cltmng.exe

Search Protect

ClientConnect LTD

The file belongs to the ClientConnect (Conduit/Perion) platform, a utility that bundles and monetizes search toolbars and browser add-ons. The application cltmng.exe by ClientConnect has been detected as adware by 14 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Search Protect by Client Connect LTD and Update for PriceMeter by installCore, both potentially unwanted software.
Publisher:
Client Connect LTD  (signed by ClientConnect LTD)

Product:
Search Protect

Version:
2.15.11.3

MD5:
7b14f61d0ebcb0b1e282baca8652e07e

SHA-1:
180e91d83fa14ecde328a46a3e2e0b6f8c94dbcd

SHA-256:
b1096c1f2a9637825a06b262dc17aaff1987a149f114772fd6a8ec9cd189c721

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
11/5/2024 12:53:42 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
SearchProtect
2015.0.3430

Baidu Antivirus
Adware.Win32.Conduit
4.0.3.14627

Dr.Web
Trojan.Damaged.1
9.0.1.0213

ESET NOD32
Win32/Conduit.SearchProtect (variant)
8.10004

G Data
Win32.Application.SearchProtect.AA@gen
14.6.24

K7 AntiVirus
Trojan
13.181.12846

Malwarebytes
PUP.Optional.SearchProtect.A
v2014.06.27.02

McAfee
Artemis!B1C796CA2D4E
5600.6995

Panda Antivirus
Trj/Genetic.gen
14.06.27.02

Reason Heuristics
PUP.ClientConnect.G
14.8.1.0

Sophos
Conduit Search Protect
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10449

Trend Micro House Call
TROJ_GEN.R047H05GO14
7.2.269

VIPRE Antivirus
Conduit
30678

File size:
5.1 MB (5,350,208 bytes)

Product version:
2.15.11.3

Copyright:
© 2014 ClientConnect Ltd.

Original file name:
SearchProtect (R)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\searchprotect\searchprotect\bin\cltmng.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/2/2014 7:00:00 PM

Valid to:
2/4/2016 6:59:59 PM

Subject:
CN=ClientConnect LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Search Protect, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
173D1F00E27A9D60265B3AB0B87F2ED8

File PE Metadata
Compilation timestamp:
6/26/2014 5:12:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:l8YY/osTgEOrAs51rhkKEa7NuzZMUDqER1hhhh+hhhhUhhhh+hhhhdhhhdtKhhhp:O/osTgfPrpBuzZMUhR1hhhh+hhhhUhhL

Entry address:
0x2D3BD8

Entry point:
E8, 1B, E1, 00, 00, E9, 7F, FE, FF, FF, 6A, 08, 68, 58, B5, 8A, 00, E8, C2, A3, 00, 00, FF, 35, 50, 45, 8C, 00, FF, 15, 5C, E2, 74, 00, 85, C0, 74, 16, 83, 65, FC, 00, FF, D0, EB, 07, 33, C0, 40, C3, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, 01, 00, 00, 00, CC, 6A, 08, 68, 38, B5, 8A, 00, E8, 8A, A3, 00, 00, E8, 83, C6, 00, 00, 8B, 40, 78, 85, C0, 74, 16, 83, 65, FC, 00, FF, D0, EB, 07, 33, C0, 40, C3, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, BE, 5E, 00, 00, CC, E8, 5B, C6, 00, 00, 8B, 40, 7C, 85, C0...
 
[+]

Entropy:
6.7892

Code size:
3.3 MB (3,458,560 bytes)

The file cltmng.exe has been discovered within the following programs.

Search Protect  by Client Connect LTD
Search Protect from Client Connect (formally Conduit, now a venture of Perion) is a homepage and search provider modifier that when installed will change the default web browser's home page and search pages to a partner portal such as Trovi.
www.conduit.com/searchprotect
79% remove it
Update for PriceMeter  by installCore
"Pricemeter provides you with services which are intended to enhance your online shopping experience, showing you same products or different stores with cheaper prices and exposing you to coupons allowing you to enjoy exclusive discounts when checking out products ("Offers").
www.pricemeter.net
69% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-184-72-217-85.compute-1.amazonaws.com  (184.72.217.85:80)

TCP (HTTP):
Connects to ec2-54-83-197-43.compute-1.amazonaws.com  (54.83.197.43:80)

TCP (HTTP):
Connects to ec2-50-16-220-76.compute-1.amazonaws.com  (50.16.220.76:80)

TCP (HTTP):
Connects to ec2-107-21-212-85.compute-1.amazonaws.com  (107.21.212.85:80)

TCP (HTTP):
Connects to ec2-23-23-100-240.compute-1.amazonaws.com  (23.23.100.240:80)

TCP (HTTP SSL):
Connects to a23-6-87-61.deploy.static.akamaitechnologies.com  (23.6.87.61:443)

TCP (HTTP SSL):
Connects to a23-222-50-214.deploy.static.akamaitechnologies.com  (23.222.50.214:443)

TCP (HTTP SSL):
Connects to a23-218-136-32.deploy.static.akamaitechnologies.com  (23.218.136.32:443)

TCP (HTTP):
Connects to ec2-54-243-244-209.compute-1.amazonaws.com  (54.243.244.209:80)

TCP (HTTP):
Connects to ec2-54-235-66-89.compute-1.amazonaws.com  (54.235.66.89:80)

TCP (HTTP SSL):
Connects to a95-101-199-61.deploy.akamaitechnologies.com  (95.101.199.61:443)

TCP (HTTP SSL):
Connects to a95-101-156-11.deploy.akamaitechnologies.com  (95.101.156.11:443)

TCP (HTTP SSL):
Connects to a23-72-44-11.deploy.static.akamaitechnologies.com  (23.72.44.11:443)

TCP (HTTP SSL):
Connects to a23-65-135-61.deploy.static.akamaitechnologies.com  (23.65.135.61:443)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP SSL):
Connects to a23-6-119-61.deploy.static.akamaitechnologies.com  (23.6.119.61:443)

TCP (HTTP SSL):
Connects to a23-60-135-61.deploy.static.akamaitechnologies.com  (23.60.135.61:443)

TCP (HTTP SSL):
Connects to a23-53-215-61.deploy.static.akamaitechnologies.com  (23.53.215.61:443)

TCP (HTTP SSL):
Connects to a23-45-236-11.deploy.static.akamaitechnologies.com  (23.45.236.11:443)

Remove cltmng.exe - Powered by Reason Core Security