home

cltmngui.exe

Search Protect

ClientConnect LTD

The file belongs to the ClientConnect (Conduit/Perion) platform, a utility that bundles and monetizes search toolbars and browser add-ons. The application cltmngui.exe by ClientConnect has been detected as adware by 33 anti-malware scanners.
Publisher:
Client Connect LTD  (signed by ClientConnect LTD)

Product:
Search Protect

Version:
3.0.10.64

MD5:
5771c58c797f90def11722f04325c68b

SHA-1:
566bec2ffe9304a7f732096f2f57fa3464f560a3

SHA-256:
b0f22da64c56dc08b5063116dc54b76758d02587f3d6f8f14560117af899552a

Scanner detections:
33 / 68

Status:
Adware

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
4/27/2024 1:54:21 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.SearchProtect
2015.08.05

Avira AntiVirus
TR/Trash.Gen
3.6.1.96

avast!
Win32:Conduit-B [PUP]
2014.9-150806

AVG
Generic
2016.0.3026

Baidu Antivirus
Adware.Win32.Conduit
4.0.3.1586

Bkav FE
W32.HfsAdware
1.3.0.6979

Dr.Web
Adware.Conduit.371
9.0.1.0218

ESET NOD32
Win32/Conduit.SearchProtect.Y potentially unwanted (variant)
9.12041

F-Prot
W32/S-d4ed2314
v6.4.7.1.166

G Data
Win32.Application.SearchProtect.AN@gen
15.8.25

K7 AntiVirus
Unwanted-Program
13.207.16781

Malwarebytes
PUP.Optional.SearchProtect.A
v2015.08.06.12

McAfee
Artemis!DA3BFCB2AB4B
5600.6682

Panda Antivirus
PUP/SearchProtect
15.08.06.12

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Quick Heal
PUA.MSJDGBTIR.OD6
8.15.14.00

Reason Heuristics
PUP.Conduit.ClientConnect (M)
15.8.5.20

Sophos
Conduit Search Protect (PUA)
4.98

Trend Micro House Call
Suspicious_GEN.F47V0116
7.2.218

VIPRE Antivirus
Conduit
42616

File size:
3.1 MB (3,287,288 bytes)

Product version:
3.0.10.64

Copyright:
© 2014 ClientConnect Ltd.

Original file name:
SearchProtect (R)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\searchprotect\ui\bin\cltmngui.exe

Digital Signature
Signed by:
ClientConnect LTD

Authority:
VeriSign, Inc.

Valid from:
12/30/2014 7:00:00 PM

Valid to:
12/26/2016 6:59:59 PM

Subject:
CN=ClientConnect LTD, OU=Safe Search, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
354F4C7E49A131A6E4BF89B253C78A2D

File PE Metadata
Compilation timestamp:
8/3/2015 5:02:49 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:fYZ73KkWGugo4sZ/RIK/yW9CqPIBu2kHMiRsZB2DVC+xwRHGskta9SzYK:O7akWpgvsZJIK/UqPIvksiRoB6xz

Entry address:
0x1DEF43

Entry point:
E8, 40, BD, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8D, 45, 14, 50, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, F4, C0, 00, 00, 83, C4, 14, 5D, C3, E8, 96, A6, 00, 00, 69, 48, 14, FD, 43, 03, 00, 81, C1, C3, 9E, 26, 00, 89, 48, 14, C1, E9, 10, 81, E1, FF, 7F, 00, 00, 8B, C1, C3, 55, 8B, EC, E8, 72, A6, 00, 00, 8B, 4D, 08, 89, 48, 14, 5D, C3, 55, 8B, EC, 51, 51, 8D, 45, F8, 50, FF, 15, FC, 10, 63, 00, 8B, 4D, F8, 8B, 45, FC, 81, C1, 00, 80, C1, 2A, 6A, 00, 68, 80, 96, 98, 00, 15, 21, 4E, 62, FE, 50, 51...
 
[+]

Entropy:
6.6364

Code size:
2.2 MB (2,290,688 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to a23-73-55-61.deploy.static.akamaitechnologies.com  (23.73.55.61:443)

TCP (HTTP SSL):
Connects to a23-209-68-11.deploy.static.akamaitechnologies.com  (23.209.68.11:443)

TCP (HTTP SSL):
Connects to a104-72-113-21.deploy.static.akamaitechnologies.com  (104.72.113.21:443)

Remove cltmngui.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.