PluginsWhiteListing.dll

PluginsWhiteListing

Conduit Ltd.

The file belongs to the Conduit API platform, a utility that bundles and monetizes search toolbars and web browser extensions. The module PluginsWhiteListing.dll by Conduit has been detected as a potentially unwanted program by 5 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘PluginsWhiteListing’. It is also typically executed from the user's temporary directory.
Publisher:
Conduit Ltd.  (signed and verified)

Product:
PluginsWhiteListing

Version:
1.0.0.1

MD5:
cdc09ef9fe998ed1bb13015c5bf0c07d

SHA-1:
0cc9b32a52da5e9f18e67a31803afbf524ef9f42

SHA-256:
af8c6ec5b4361f211da7c9de830d7a10a112cf5ec65eee26a932a5a1ce08462a

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
3/1/2014 6:22:27 AM UTC  (four months ago)

Scan engine
Detection
Engine version

Boost by Reason
PUP.PluginsWhiteListing.Conduit.T
2013.11.20.5

CMC Antivirus
Trojan.Win32.Patched!O
1.1.0.977

Panda Antivirus
Adware/Conduit
14.02.14.12

Reason Heuristics
PUP.Startup.Conduit.T
14.3.1.1

VIPRE Antivirus
Conduit
24060

File size:
189.8 KB (194,336 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2013

Original file name:
PluginsWhiteListing.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Hebrew (Israel)

Common path:
C:\users\user\appdata\local\temp\random.tmp\crx_install\whitelisting\pluginswhitelisting.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/2/2013 4:00:00 PM

Valid to:
4/3/2016 4:59:59 PM

Subject:
CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3A82654719D8F75B59134F7B66465210

File PE Metadata
Compilation timestamp:
11/10/2013 4:37:15 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:xtS3YijONZFFLiwAcjMouJ5crGmbpQkPHso+341YdXdUTClI:+3tjONZWVcVQGLQkPMoPQ+MI

Entry address:
0xFD08

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, F3, 79, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 75, 0B, FF, 75, 0C, E8, 74, F9, FF, FF, 59, 5D, C3, 56, 8B, 75, 0C, 85, F6, 75, 0D, FF, 75, 08, E8, 78, F7, FF, FF, 59, 33, C0, EB, 4D, 57, EB, 30, 85, F6, 75, 01, 46, 56, FF, 75, 08, 6A, 00, FF, 35, 3C, BF, 02, 10, FF, 15, F8, 30, 02, 10, 8B, F8, 85, FF, 75, 5E, 39, 05, A0, C5, 02, 10, 74, 40, 56, E8, 53, 4F, 00, 00, 59, 85, C0, 74...
 
[+]

Entropy:
6.5536

Code size:
135.5 KB (138,752 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PluginsWhiteListing

Command:
"C:\windows\syswow64\rundll32.exe" "C:\users\user\appdata\local\whitelisting\pluginswhitelisting.dll",dllruntbwhitelistplugin


There are 5 known versions of PluginsWhiteListing.dll by Conduit Ltd..

4 / 68      (PUP)
PluginsWhiteListing.dll  1.0.0.1  (bd236006a7939985f761ce9d160ba994cf90d3cf)

5 / 68      (PUP)
PluginsWhiteListing.dll  1.0.0.1  (75f280104aa87e8cf8267fa65fc0806afe8f84c7)

5 / 68      (PUP)
PluginsWhiteListing.dll  1.0.0.1  (0447d2507a2082097762cb7f189b23faf9c018f8)

5 / 68      (PUP)
PluginsWhiteListing.dll  1.0.0.1  (06fe4f6c6cefb2c91ec4d702d88a1e802f9f9ac2)

4 / 68      (PUP)
PluginsWhiteListing.dll  1.0.0.1  (70da109d63f3ead1e69e70cae2299cca8806fc52)

6 / 68      (PUP)
spstub.exe (by Conduit)  (954c6bc07e97c488d4a1ccb6a810b320e5edcc64)

4 / 68      (PUP)
inetc.dll  (c4fdab266af7f1c0eef0e77c77ed8ba38bcac667)

8 / 68      (PUP)
ielogic.exe  (116dffff1ea87751dbf56edce0bf61d3db4b2986)

10 / 68    (PUP)
tbverifier.dll  (5c4422b8a162afe9048e367c5b9c1932cca25a9e)

12 / 68    (PUP)
mconduitinstaller.exe (by Conduit)  (1426b95f2619e462f812f6807c88694df9fbece7)

12 / 68    (PUP)
stub.exe (by Conduit)  (2a6234ac2ff85e104f854c0bcdee42e70ca0a6ee)

5 / 68      (PUP)
prxtbbrow.dll  (c51d61a1083c6a927be3aa91bfc7aa63ba68daa0)

6 / 68      (PUP)
ConduitChromeApiPlugin.dll  (8fb67113d692fd8ebe0f313af5bb8ee49cc0a2b6)

4 / 68      (PUP)
ChromeApproveTBPlugin.dll  (f9519f15f083db2516ffef835b7e4489022fd7e9)

3 / 68      (PUP)
np-cwmp.dll  (1e97a5051d6f3ee0e53e2dd6890100cb9729889a)

4 / 68      (PUP)
npconduitnewtabplugin.dll  (fef0cf2770cf63ee53f85ccf45c909ca029cfbeb)

13 / 68    (PUP)
cltmngsvc.exe  (7d4a3ca3a3789d1ea7530fe4727d6ba8e8b47b83)

18 / 68    (PUP)
cltmng.exe  (fd93ccaeba15517ce2171a1637bc837d393ade8e)

15 / 68    (PUP)
internetexplorermodule.dll  (cdb2db2021c21556eb82f4316978b0382329809a)

14 / 68    (PUP)
firefoxmodule.dll  (6dc7867b24fa6111d0c6f71d4356b2ebc5c2c876)

22 / 68    (PUP)
chromemodule.dll  (3e528bf4bf06f3491d6d62cb756facd726252e87)

Detection Incidence by Country