screenglazeuninstaller.exe

ScreenGlaze

ClientConnect LTD

The file belongs to the ClientConnect (Conduit/Perion) platform, a utility that bundles and monetizes search toolbars and browser add-ons. The application screenglazeuninstaller.exe, “ScreenGlaze Screen Saver” by ClientConnect has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This is the uninstaller utility registered in the Windows Control Panel for the program ScreenGlaze by Client Connect LTD.
Publisher:
Client Connect  (signed by ClientConnect LTD)

Product:
ScreenGlaze

Description:
ScreenGlaze Screen Saver

Version:
1.1.112.1

MD5:
5644656156c1a1cf6477653f0011cbaf

SHA-1:
f36b8f8a31be21c8cebd346484c828788c3bf46d

SHA-256:
a525b6b7c65e892a03411a3410cea902a2e633e5e5760b9b615976e48c46bbb7

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:
10/29/2020 10:40:34 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.ClientConnect
4.0.3.15326

ESET NOD32
Win32/ClientConnect.A potentially unwanted application
7.0.302.0

Reason Heuristics
PUP.Installer.Conduit
15.3.26.0

Rising Antivirus
NORMAL:Trojan.DL.Script.Agent.am!1595604
23.00.65.15324

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4786236
38552

File size:
62.1 KB (63,616 bytes)

Copyright:
Client Connect LTD.

Trademarks:
Client Connect LTD.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\Program Files\screenglaze\uninstaller\screenglazeuninstaller.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
11/23/2014 4:00:00 PM

Valid to:
11/23/2016 3:59:59 PM

Subject:
CN=ClientConnect LTD, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
07A465C6BD7A554BCBAC4E39D5889DAF

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:JpgpHzb9dZVX9fHMvG0D3XJbMIFK1KYqmlYkf2rD1F:DgXdZt9P6D3XJbMAzYqmlYkOrDL

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.2396

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Program Uninstaller
Program name:
ScreenGlaze

Display publisher:
Client Connect LTD

Display version:
1.1.126.1

Uninstall string:
"C:\Program Files\ScreenGlaze\Uninstaller\ScreenGlazeUninstaller.exe"


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to cms.dmccint.com  (23.67.242.80:80)

 
http://cms.dmccint.com/DynamicOffer/19454716/19475839/?mainofferId=19451282&CurrentStep=2&TotalSteps=4&DownloadBrowser=IE&CType=-1&UserMode=-1&DMVersion=1.3.9.94.19474705.01&Language=US-EN

Remove screenglazeuninstaller.exe - Powered by Reason Core Security