home

ubrowser.exe

Conduit Update

Conduit LTD

The file belongs to the Conduit API platform, a utility that bundles and monetizes search toolbars and web browser extensions. The application ubrowser.exe, “Conduit Update Setup” by Conduit has been detected as adware by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from data.getu.com.
Publisher:
Conduit Inc.  (signed by Conduit LTD)

Product:
Conduit Update

Description:
Conduit Update Setup

Version:
1.3.25.23

MD5:
9e2212e8ac5c362eb2f9ee97146615dd

SHA-1:
2eacc8e68e0fe89b00642e1be20a51b9f00ce8af

SHA-256:
6d25e662f7ce77c5ed2eb30630a6cac8c762b76f19584da15f84b2fbaef27acd

Scanner detections:
3 / 68

Status:
Adware

Explanation:
Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:
4/19/2024 12:18:55 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.DownLoad3.31971
9.0.1.0227

herdProtect (fuzzy)
variant of ConduitUpdateSetup.exe (Adware)
2014.11.1.23

Reason Heuristics
PUP.Update.Conduit.I
14.8.15.8

File size:
625.7 KB (640,744 bytes)

Product version:
1.3.25.23

Copyright:
Copyright 2007-2010 Conduit Inc.

Original file name:
ConduitUpdateSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\ubrowser.exe

Digital Signature
Signed by:
Conduit LTD

Authority:
VeriSign, Inc.

Valid from:
1/15/2014 12:00:00 AM

Valid to:
1/16/2016 11:59:59 PM

Subject:
CN=Conduit LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=U Browser, O=Conduit LTD, L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7BF7E9BE929BAA59B8A623200B3A0704

File PE Metadata
Compilation timestamp:
2/17/2014 10:37:29 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:WLlhiJGT2lCtn+1Ez+NY6COSGGAJozrTgNC3bX57ublZX1Go+Pc:WZhiJI2Ytn0EqNY3n3zvgAj5PoP

Entry address:
0x4780

Entry point:
E8, F7, 15, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2A, 83, 78, 10, 03, 75, 24, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 05, E8, 4C, 16, 00, 00, 33, C0, 5D, C2, 04, 00, 68, 8A, 47, 40, 00, FF, 15, 08, D0, 40, 00, 33, C0, C3, 8B, FF, 55, 8B, EC, 57, BF, E8, 03, 00, 00, 57, FF, 15, 10, D0, 40, 00, FF, 75, 08, FF, 15, 0C, D0, 40, 00, 81, C7, E8, 03, 00, 00, 81, FF, 60, EA, 00...
 
[+]

Entropy:
7.8821  (probably packed)

Code size:
46 KB (47,104 bytes)

The file ubrowser.exe has been seen being distributed by the following URL.

http://data.getu.com/updater/srl/.../ubrowser.exe

Remove ubrowser.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.