home

ClientConnect LTD

Publisher Information

ClientConnect LTD is a software developer located in Ness Ziona, Israel*. The company is a primary distributor of unwanted software. ClientConnect is the division of browser toolbars and web browser extensions that was formed out of the merger of Conduit and Perion. Perion effectively took over Conduit's toolbar development and distribution business now named ClientConnect ("Conduit will spin off its Client Connect business, which includes its monetization and distribution platform for publishers and developers."). ClientConnect is the current distribution source of various bundlers including Search Protect and SweetPacks Toolbar. Thre are 33 additional code signing certificates issued to this publisher.
Authority:
Symantec Corporation

Valid from:
4/29/2014 2:00:00 AM

Valid to:
4/30/2016 1:59:59 AM

Subject:
CN=ClientConnect LTD, OU=SPStub, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
36ac210d3412c8646eb3f4c8ee541402

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.ClientConnect.G, PUP.ClientConnect.J, PUP.ClientConnect.H, PUP.ClientConnect.F, Threat.Conduit.Installer, PUP.Installer.ClientConnect.H, PUP.Conduit.ClientConnect.Installer (M), PUP.Conduit.ClientConnect (M), PUP.Conduit.ClientCo.Installer (M), PUP.Conduit (M)
100.00%

AVG
Generic
50.00%

VIPRE Antivirus
Threat.4786236, Conduit
46.00%

Dr.Web
Adware.Conduit.101
44.00%

ESET NOD32
Win32/ClientConnect (variant), Win32/Conduit.SearchProtect (variant)
42.00%

Baidu Antivirus
Adware.Win32.Conduit, Trojan.Win32.ClientConnect, PUA.Win32.ClientConnect, PUA.Win32.Conduit.bSearchProtect, PUA.Win32.Conduit.BSearchProtect
36.00%

IKARUS anti.virus
PUA.ClientConnect, PUA.Conduit.SearchProtect
30.00%

Trend Micro House Call
Suspicious_GEN.F47V0806, Suspicious_GEN.F47V0820, Suspicious_GEN.F47V0817, TROJ_GEN.R02SH07JL14, TROJ_GEN.R047H07KN14, TROJ_SPNR.0CKI14
24.00%

NANO AntiVirus
Trojan.Win32.Conduit.deinwc, Riskware.Win32.Conduit.ddwbvh, Riskware.Win32.Conduit.deihaz
22.00%

Malwarebytes
PUP.Optional.Conduit.A, PUP.Optional.SearchProtect.A
20.00%

1 / 68      (Adware)
spstub.exe (by ClientConnect)  (0b813086a3400aafa1639d08823fbd46)

1 / 68      (Adware)
sp-downloader.exe (by ClientConnect)  (4b1f3f48d58e582075a582c9db11a5ce)

1 / 68      (Adware)
spstub.exe (by Client Connect)  (b101dd27c79ade265e2704efd28e9d67)

1 / 68      (Adware)
sp-downloader.exe (by ClientConnect)  (df3f68ef7a96f213be96810f6cf191d4)

1 / 68      (Adware)
spstub.exe (by ClientConnect)  (4d55060936a55c325a6d729ac0b9c14f)

1 / 68      (Adware)
spstub.exe (by Client Connect)  (fdd9ddc0d91cd079bcc70410f9abccbe)

1 / 68      (Adware)
spstub.exe (by Client Connect)  (fc1e807665dc255288e9a54490d418fc)

1 / 68      (Adware)
spstub.exe  (a5fd28f936a5878e139256dd26911874)

1 / 68      (Adware)
sp-downloader.exe (by ClientConnect)  (92d7d13a6404e9d760889c69a29a2c29)

1 / 68      (Adware)
tmp000048b4 (by mail business)  (041ea01ed45eee4478b4162eb262ebc4)

1 / 68      (Adware)
spstub.exe (by Client Connect)  (ff23362d01e8c5406774e2edf116fb5b)

1 / 68      (Adware)
spnocrc.exe (by 749798642859033)  (9e64836a8027170e28323cba4c02bf2a)

1 / 68      (Adware)
sp-downloader.exe (by ClientConnect)  (3610c6b052d9e9a022172bb045a4006d)

1 / 68      (Adware)
sp-downloader.exe (by ClientConnect)  (00ce23bc2c5415b23cb4c1a37daa8001)

1 / 68      (Adware)
sp-downloader.exe (by ClientConnect)  (2f1e36028b61100ccd8eebdf2cf923f8)

1 / 68      (Adware)
sp-downloader.exe (by ClientConnect)  (7cb5b7b7738c48876581ac5e0e465986)

