bsplayer266-1075.exe

1.3.9.0.140330.04

ClientConnect LTD

The file belongs to the ClientConnect (Conduit/Perion) platform, a utility that bundles and monetizes search toolbars and browser add-ons. The application bsplayer266-1075.exe by ClientConnect has been detected as adware by 6 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from global-shared-files-l3.softonic.com and multiple other hosts. While running, it connects to the Internet address cms.dmccint.com on port 80 using the HTTP protocol.
Publisher:
ClientConnect LTD  (signed and verified)

Product:
1.3.9.0.140330.04

Description:
Setup.exe

Version:
1.3.9.0

MD5:
9d9d402a6be2c886518bdadb148448a8

SHA-1:
2132abdfb96ca780f910cd46d6d456c09c7d608e

SHA-256:
8b74e7011fa83a76e40a407bd99eb998ffb1eeabe231a437f9438e375363941d

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:
12/25/2024 1:41:20 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.Generic
2015.0.3513

ESET NOD32
Win32/Toolbar.Conduit.AB (variant)
8.9639

Malwarebytes
PUP.Optional.Conduit.A
v2014.04.06.10

Reason Heuristics
PUP.Installer.ClientConnect.T
14.4.6.10

Trend Micro House Call
TROJ_GEN.F47V0401
7.2.96

VIPRE Antivirus
Trojan.Win32.Generic
28076

File size:
222.6 KB (227,960 bytes)

Product version:
1.3.9.0

Copyright:
© 2014 ClientConnect Ltd.

Original file name:
bsplayer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\bsplayer266-1075.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/4/2014 1:00:00 AM

Valid to:
2/6/2016 12:59:59 AM

Subject:
CN=ClientConnect LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=DM3, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
72ACCA392AFB8F2E42D5D3C0C97523F2

File PE Metadata
Compilation timestamp:
6/9/2012 3:19:49 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:rz+92mhAMJ/cPl3iuUoHa5KrqX2QgZxMiKAXw:rK2mhAMJ/cPlpHaD2QgW

Entry address:
0xAC87

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, 9F, 30, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, 8F, AB, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 24, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 24, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 0E, B1, FF, FF, C3, 56, 8B, F1, 8B, 06, 85, C0, 74, 07, 50, FF, 15, C4, 40, 41, 00, 83, 26, 00, 83, 66, 08, 00, 83, 66, 0C, 00, 5E, C3, 56, 8B, F1, 80, 7E, 04, 00, 75, 34, 68, F4, 44, 41, 00...
 
[+]

Entropy:
7.4904

Code size:
73 KB (74,752 bytes)

The file bsplayer266-1075.exe has been seen being distributed by the following 50 URLs.

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140605183241&nva=20140606063341&token=0793a6412fba14a4fc835&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer267-1076.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140701102515&nva=20140701222615&token=0cde45cc8ec1e03cf4dbb&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer267-1076.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140614151235&nva=20140615031335&token=06bf43d2d03feca46dcdf&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer267-1076.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140622124511&nva=20140623004611&token=09d11c44fe37d98a9e933&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer267-1076.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140531053107&nva=20140531173207&token=0991f9db321c6ec709cd5&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer267-1076.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140702035820&nva=20140702155920&token=09fcb1b986ac6771e10c6&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer267-1076.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140420123351&nva=20140421003451&token=0e561a1b4a0bf258bd531&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer266-1075.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140512180627&nva=20140513060727&token=087a45c674560dea79778&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer267-1076.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140515092900&nva=20140515213000&token=031466e683e1a49d15367&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer267-1076.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140417204306&nva=20140418084406&token=0d2bcb3c1f850b377e6b3&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer266-1075.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140618125312&nva=20140619005412&token=05160760dcddf253b922f&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer267-1076.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140410020047&nva=20140410140147&token=0fc10dc34a9dd2aa62244&id_file=16261&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer266-1075.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140405192547&nva=20140406072647&token=0adb6911af0fa51240fd5&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer266-1075.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140611100058&nva=20140611220158&token=0e6ff019e3423c08ef262&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer267-1076.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140526190058&nva=20140527070158&token=022b024ceca8673b5558f&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer267-1076.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140402234743&nva=20140403114843&token=0f0d5bb2e2270953844de&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer266-1075.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140419164010&nva=20140420044110&token=0b62a2ade25f3539b9c05&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer266-1075.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140627093129&nva=20140627213229&token=01b505b4052947053812b&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer267-1076.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140606203245&nva=20140607083345&token=0a6db264f4a0fcae1e08b&id_file=16261&channel=WEB&instance=softonic_br&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer266-1075.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140425105417&nva=20140425225517&token=056f33e0c14bc93de1ba9&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer266-1075.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140614191155&nva=20140615071255&token=08853ab830ce5a9745558&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer267-1076.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140609182759&nva=20140610062859&token=0cec75e0c432eee1f3bbf&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer267-1076.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140608222121&nva=20140609102221&token=069496cf7132ab132c5da&id_file=16261&channel=WEB&instance=softonic_es&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer266-1075.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140704121658&nva=20140705001758&token=05ed2edd1884a3f513400&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer267-1076.exe

http://www.filehippo.com/download/file/.../

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140601162311&nva=20140602042411&token=069922bd2fb1b0e2ca37c&id_file=16261&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer267-1076.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140507190502&nva=20140508070602&token=05328a745d848185aa96d&id_file=16261&channel=WEB&instance=softonic_nl&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer266-1075.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140518174414&nva=20140519054514&token=0fd495c493340cc63ae4f&id_file=16261&channel=WEB&instance=softonic_br&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer266-1075.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140523064045&nva=20140523184145&token=053f79bcd7d0464a53fd9&id_file=16261&channel=WEB&instance=softonic_br&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer266-1075.exe

http://global-shared-files-l3.softonic.com/213/2ab/.../file?nvb=20140518135757&nva=20140519015857&token=02dc5512e45b02896626f&id_file=16261&channel=WEB&instance=softonic_nl&type=PROGRAM&fdh=yes&SD_used=0&filename=bsplayer266-1075.exe

Latest 30 of 213 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to cms.dmccint.com  (23.67.242.80:80)

 
http://cms.dmccint.com/DynamicOffer/3654309/3675432/?mainofferId=3650875&CurrentStep=2&TotalSteps=4&DownloadBrowser=IE&CType=-1&UserMode=-1&DMVersion=1.3.6.67.3674298.01&Language=US-EN

Remove bsplayer266-1075.exe - Powered by Reason Core Security