node.exe

Guardbox

ClientConnect LTD

The file belongs to the ClientConnect (Conduit/Perion) platform, a utility that bundles and monetizes search toolbars and browser add-ons. The application node.exe by ClientConnect has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
ClientConnect Ltd.  (signed by ClientConnect LTD)

Product:
Guardbox

Version:
0.10.29

MD5:
37c5c08360795b97a9acce86caba4ba0

SHA-1:
12de60fbf011b5ca2f72608847abfa6c0aa36ee2

SHA-256:
6e2cb6e0103f66ad3cb92ee8a62369c82509033bb46d5c46383ceff35107be37

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
8/13/2020 12:53:14 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Conduit (M)
17.2.17.12

File size:
3 MB (3,148,752 bytes)

Product version:
0.10.29

Copyright:
© 2014 ClientConnect Ltd.

Original file name:
node.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\guardbox\1.1.1.14\node.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
7/9/2014 3:00:00 AM

Valid to:
7/10/2016 2:59:59 AM

Subject:
CN=ClientConnect LTD, OU=Guardbox, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
3215FFC06E15A37E45F6521CECC8C3BD

File PE Metadata
Compilation timestamp:
8/13/2014 2:14:46 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

Entry address:
0x187E9E

Entry point:
C4, C9, 4C, 7C, 44, 26, 6B, DB, 11, 82, CD, 03, AE, 2D, 82, FC, 4C, 20, 1D, 93, 10, 42, 2B, F3, 81, D7, 42, 1A, 37, C4, 7B, 7F, FD, 85, 33, 82, 58, A1, 7D, 68, 75, A6, 78, 25, E1, 1C, A0, FB, 9F, 96, 44, CC, 07, 95, 41, 9F, ED, 90, D6, 5C, 69, A8, D1, C3, 6D, 17, 90, 63, 15, A8, 80, 3C, 91, 96, B7, 08, 07, 0F, 72, F2, BB, 35, 0D, D6, 3B, 76, DD, 71, CD, EA, FC, 8D, 60, A1, 3A, 9D, E2, CB, 24, C3, 99, 4C, E9, 0E, B7, E4, 38, 17, 48, F1, 98, 6A, BD, A5, F2, F2, C1, 67, 53, 5E, 21, 14, A2, 6D, 33, 0D, 64, 68...
 
[+]

Code size:
1.6 MB (1,694,720 bytes)

Remove node.exe - Powered by Reason Core Security