» ielogic.exe
Overview
Analysis
File Details
Network (2)

ielogic.exe

Conduit Ltd.

It is part of the Conduit Toolbar platform (bundled adware) and is the package designed to install the toolbar in Internet Explorer. The application ielogic.exe, “Online_Sharing Toolbar” by Conduit has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Conduit Toolbar Manager installer. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address setupapi.toolbar.conduit-services.com on port 80 using the HTTP protocol.

File name:

ielogic.exe

Publisher:

Conduit (signed by Conduit Ltd.)

Description:

Online_Sharing Toolbar

Version:

6.9.0.16

MD5:

f4808a15833fc9a5e151205ff1feec5e

SHA-1:

a9e5b03429b40a3b2e63b259d4b0f03a494d120f

SHA-256:

925f930696d4a658b85db8afd0c0be7489b371a779c4b939aff80f1231d778f0

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

This component is distributed and installed with the Conduit Toolbar platform.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

5/6/2024 5:56:54 PM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Optional.Conduit

188838

Reason Heuristics

PUP.Conduit.Bundler (M)

16.2.4.17

File size:

2.1 MB (2,166,448 bytes)

Conduit Ltd.

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Conduit Toolbar Manager (using Nullsoft Install System)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\ielogic.exe

Digital Signature

Signed by:

Conduit Ltd.

Authority:

VeriSign, Inc.

Valid from:

2/17/2010 1:00:00 AM

Valid to:

3/30/2013 12:59:59 AM

Subject:

CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., S=Israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3736DA15AF647632CCE61CD41B6577DD

File PE Metadata

Compilation timestamp:

2/24/2012 8:19:54 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:KZa32VTezhpCeKK9XCvi9HtnUZcXcR65VzTT1eoNBCCf2+:F32lbE9jnU+sR2pnBCm

Entry address:

0x3883

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, 92, 40, 00, FF, 15, 84, 81, 40, 00, 68, 4C, 92, 40, 00, 68, C0, AD, 46, 00, E8, 18, 27, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 06, 27, 00, 00... 
[+]

Entropy:

7.9947

Packer / compiler:

Nullsoft install system v2.x

Code size:

27.5 KB (28,160 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to setupapi.toolbar.conduit-services.com (199.101.115.1:80)

TCP (HTTP):

Connects to setupapi.toolbar.ams.conduit-services.com (195.78.120.169:80)

Remove ielogic.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.