home

ielogic.exe

Conduit Ltd.

It is part of the Conduit Toolbar platform (bundled adware) and is the package designed to install the toolbar in Internet Explorer. The application ielogic.exe by Conduit has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Conduit Toolbar Manager installer. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address setupapi.toolbar.conduit-services.com on port 80 using the HTTP protocol.
Publisher:
Conduit  (signed by Conduit Ltd.)

Description:
Juegos- Toolbar

Version:
6.8.5.1

MD5:
fdb65639f0d64fc046a80d4e1fec10dd

SHA-1:
9973965fcb87b0eebb8ef59b6fdee820a36cdf72

SHA-256:
da1d4f364289cf903547f89ba6daa9757af10c87beb65ef4abb570e4dc98c758

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
This component is distributed and installed with the Conduit Toolbar platform.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/4/2024 2:48:04 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Conduit.Bundler (M)
16.2.15.18

File size:
2 MB (2,144,600 bytes)

Copyright:
Conduit Ltd.

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Conduit Toolbar Manager (using Nullsoft Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ielogic.exe

Digital Signature
Signed by:
Conduit Ltd.

Authority:
VeriSign, Inc.

Valid from:
2/17/2010 1:00:00 AM

Valid to:
3/30/2013 12:59:59 AM

Subject:
CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3736DA15AF647632CCE61CD41B6577DD

File PE Metadata
Compilation timestamp:
8/7/2009 10:30:35 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:MxYZa323xK5Mq18joShqj7GCbUynXN/LiHZkMn6YeqK1eoNjXhVQ:MF323g5tWNqBUc+HZmhn8

Entry address:
0x33E0

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 78, 06, 47, 00, E8, 64, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, 90, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, 80, 85, 46, 00, E8, 32, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 20, 26, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to setupapi.toolbar.conduit-services.com  (199.101.115.1:80)

TCP (HTTP):
Connects to setupapi.toolbar.ams.conduit-services.com  (195.78.120.169:80)

Remove ielogic.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.