sptool.dll

Search Protect

ClientConnect LTD

The file belongs to the ClientConnect (Conduit/Perion) platform, a utility that bundles and monetizes search toolbars and browser add-ons. The module sptool.dll by ClientConnect has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Client Connect LTD  (signed by ClientConnect LTD)

Product:
Search Protect

Version:
2.21.200.26

MD5:
742322f500f0469c29d5a75d2ec95302

SHA-1:
8f203242c27f72a31d259bf9bf29d1fd359a91f9

SHA-256:
8831101b5939a5784e702fc4079869c7fa302285c5b48c59df7ae8d46312c6f9

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
9/25/2020 10:38:29 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Conduit (M)
17.3.5.17

File size:
2.7 MB (2,778,896 bytes)

Product version:
2.21.200.26

Copyright:
© 2014 ClientConnect Ltd.

Original file name:
SearchProtect (R)

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\windows\temp\{random}.tmp\sptool.dll

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
12/30/2014 10:00:00 PM

Valid to:
12/26/2016 9:59:59 PM

Subject:
CN=ClientConnect LTD, OU=Safe Search, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
354F4C7E49A131A6E4BF89B253C78A2D

File PE Metadata
Compilation timestamp:
3/4/2015 2:16:37 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x17DB60

Entry point:
08, 8B, 40, 64, 89, 06, 3B, FB, 74, 44, 8B, 87, 9C, 00, 00, 00, 8B, 00, 8D, 48, 14, 89, 4E, 10, 8D, 48, 38, 50, 89, 46, 0C, 89, 4E, 14, E8, DB, B4, FF, FF, 59, 89, 5E, 48, 89, 5E, 44, 38, 5D, 0C, 74, 1B, 8B, 45, 08, 3B, C3, 74, 14, 8B, 40, 28, 8B, 00, 89, 46, 48, 8B, 87, 9C, 00, 00, 00, 8B, 40, 24, 89, 46, 44, 89, 5E, 18, 89, 5E, 1C, 89, 5E, 20, 89, 5E, 24, 89, 5E, 28, 89, 5E, 2C, 5B, 5D, C3, 55, 8B, EC, 83, 7D, 08, 01, 75, 04, 33, C0, 5D, C3, 81, 7D, 0C, D8, 04, 00, 00, 73, 05, 6A, 6B, 58, 5D, C3, 81, 7D...
 
[+]

Code size:
1.9 MB (2,031,104 bytes)

Remove sptool.dll - Powered by Reason Core Security