home

cltmng.exe

Search Protect

ClientConnect LTD

The file belongs to the ClientConnect (Conduit/Perion) platform, a utility that bundles and monetizes search toolbars and browser add-ons. The application cltmng.exe by ClientConnect has been detected as adware by 12 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Python 2.5 by Martin v. Löwis and Search Protect by Client Connect LTD.
Publisher:
Client Connect LTD  (signed by ClientConnect LTD)

Product:
Search Protect

Version:
2.16.20.192

MD5:
2875ed5399cd95ad378b35097311fb1e

SHA-1:
584265f2ba0b47696184876335baf6e175c81bef

SHA-256:
6ade034ac15b5616728b1fdf31fad87559f610fbf9995bc1716c891d7984ee33

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
4/27/2024 3:53:54 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
ClientConnect
2015.0.3343

Baidu Antivirus
Adware.Win32.Conduit
4.0.3.1487

ESET NOD32
Win32/Conduit.SearchProtect (variant)
8.10297

G Data
Win32.Application.SearchProtect.AA@gen
14.8.24

K7 AntiVirus
Trojan
13.181.12846

Malwarebytes
PUP.Optional.SearchProtect.A
v2014.08.07.02

McAfee
Artemis!B1C796CA2D4E
5600.7045

Reason Heuristics
PUP.ClientConnect.G
14.8.7.14

Sophos
Conduit Search Protect
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10355

Trend Micro House Call
TROJ_GEN.R047H05GO14
7.2.219

VIPRE Antivirus
Conduit
32442

File size:
5.2 MB (5,428,672 bytes)

Product version:
2.16.20.192

Copyright:
© 2014 ClientConnect Ltd.

Original file name:
SearchProtect (R)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\searchprotect\searchprotect\bin\cltmng.exe

Digital Signature
Signed by:
ClientConnect LTD

Authority:
Symantec Corporation

Valid from:
6/18/2014 6:00:00 PM

Valid to:
6/19/2016 5:59:59 PM

Subject:
CN=ClientConnect LTD, OU=Search Protect 2, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
552491364DFD4261C3C5D20F5503F94C

File PE Metadata
Compilation timestamp:
8/6/2014 1:49:03 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:etoLYwquvGuSlOnd2lwjmXvXd/guWAAAS7AAAAizIBNU4BS:rYwquvSN5XvXd/Xj4Y

Entry address:
0x2DB9F8

Entry point:
E8, 8B, E1, 00, 00, E9, 7F, FE, FF, FF, 6A, 08, 68, 70, 14, 8C, 00, E8, D2, A3, 00, 00, FF, 35, 10, A5, 8D, 00, FF, 15, 5C, 72, 75, 00, 85, C0, 74, 16, 83, 65, FC, 00, FF, D0, EB, 07, 33, C0, 40, C3, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, 01, 00, 00, 00, CC, 6A, 08, 68, 50, 14, 8C, 00, E8, 9A, A3, 00, 00, E8, F5, C6, 00, 00, 8B, 40, 78, 85, C0, 74, 16, 83, 65, FC, 00, FF, D0, EB, 07, 33, C0, 40, C3, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, CE, 5E, 00, 00, CC, E8, CD, C6, 00, 00, 8B, 40, 7C, 85, C0...
 
[+]

Entropy:
6.8114

Code size:
3.3 MB (3,497,472 bytes)

The file cltmng.exe has been discovered within the following programs.

Python 2.5  by Martin v. Löwis
Python is a dynamic object-oriented programming language that can be used for many kinds of software development. It offers strong support for integration with other languages and tools, comes with extensive standard libraries, and can be learned in a few days.
About 1% of users remove it
Search Protect  by Client Connect LTD
Search Protect from Client Connect (formally Conduit, now a venture of Perion) is a homepage and search provider modifier that when installed will change the default web browser's home page and search pages to a partner portal such as Trovi.
www.conduit.com/searchprotect
79% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-225-145-186.compute-1.amazonaws.com  (54.225.145.186:80)

TCP (HTTP):
Connects to ec2-184-72-217-85.compute-1.amazonaws.com  (184.72.217.85:80)

TCP (HTTP SSL):
Connects to a23-212-180-11.deploy.static.akamaitechnologies.com  (23.212.180.11:443)

TCP (HTTP):
Connects to ec2-54-225-157-67.compute-1.amazonaws.com  (54.225.157.67:80)

TCP (HTTP):
Connects to ec2-50-17-206-125.compute-1.amazonaws.com  (50.17.206.125:80)

TCP (HTTP):
Connects to ec2-107-22-223-150.compute-1.amazonaws.com  (107.22.223.150:80)

TCP (HTTP):
Connects to h-207-228-83-19.gen.cadvision.com  (207.228.83.19:80)

TCP (HTTP):
Connects to ec2-54-243-228-101.compute-1.amazonaws.com  (54.243.228.101:80)

TCP (HTTP SSL):
Connects to a96-6-215-61.deploy.akamaitechnologies.com  (96.6.215.61:443)

TCP (HTTP SSL):
Connects to a23-73-55-61.deploy.static.akamaitechnologies.com  (23.73.55.61:443)

TCP (HTTP SSL):
Connects to a23-64-39-61.deploy.static.akamaitechnologies.com  (23.64.39.61:443)

TCP (HTTP):
Connects to a23-63-96-207.deploy.static.akamaitechnologies.com  (23.63.96.207:80)

TCP (HTTP SSL):
Connects to a23-54-23-61.deploy.static.akamaitechnologies.com  (23.54.23.61:443)

TCP (HTTP SSL):
Connects to a23-53-215-61.deploy.static.akamaitechnologies.com  (23.53.215.61:443)

TCP (HTTP SSL):
Connects to a23-47-151-61.deploy.static.akamaitechnologies.com  (23.47.151.61:443)

TCP (HTTP SSL):
Connects to a23-3-132-11.deploy.static.akamaitechnologies.com  (23.3.132.11:443)

TCP (HTTP SSL):
Connects to a23-220-132-39.deploy.static.akamaitechnologies.com  (23.220.132.39:443)

TCP (HTTP SSL):
Connects to a23-195-215-201.deploy.static.akamaitechnologies.com  (23.195.215.201:443)

TCP (HTTP SSL):
Connects to a23-194-96-11.deploy.static.akamaitechnologies.com  (23.194.96.11:443)

TCP (HTTP SSL):
Connects to a23-193-151-61.deploy.static.akamaitechnologies.com  (23.193.151.61:443)

Remove cltmng.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.