home

cltmng.exe

Lenovo Browser Guard

ClientConnect LTD

The file belongs to the ClientConnect (Conduit/Perion) platform, a utility that bundles and monetizes search toolbars and browser add-ons. The application cltmng.exe by ClientConnect has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Lenovo Browser Guard by ClientConnect LTD which is a potentially unwanted software program. While running, it connects to the Internet address offering.service.distributionengine.va.conduit-services.com on port 80 using the HTTP protocol.
Publisher:
ClientConnect LTD  (signed and verified)

Product:
Lenovo Browser Guard

Version:
2.12.1.1

MD5:
646d2db7bbbb8def7bf225862e73b98e

SHA-1:
da8239eda94bb6d757806c657f72d053a42042e8

SHA-256:
614e250769da9e3605469d616ef5a90cc207f96faecef690e6f3c017e0aa69da

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
4/19/2024 11:42:36 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Conduit (M)
16.12.2.10

File size:
4.4 MB (4,652,360 bytes)

Product version:
2.12.1.1

Original file name:
Lenovo Browser Guard

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\lenovobrowserguard\lenovobrowserguard\bin\cltmng.exe

Digital Signature
Signed by:
ClientConnect LTD

Authority:
VeriSign, Inc.

Valid from:
1/27/2014 4:00:00 PM

Valid to:
1/29/2016 3:59:59 PM

Subject:
CN=ClientConnect LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Lenovo Browser Guard, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
177310CAE60BB43B9E75B02DA2C1AC11

File PE Metadata
Compilation timestamp:
3/13/2014 2:05:49 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
98304:SDbrgwVtwCbjBgBXx0PLc2BgcV0qjeeiY8Pt1VnB1:jAg0zc2BDjnOT

Entry address:
0x205D3D

Entry point:
E8, DA, AC, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, EC, 20, 53, 57, 33, DB, 6A, 07, 33, C0, 59, 8D, 7D, E4, 89, 5D, E0, F3, AB, 39, 45, 0C, 75, 15, E8, EF, 2C, 00, 00, C7, 00, 16, 00, 00, 00, E8, 17, 96, 00, 00, 83, C8, FF, EB, 4D, 8B, 45, 08, 85, C0, 74, E4, 56, 89, 45, E8, 89, 45, E0, 8D, 45, 10, 50, 53, FF, 75, 0C, 8D, 45, E0, 50, C7, 45, E4, FF, FF, FF, 7F, C7, 45, EC, 42, 00, 00, 00, E8, 43, B0, 00, 00, 83, C4, 10, FF, 4D, E4, 8B, F0, 78, 07, 8B, 4D, E0, 88, 19, EB, 0C, 8D, 45, E0, 50, 53, E8, 9E...
 
[+]

Entropy:
6.4712

Code size:
2.9 MB (3,065,344 bytes)

The file cltmng.exe has been discovered within the following program.

Lenovo Browser Guard  by ClientConnect LTD
This is a branded version for Lenovo of the Conduit/Perion Search Protect software, a potentially unwanted program that maintains the partner or affiliate directed web page.
79% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ude.conduit-data.com  (54.197.244.95:80)

TCP (HTTP):
Connects to offering.service.distributionengine.va.conduit-services.com  (199.101.114.147:80)

TCP (HTTP):
Connects to cms.distributionengine.conduit-services.com  (23.67.242.59:80)

 
http://cms.distributionengine.conduit-services.com//MainOffer/498678709/?CurrentStep=1&TotalSteps=5&DMVersion=1.9.8.4_Perion.498677586.04&Language=None

Remove cltmng.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.