bitlord_1.01.exe

Conduit Ltd.

This is part of the Conduit platform, a browser extension desigend to manage and control the web browser's search provider functionality. The application bitlord_1.01.exe, “BitLord Installation” has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the Wise Installer installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.bitlord.com and multiple other hosts.
Publisher:
Conduit Ltd.

Description:
BitLord Installation

Version:
1.0.0.0

MD5:
411bfb9ca5ab068da136d5f15555e7db

SHA-1:
2dc5120fa3c513723a842f9bce50d8c2aa353a66

SHA-256:
cd9b62823a8b9f11ba81af67e2f79602c0605f56309c8ec2a9007cc6e46132f0

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:
12/29/2024 2:35:13 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Conduit.37
9.0.1.0194

ESET NOD32
Win32/Toolbar.Conduit (variant)
8.9920

Reason Heuristics
PUP.Installer.Conduit.L
14.7.13.0

VIPRE Antivirus
Conduit
30142

File size:
3 MB (3,096,064 bytes)

Copyright:
Conduit Ltd.

File type:
Executable application (Win32 EXE)

Installer:
Wise Installer

Language:
English (United States)

Common path:
C:\users\{user}\downloads\bitlord_1.01.exe

File PE Metadata
Compilation timestamp:
4/8/1999 3:24:47 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:j2kI+L9Vrpwin/djtavilx677QwSbH/cZe2iG9Dj0+NBuHNjSJIZyHAxc:jvf9Y4JtaalM78wSjUZXrpNsHNuJ5HA

Entry address:
0x1000

Entry point:
55, 8B, EC, 81, EC, 78, 05, 00, 00, 53, 56, BE, 04, 01, 00, 00, 57, 8D, 85, 94, FD, FF, FF, 56, 33, DB, 50, 53, FF, 15, 34, 20, 40, 00, 8D, 85, 94, FD, FF, FF, 56, 50, 8D, 85, 94, FD, FF, FF, 50, FF, 15, 30, 20, 40, 00, 8B, 3D, 2C, 20, 40, 00, 53, 53, 6A, 03, 53, 6A, 01, 8D, 85, 94, FD, FF, FF, 68, 00, 00, 00, 80, 50, FF, D7, 83, F8, FF, 89, 45, FC, 0F, 84, 7B, 01, 00, 00, 8D, 85, 90, FC, FF, FF, 50, 56, FF, 15, 28, 20, 40, 00, 8D, 85, 98, FE, FF, FF, 50, 53, 8D, 85, 90, FC, FF, FF, 68, 10, 30, 40, 00, 50...
 
[+]

Entropy:
7.9989

Packer / compiler:
Wise Installer Stub

Code size:
512 Bytes (512 bytes)

The file bitlord_1.01.exe has been seen being distributed by the following 4 URLs.

http://www.bitlord.com/BitLord_1.01.exe

http://98.139.212.7/us.f1610.mail.yahoo.com/ya/securedownload?clean=0&fid=@S@Search&mid=1_22_2_135313_0_ACDOjkQAAEljTEJCZQlbLEyUZXg&pid=2&tnef=&prefFilename=BitLord_1.01.exe&redirectURL=http://us.mc1610.mail.yahoo.com/.../showMessage?cmd=download.failure&fid=%40S%40Search&mid=1_22_2_135313_0_ACDOjkQAAEljTEJCZQlbLEyUZXg&pid=2&tnef=&prefFilename=BitLord_1.01.exe&view=none&cb=parent.attachmentFail&cred=QspavyIHZNqrAfW_At7ygF3jX4gD4biCA4Z3uD3wRikw_OaX.JU2JciteegZUWwCoappwVJZb8Nl2v6UtlaOhZSJR.KXoCIZxy2C3Atn8_HaDlYlxlf9xvvHWLdSmgBXaT805JILb47d&ts=1320932145&partner=ymail&sig=vru.AlD1O9ejaRIFP43yGg--

Remove bitlord_1.01.exe - Powered by Reason Core Security