home

mixicnd_cid2_20130716.exe

Conduit

This is part of the Conduit platform, a browser extension desigend to manage and control the web browser's search provider functionality. The application mixicnd_cid2_20130716.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer, however the file is not signed with an authenticode signature from a trusted source. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from d3emsmln8xfj03.cloudfront.net and multiple other hosts.
Publisher:
Conduit

Product:
Conduit

Version:
1.0

MD5:
0172264953cc69a9edee751407cd8a91

SHA-1:
ac254ea848c4ac6f712c2181022e971aed845c43

SHA-256:
c755b3aad5e216cd4d64098174eed453244d6558e7b30c063670adf934c9a44f

Scanner detections:
14 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/26/2024 8:36:23 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Conduit
4.0.3.131125

Bkav FE
W32.Clod9c2.Trojan
1.3.0.4923

Boost by Reason
Adware.Conduit.Y
2013.7.26.17

Dr.Web
Trojan.DownLoader9.50123
9.0.1.0207

ESET NOD32
Win32/DownWare
7.9360

Fortinet FortiGate
W32/OutBrowse.C
11/25/2013

K7 AntiVirus
Trojan
13.175.11015

Malwarebytes
PUP.Optional.Conduit.A
v2013.11.25.01

McAfee
Artemis!0172264953CC
5600.7148

Panda Antivirus
Adware/Conduit
14.02.11.11

Reason Heuristics
PUP.Conduit.V
14.2.26.9

Trend Micro House Call
TROJ_GEN.R0CBB01AC14
7.2.329

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

VIPRE Antivirus
Conduit
25980

File size:
337.8 KB (345,935 bytes)

Copyright:
© Conduit

Trademarks:
Conduit

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\mixicnd_cid2_20130716.exe

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:ke34hvgpF8/yxaL0vEdazTP6N0tx61PJKnUWzDtiPJVSUfQ+Uw:E4pRhEdaXO0a1Ps74/ZQC

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8150  (probably packed)

Code size:
23.5 KB (24,064 bytes)

The file mixicnd_cid2_20130716.exe has been seen being distributed by the following 2 URLs.

http://d3emsmln8xfj03.cloudfront.net/bundles/.../MixiCND_CID2_20130716.exe

http://d3d6wi7c7pa6m0.cloudfront.net/bundles/.../MixiCND_CID2_20130716.exe

Remove mixicnd_cid2_20130716.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.