» conduitinstaller.exe
Overview
Analysis
File Details
Programs (4)
Network (5)

conduitinstaller.exe

Conduit Ltd.

The file belongs to the Conduit API platform, a utility that bundles and monetizes search toolbars and web browser extensions. The application conduitinstaller.exe by Conduit has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the Wise Installer installer. Additionally, the file is typically installed by a number of programs including Power Sound Editor Free by FAE Inc. and Sunny Village Screensaver 1.0 by FullScreensavers.com. It is also typically executed from the user's temporary directory.

File name:

Publisher:

Conduit (signed by Conduit Ltd.)

Version:

1.2.0.0

MD5:

37b64814b6c9331de3bed25504cfe554

SHA-1:

6e31a6d60056ae0aa43dc0ef2501e0a83ff0c782

SHA-256:

8bda68ff75115705230b5afcb5985a7b98510e42edd73c6842fc9acc23ac3fed

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:

4/25/2024 9:46:30 PM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Optional.Conduit.Q

188838

Reason Heuristics

PUP.Conduit.Q

14.8.7.22

VIPRE Antivirus

Conduit

25050

File size:

275.7 KB (282,296 bytes)

Conduit Ltd.

File type:

Executable application (Win32 EXE)

Installer:

Wise Installer

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\conduitinstaller.exe

Digital Signature

Signed by:

Conduit Ltd.

Authority:

VeriSign, Inc.

Valid from:

2/17/2010 7:00:00 AM

Valid to:

3/30/2013 6:59:59 AM

Subject:

CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., S=Israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3736DA15AF647632CCE61CD41B6577DD

File PE Metadata

Compilation timestamp:

10/26/2001 2:47:11 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:oXUlmIMLPkuWCgXmyaun3sBPV8aspReyM8oyasBPV8aspReyM8oysE:JlmhLR63sBPOLfef8onsBPOLfef8oLE

Entry address:

0x21AF

Entry point:

55, 8B, EC, 81, EC, 2C, 05, 00, 00, 53, 56, 57, 6A, 01, 5E, 6A, 04, 89, 75, E8, FF, 15, 54, 40, 40, 00, FF, 15, 50, 40, 40, 00, 8B, F8, 89, 7D, F4, 8A, 07, 3C, 22, 0F, 85, CC, 00, 00, 00, 8A, 47, 01, 47, 89, 7D, F4, 33, DB, 3A, C3, 74, 0D, 3C, 22, 74, 09, 8A, 47, 01, 47, 89, 7D, F4, EB, EF, 80, 3F, 22, 75, 04, 47, 89, 7D, F4, 80, 3F, 20, 75, 09, 47, 80, 3F, 20, 74, FA, 89, 7D, F4, 53, FF, 15, 6C, 40, 40, 00, 80, 3F, 2F, 89, 45, F8, 75, 64, 8A, 47, 01, 3C, 53, 74, 04, 3C, 73, 75, 06, 89, 35, 58, 53, 40, 00... 
[+]

Entropy:

7.9693

Packer / compiler:

Wise Installer Stub

Code size:

8.5 KB (8,704 bytes)

The file conduitinstaller.exe has been discovered within the following programs.

Animated Aquaworld Screensaver 1.0 by FullScreensavers.com

Animated Aquaworld Screensaver bundles a branded version of the Conduit Toolbar and/or the Babylon Toolbar, which delivers search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar.

www.fullscreensavers.com

67% remove it

BitLord 2.0 by House of Life

www.bitlord.com

About 2% of users remove it

Power Sound Editor Free by FAE Inc.

Power Sound Editor Free bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).

About 12% of users remove it

Sunny Village Screensaver 1.0 by FullScreensavers.com

Sunny Village Screensaver bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).

62% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to a23-78-253-35.deploy.static.akamaitechnologies.com (23.78.253.35:80)

TCP (HTTP):

Connects to a23-221-228-187.deploy.static.akamaitechnologies.com (23.221.228.187:80)

TCP (HTTP):

Connects to a23-53-55-120.deploy.static.akamaitechnologies.com (23.53.55.120:80)

TCP (HTTP):

Connects to a23-198-199-221.deploy.static.akamaitechnologies.com (23.198.199.221:80)

TCP (HTTP):

Connects to a23-10-23-188.deploy.static.akamaitechnologies.com (23.10.23.188:80)

Remove conduitinstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.