» conduitinstaller.exe
Overview
Analysis
File Details
Programs (2)
Network (6)

conduitinstaller.exe

The application conduitinstaller.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Wise Installer installer, however the file is not signed with an authenticode signature from a trusted source. Additionally, the file is typically installed by a number of programs including SendSpace Wizard by SendSpace and Veoh Web Player by Veoh Networks, Inc..

File name:

MD5:

1a59d4397094c3b3a3fdff770670dc20

SHA-1:

0d20e83b4df01fe850a8ac627a0804173ba53ce1

SHA-256:

7939995c3af63863f188a14e79ff55c20ce7e6a0eb77a4da125b275fd590fb56

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:

11/5/2024 9:51:16 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Conduit.Installer.Meta

15.4.25.1

File size:

193.1 KB (197,744 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Wise Installer

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\conduitinstaller.exe

File PE Metadata

Compilation timestamp:

10/25/2001 9:47:11 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:b45IHlmIMLPkuWCgXmyaun3sBPV8aspReyM8oyF:hlmhLR63sBPOLfef8o8

Entry address:

0x21AF

Entry point:

55, 8B, EC, 81, EC, 2C, 05, 00, 00, 53, 56, 57, 6A, 01, 5E, 6A, 04, 89, 75, E8, FF, 15, 54, 40, 40, 00, FF, 15, 50, 40, 40, 00, 8B, F8, 89, 7D, F4, 8A, 07, 3C, 22, 0F, 85, CC, 00, 00, 00, 8A, 47, 01, 47, 89, 7D, F4, 33, DB, 3A, C3, 74, 0D, 3C, 22, 74, 09, 8A, 47, 01, 47, 89, 7D, F4, EB, EF, 80, 3F, 22, 75, 04, 47, 89, 7D, F4, 80, 3F, 20, 75, 09, 47, 80, 3F, 20, 74, FA, 89, 7D, F4, 53, FF, 15, 6C, 40, 40, 00, 80, 3F, 2F, 89, 45, F8, 75, 64, 8A, 47, 01, 3C, 53, 74, 04, 3C, 73, 75, 06, 89, 35, 58, 53, 40, 00... 
[+]

Entropy:

7.9501

Packer / compiler:

Wise Installer Stub

Code size:

8.5 KB (8,704 bytes)

The file conduitinstaller.exe has been discovered within the following programs.

SendSpace Wizard by SendSpace

SendSpace Wizard bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).

sendspace.com/download_wizard.html

About 13% of users remove it

Veoh Web Player by Veoh Networks, Inc.

Veoh Web Player bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).

www.veoh.com

48% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to a23-66-236-40.deploy.static.akamaitechnologies.com (23.66.236.40:80)

TCP (HTTP):

Connects to a23-223-225-98.deploy.static.akamaitechnologies.com (23.223.225.98:80)

TCP (HTTP):

Connects to a23-197-78-215.deploy.static.akamaitechnologies.com (23.197.78.215:80)

TCP (HTTP):

Connects to a23-1-115-152.deploy.static.akamaitechnologies.com (23.1.115.152:80)

TCP (HTTP):

Connects to a23-0-146-181.deploy.static.akamaitechnologies.com (23.0.146.181:80)

TCP (HTTP):

Connects to a104-93-231-139.deploy.static.akamaitechnologies.com (104.93.231.139:80)

Remove conduitinstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.