1 / 68      (Adware)
sp-downloader.exe (by ClientConnect)  (2f4fb4473622e8c065d62756db34df30)

1 / 68      (Adware)
spstub.exe (by ClientConnect)  (0b813086a3400aafa1639d08823fbd46)

1 / 68      (Adware)
a2-downloader.exe (by Client Connect)  (6ed7df48e0b5ccfd71c504587e472910)

1 / 68      (Adware)
searchprotect_non.exe (by ClientConnect)  (4e495526e529a1b7cdbc8b1391715737)

1 / 68      (Adware)
sp-downloader.exe (by ClientConnect)  (34a8151c584c7ca78acf74caffb4d22b)

1 / 68      (Adware)
sp-downloader.exe (by ClientConnect)  (f56a5566a5170f6db884b691182c78c5)

1 / 68      (Adware)
sp-downloader.exe (by ClientConnect)  (60ff2732186f02ab17115f375769d53c)

1 / 68      (Adware)
spstub.exe (by Client Connect)  (c252604d5c60a18f20926dc5bf6b71be)

1 / 68      (Adware)
stubutils.dll  (740ec1f8d28ee4da0bb57fee2cbae0bc)

1 / 68      (Adware)
spnocrc.exe (by gram Company)  (9f0182b31a6a24859a01ade348ae0f15)

1 / 68      (Adware)
sp-downloader.exe (by ClientConnect)  (3ef005a5786eb1e9cceefb7828e43aea)

13 / 68    (Adware)
optin.php (by Six days Company 2014)  (12140c92264821f3f0b1bb9f047282b4)

34 / 68    (Adware)
spnocrc.exe (by MGMA consulting)  (89e2c36f8c7e564552966bce395be860)

9 / 68      (Adware)
159a2840-sample (by SKjuNw897XevMIi)  (1f6a5fab5b2edc8af9e089886bfdb5d8)

 
Latest 30 of 54 files

Downloads URLs for files signed by ClientConnect LTD.

6 / 68      (Adware)
https://sp-storage.spccinta.com//.../spstub.exe  (b101dd27c79ade265e2704efd28e9d67)

1 / 68      (Adware)
http://sp-storage.spccinta.com/.../spstub.exe  (a5fd28f936a5878e139256dd26911874)

1 / 68      (Adware)
https://s3-us-west-2.amazonaws.com/.../a2-downloader.exe  (6ed7df48e0b5ccfd71c504587e472910)

6 / 68      (Adware)
http://211.162.127.14/files/4047000000A066E6/sp-storage.spccinta.com/.../spstub.exe  (b101dd27c79ade265e2704efd28e9d67)

9 / 68      (Adware)
http://j.wecan-software.com/inst/software/6EF0DFB6-DF59-4838-8750-948C913FD15E/.../sp-downloader.exe  (add8a127ac763d14689cb270214bee4d)

10 / 68    (Adware)
http://113.171.224.213/.../spstub.exe  (ae9dc93c1788422a2affa1f804f498a6)

9 / 68      (Adware)
https://sp-storage.conduit-services.com/sp-downloader.exe  (add8a127ac763d14689cb270214bee4d)

9 / 68      (Adware)
http://d2vubraihqcany.cloudfront.net/Installer/.../sp-downloader_121.exe  (add8a127ac763d14689cb270214bee4d)

10 / 68    (Adware)
http://113.171.224.214/.../Stub.exe  (ae9dc93c1788422a2affa1f804f498a6)

9 / 68      (Adware)
http://j.versscom.net/inst/software/6EF0DFB6-DF59-4838-8750-948C913FD15E/.../sp-downloader.exe  (add8a127ac763d14689cb270214bee4d)

9 / 68      (Adware)
http://j.verrsin.net/inst/software/6EF0DFB6-DF59-4838-8750-948C913FD15E/.../sp-downloader.exe  (add8a127ac763d14689cb270214bee4d)

10 / 68    (Adware)
https://sp-storage.spccinta.com//.../spstub.exe  (4b07b45cbb7dde9b1a40b6ed5bb8d7df)

7 / 68      (Adware)
http://sp-storage.spccinta.com/.../spstub.exe  (cb216aa50479aafaaaa3f69262417a9b)

10 / 68    (Adware)
http://sp-storage.spccinta.com/.../spstub.exe  (4b07b45cbb7dde9b1a40b6ed5bb8d7df)

9 / 68      (Adware)
https://sp-storage.spccinta.com//sp-downloader.exe  (add8a127ac763d14689cb270214bee4d)

8 / 68      (Adware)
https://sp-storage.conduit-services.com/.../spstub.exe  (6fd673efd6e4d460318c4f9ee43367c8)

