aeldr.exe

ClientConnect LTD

The file belongs to the ClientConnect (Conduit/Perion) platform, a utility that bundles and monetizes search toolbars and browser add-ons. The application aeldr.exe, “ActionEngine Loader” by ClientConnect has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
ClientConnect LTD  (signed and verified)

Description:
ActionEngine Loader

Version:
8, 0, 0, 1000

MD5:
893f7a7befe3d5ef259674c0880a8ffc

SHA-1:
c7cdf1c9176bd13e08cff311b9c83b869f4197a6

SHA-256:
da9ee0f5bf6912f012779df3dcc2925e5c35e07f0230b6e9767b1cef36593e83

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
9/29/2020 6:08:15 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Conduit.ClientConnect (M)
16.1.27.17

File size:
27 KB (27,656 bytes)

Product version:
8, 0, 0, 1000

Copyright:
Copyright (C) 2010

File type:
Executable application (Win32 EXE)

Language:
Hebrew (Israel)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\Program Files\incredimail\bin\ae\aeldr.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
6/15/2014 2:00:00 AM

Valid to:
6/16/2016 1:59:59 AM

Subject:
CN=ClientConnect LTD, OU=IncrediMail, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
41E7062BC1FD079BD90453D7B130730C

File PE Metadata
Compilation timestamp:
10/13/2010 12:06:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
384:zBRXg4GhmlR67rJ0iiMLSJZdnwqglMbui+J7g+wSDDZJOMRqjT0SttnxpnYPLeZ:THUWVvZlwqMWqVg+wCV0jTdpFZ

Entry address:
0x3384

Entry point:
6A, 0C, 68, 00, 46, 40, 00, E8, 04, 12, 00, 00, 83, 65, E4, 00, 83, 65, FC, 00, E8, 71, FC, FF, FF, 89, 45, E4, EB, 07, 33, C0, 40, C3, 8B, 65, E8, 83, 4D, FC, FF, FF, 75, E4, FF, 15, 50, 10, 40, 00, CC, 55, 8B, EC, 8B, 45, 10, 56, FF, 75, 0C, 8B, F1, FF, 75, 08, 83, 26, 00, 50, 89, 46, 04, FF, 15, 54, 10, 40, 00, 89, 06, 8B, C6, 5E, 5D, C2, 0C, 00, FF, 31, FF, 71, 04, FF, 15, 58, 10, 40, 00, C3, 55, 8B, EC, 51, 51, 53, 56, 8B, F1, FF, 36, FF, 76, 04, FF, 15, C8, 10, 40, 00, 33, DB, 3B, C3, 75, 0A, FF, 15...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
15.5 KB (15,872 bytes)

Remove aeldr.exe - Powered by Reason Core Security