PluginsWhiteListing.dll

PluginsWhiteListing

Conduit Ltd.

The file belongs to the Conduit API platform, a utility that bundles and monetizes search toolbars and web browser extensions. The module PluginsWhiteListing.dll by Conduit has been detected as a potentially unwanted program by 5 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘PluginsWhiteListing’. It is also typically executed from the user's temporary directory.
Remove PluginsWhiteListing.dll - Powered by Reason Core Security
Publisher:
Conduit Ltd.  (signed and verified)

Product:
PluginsWhiteListing

Version:
1.0.0.1

MD5:
cdc09ef9fe998ed1bb13015c5bf0c07d

SHA-1:
0cc9b32a52da5e9f18e67a31803afbf524ef9f42

SHA-256:
af8c6ec5b4361f211da7c9de830d7a10a112cf5ec65eee26a932a5a1ce08462a

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
8/31/2015 6:46:24 PM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
PUP.PluginsWhiteListing.Conduit.T
2013.11.20.5

CMC Antivirus
Trojan.Win32.Patched!O
1.1.0.977

Panda Antivirus
Adware/Conduit
14.02.14.12

Reason Heuristics
PUP.Startup.Conduit.T
14.8.7.22

VIPRE Antivirus
Conduit
24060

Remove PluginsWhiteListing.dll - Powered by Reason Core Security
File size:
189.8 KB (194,336 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2013

Original file name:
PluginsWhiteListing.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Hebrew (Israel)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\crx_install\whitelisting\pluginswhitelisting.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/2/2013 4:00:00 PM

Valid to:
4/3/2016 4:59:59 PM

Subject:
CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3A82654719D8F75B59134F7B66465210

File PE Metadata
Compilation timestamp:
11/10/2013 4:37:15 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:xtS3YijONZFFLiwAcjMouJ5crGmbpQkPHso+341YdXdUTClI:+3tjONZWVcVQGLQkPMoPQ+MI

Entry address:
0xFD08

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, F3, 79, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 75, 0B, FF, 75, 0C, E8, 74, F9, FF, FF, 59, 5D, C3, 56, 8B, 75, 0C, 85, F6, 75, 0D, FF, 75, 08, E8, 78, F7, FF, FF, 59, 33, C0, EB, 4D, 57, EB, 30, 85, F6, 75, 01, 46, 56, FF, 75, 08, 6A, 00, FF, 35, 3C, BF, 02, 10, FF, 15, F8, 30, 02, 10, 8B, F8, 85, FF, 75, 5E, 39, 05, A0, C5, 02, 10, 74, 40, 56, E8, 53, 4F, 00, 00, 59, 85, C0, 74...
 
[+]

Entropy:
6.5536

Code size:
135.5 KB (138,752 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PluginsWhiteListing

Command:
"C:\windows\syswow64\rundll32.exe" "C:\users\{user}\appdata\local\whitelisting\pluginswhitelisting.dll",dllruntbwhitelistplugin


Remove PluginsWhiteListing.dll - Powered by Reason Core Security