» vc64loader.dll
Overview
Analysis
File Details
Programs (1)

vc64loader.dll

The module vc64loader.dll has been detected as a potentially unwanted program by 22 anti-malware scanners. This file is typically installed with the program Search Protect by Client Connect LTD which is a potentially unwanted software program.

File name:

vc64loader.dll

MD5:

2002eebcdfaf67217e2d499324e50bf5

SHA-1:

2e0eea5088f01bb87576294f1f637252bf51b1eb

SHA-256:

575965bf648b86dbc7dfd522dbe994ee0c4b12e2b0e72822e26b9d6c04455285

Scanner detections:

22 / 68

Status:

Potentially unwanted

Explanation:

Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:

4/25/2024 1:00:30 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.SearchProtect.AM

741

AhnLab V3 Security

PUP/Win32.SearchProtect

2014.12.29

Avira AntiVirus

TR/Drop.Softomat.AN

7.11.197.154

AVG

SearchProtect

2016.0.3219

Baidu Antivirus

Hacktool.Win32.SearchProtect

4.0.3.15124

Bitdefender

Application.SearchProtect.AM

1.0.20.120

Emsisoft Anti-Malware

Application.SearchProtect.AM

8.15.01.24.11

ESET NOD32

Win32/ClientConnect (variant)

9.10937

Fortinet FortiGate

Riskware/Searchprotect

1/24/2015

F-Secure

Application.SearchProtect.AM

11.2015-24-01_7

G Data

Application.SearchProtect.AM

15.1.24

Kaspersky

not-a-virus:RiskTool.Win32.SearchProtect

14.0.0.2590

Malwarebytes

PUP.Optional.SearchProtect.A

v2015.01.24.11

McAfee

Artemis!A12977AC638F

5600.6875

MicroWorld eScan

Application.SearchProtect.AM

16.0.0.72

Norman

Application.SearchProtect.AM

11.20150124

Qihoo 360 Security

Win32/Application.edc

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.1.24.23

Sophos

Conduit Search Protect

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10095

Trend Micro House Call

Suspicious_GEN.F47V1226

7.2.24

VIPRE Antivirus

Conduit

36170

File size:

239.3 KB (245,008 bytes)

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\searchprotect\searchprotect\bin\vc64loader.dll

File PE Metadata

Compilation timestamp:

1/12/2015 11:03:06 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

3072:EsxM8jskq20laE5K4HT8RTypdpzNXsgRIUnHqRSK+Sy12nP3FdqqwlMdbyHI12bE:EsxM9zlaEQxTYz+8IUnHqRFVP3JWet

Entry address:

0x1309C

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, FF, 41, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, B8, 47, 02, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.0584

Code size:

140 KB (143,360 bytes)

The file vc64loader.dll has been discovered within the following program.

Search Protect by Client Connect LTD

Search Protect from Client Connect (formally Conduit, now a venture of Perion) is a homepage and search provider modifier that when installed will change the default web browser's home page and search pages to a partner portal such as Trovi.

www.conduit.com/searchprotect

79% remove it

Remove vc64loader.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.