9 / 68      (Adware)
https://sp-storage.spccint.com/sp-downloader.exe  (add8a127ac763d14689cb270214bee4d)

9 / 68      (Adware)
http://sp-storage.spccinta.com/.../spstub.exe  (2c9c3953842de6e7607e62c8d422be9e)

9 / 68      (Adware)
https://sp-storage.conduit-services.com/.../spstub.exe  (2c9c3953842de6e7607e62c8d422be9e)

10 / 68    (Adware)
http://c-sp-storage.spccint.com/stub/.../Stub.exe  (ae9dc93c1788422a2affa1f804f498a6)

8 / 68      (Adware)
http://sp-storage.spccinta.com/.../spstub.exe  (6fd673efd6e4d460318c4f9ee43367c8)

8 / 68      (Adware)
https://sp-storage.conduit-services.com/.../spstub.exe  (a90faa6449a4beca4466564510991bb1)

7 / 68      (Adware)
https://sp-storage.conduit-services.com/.../spstub.exe  (cb216aa50479aafaaaa3f69262417a9b)

6 / 68      (Adware)
https://sp-storage.conduit-services.com/.../spstub.exe  (b101dd27c79ade265e2704efd28e9d67)

8 / 68      (Adware)
http://sp-storage.spccinta.com/.../spstub.exe  (a90faa6449a4beca4466564510991bb1)

6 / 68      (Adware)
http://sp-storage.spccinta.com/.../spstub.exe  (b101dd27c79ade265e2704efd28e9d67)

10 / 68    (Adware)
http://sp-storage.spccinta.com/.../spstub.exe  (ae9dc93c1788422a2affa1f804f498a6)

10 / 68    (Adware)
https://sp-storage.spccinta.com//.../spstub.exe  (ae9dc93c1788422a2affa1f804f498a6)

10 / 68    (Adware)
https://sp-storage.conduit-services.com/.../spstub.exe  (ae9dc93c1788422a2affa1f804f498a6)

9 / 68      (Adware)
https://sp-storage.spccinta.com/sp-downloader.exe  (add8a127ac763d14689cb270214bee4d)

 
Latest 30 of 30 download URLs

Top-level domains owned by ClientConnect LTD.

dmccint.com

trovi.com

The following websites host and distribute files published by ClientConnect LTD.

j.wecan-software.com

j.verrsin.net

j.versscom.net

c-sp-storage.spccint.com

d2vubraihqcany.cloudfront.net

sp-storage.spccinta.com

sp-storage.spccint.com

sp-storage.conduit-services.com

The certificates below are also signed by ClientConnect LTD.

5FEA58D33339A83AFF7BBC2ED9DC286F  (Jan 03, 2017 to Jan 05, 2019)

1B0C48124AB3892D25AE79EEB1B88130  (Feb 23, 2016 to Feb 24, 2017)

26D4EF6AEEB0F8578EEA54D853CC940C  (Feb 09, 2016 to Feb 10, 2017)

354F4C7E49A131A6E4BF89B253C78A2D  (Dec 30, 2014 to Dec 26, 2016)

07A465C6BD7A554BCBAC4E39D5889DAF  (Nov 23, 2014 to Nov 23, 2016)

6E08571F7C2C630E2F418F38E3B31674  (Jul 30, 2014 to Jul 31, 2016)

3215FFC06E15A37E45F6521CECC8C3BD  (Jul 09, 2014 to Jul 10, 2016)

552491364DFD4261C3C5D20F5503F94C  (Jun 19, 2014 to Jun 20, 2016)

41E7062BC1FD079BD90453D7B130730C  (Jun 15, 2014 to Jun 16, 2016)

2212C4948383813DC0714A0028280207  (May 27, 2014 to May 28, 2016)

10 of 33 code signing certificates issued

The following publishers (by Authenticode signature organization name) are related.

Perion Network Ltd.

SweetIM Technologies Ltd

Conduit Ltd.

PC Utilities Software Limited

NOSIBAY

EasyVpn

Web Bar Media

ClaraLabSoftware

System Alerts

Shulan Hou

Nano Surfer

Core Systems

Irrational Number Applications

BERSHNET LLC

Download Assistant

Boxore OU

Iminent Technology SRL

Mezaa

YUMON SYSTEM SL

Sea Bug

Xiaoqing Liu

Jabuticaba Ltd

Weather Protector LLC

Start Now

* Note, the details and description above are based on the code signing digital signature issued to ClientConnect LTD by Symantec Corporation on April 29, 2014 with the serial number '36ac210d3412c8646eb3f4c8ee541402'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.