. which is a potentially unwanted software program.
Publisher:
Conduit  (signed by Conduit Ltd.)

Product:
Search Protect

Description:
Search Protect by Conduit

Version:
2.9.8.2

MD5:
de09bec7b6f8aa3354de5e663218b8ca

SHA-1:
4bb525ac7501802dcad3cd6792523f394333dcba

SHA-256:
565c24f09007ed27318fa3f6b5ba8a1a0f3e0423ede557eeb6d3c42ac00b4c80

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
4/19/2024 8:55:05 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SearchProtect-B [PUP]
2014.9-131218

Baidu Antivirus
Adware.Win32.Conduit
4.0.3.1487

Bkav FE
W32.Clod444.Trojan
1.3.0.4562

Boost by Reason
Optional.Conduit.G
188838

Dr.Web
Adware.Conduit.21
9.0.1.045

Emsisoft Anti-Malware
Trojan.GenericKDZ.24806
8.14.08.07.10

ESET NOD32
Win32/Conduit.SearchProtect (variant)
8.9372

Fortinet FortiGate
Riskware/Conduit_SearchProtect
2/14/2014

G Data
Win32.Adware.SearchProtect
13.12.22

K7 AntiVirus
Unwanted-Program
13.200.15134

Kaspersky
not-a-virus:WebToolbar.Win32.Agent
14.0.0.2219

Malwarebytes
PUP.Optional.Conduit.A
v2013.12.18.07

McAfee
Artemis!8DFBDE35A58E
5600.7220

Panda Antivirus
Adware/Conduit
14.02.14.05

Reason Heuristics
PUP.SearchProtect.Conduit.G
14.8.7.22

Sophos
PUA 'Conduit Search Protect'
5.11

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
9947

Trend Micro House Call
TROJ_GEN.F47V0828
7.2.352

VIPRE Antivirus
Conduit
22592

XVirus List
Win.Detected
2.3.31

File size:
4 MB (4,180,256 bytes)

Product version:
2.9.8.2

Copyright:
2012 (c) Conduit. All rights reserved.

Original file name:
SearchProtect (R)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\searchprotect\searchprotect\bin\cltmng.exe

Digital Signature
Signed by:
Conduit Ltd.

Authority:
VeriSign, Inc.

Valid from:
1/3/2013 8:00:00 AM

Valid to:
4/4/2016 7:59:59 AM

Subject:
CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3A82654719D8F75B59134F7B66465210

File PE Metadata
Compilation timestamp:
12/16/2013 5:07:23 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:YjE9qzORSa3WzqyyN1yyJrQyy0he/CsYUg6oEC6TOuqlAjV2zPTupVvZ3jybyNIX:Yw4z1phyeCrQyy+IosXqlABkuRjybPL

Entry address:
0x1C9083

Entry point:
E8, F4, AC, 00, 00, E9, 7F, FE, FF, FF, 6A, 0C, 68, 10, 56, 71, 00, E8, 77, 88, 00, 00, 83, 65, E4, 00, 8B, 5D, 0C, 8B, C3, 8B, 7D, 10, 0F, AF, C7, 8B, 75, 08, 03, F0, 89, 75, 08, 83, 65, FC, 00, 4F, 89, 7D, 10, 78, 0C, 2B, F3, 89, 75, 08, 8B, CE, FF, 55, 14, EB, EE, 33, C0, 40, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 14, 00, 00, 00, E8, 78, 88, 00, 00, C2, 10, 00, 8B, 7D, 10, 8B, 5D, 0C, 8B, 75, 08, 8B, 45, E4, 85, C0, 75, 0B, FF, 75, 14, 57, 53, 56, E8, 01, 00, 00, 00, C3, 6A, 14, 68, 30, 56, 71, 00...
 
[+]

Entropy:
6.4665

Code size:
2.7 MB (2,781,696 bytes)

The file cltmng.exe has been discovered within the following programs.

Search Protect  by Conduit Ltd.
From the Terms of Service: "Search Protect is a separate piece of software installed on your hard-drive in connection with your installation of a Toolbar. It is designed to protect your Search settings from takeover by third parties.
84% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-184-73-241-32.compute-1.amazonaws.com  (184.73.241.32:80)

TCP (HTTP):
Connects to ec2-54-235-200-205.compute-1.amazonaws.com  (54.235.200.205:80)

TCP (HTTP):
Connects to ec2-54-243-87-48.compute-1.amazonaws.com  (54.243.87.48:80)

TCP (HTTP):
Connects to ec2-54-225-240-2.compute-1.amazonaws.com  (54.225.240.2:80)

TCP (HTTP):
Connects to ec2-23-21-62-86.compute-1.amazonaws.com  (23.21.62.86:80)

TCP (HTTP):
Connects to ec2-184-72-217-85.compute-1.amazonaws.com  (184.72.217.85:80)

TCP (HTTP):
Connects to ec2-107-22-164-137.compute-1.amazonaws.com  (107.22.164.137:80)

TCP (HTTP):
Connects to ec2-107-22-239-148.compute-1.amazonaws.com  (107.22.239.148:80)

TCP (HTTP SSL):
Connects to a23-45-99-152.deploy.static.akamaitechnologies.com  (23.45.99.152:443)

TCP (HTTP SSL):
Connects to a23-38-83-152.deploy.static.akamaitechnologies.com  (23.38.83.152:443)

TCP (HTTP):
Connects to m35-mp1-cvx1b.lan.ntl.com  (62.252.168.35:80)

TCP (HTTP):
Connects to ec2-54-235-66-89.compute-1.amazonaws.com  (54.235.66.89:80)

TCP (HTTP):
Connects to ec2-54-221-253-159.compute-1.amazonaws.com  (54.221.253.159:80)

TCP (HTTP):
Connects to ec2-54-197-243-195.compute-1.amazonaws.com  (54.197.243.195:80)

TCP (HTTP):
Connects to ec2-23-23-163-30.compute-1.amazonaws.com  (23.23.163.30:80)

TCP (HTTP):
Connects to ec2-23-21-181-215.compute-1.amazonaws.com  (23.21.181.215:80)

TCP (HTTP SSL):
Connects to a23-74-195-152.deploy.static.akamaitechnologies.com  (23.74.195.152:443)

TCP (HTTP SSL):
Connects to a23-72-99-152.deploy.static.akamaitechnologies.com  (23.72.99.152:443)

TCP (HTTP SSL):
Connects to a23-56-86-156.deploy.static.akamaitechnologies.com  (23.56.86.156:443)

TCP (HTTP SSL):
Connects to a23-56-71-61.deploy.static.akamaitechnologies.com  (23.56.71.61:443)

Remove cltmng.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.