conduitinstaller.exe

Conduit Ltd.

The file belongs to the Conduit API platform, a utility that bundles and monetizes search toolbars and web browser extensions. The application conduitinstaller.exe by Conduit has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer. Additionally, the file is typically installed by a number of programs including Veoh Web Player by Veoh Networks, Inc. and Veoh Web Player Beta by Veoh Networks, Inc..
Publisher:
Conduit  (signed by Conduit Ltd.)

Version:
5.5.0.5

MD5:
36b6faa2d8e00ae98f510046d3213426

SHA-1:
cf3df77b5f97153f1fb93c297988e8be2c732021

SHA-256:
62d58a2002ecac027c678ab735705b8628df3723b36c4b0de3c09e3ba0b86cc7

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:
12/23/2024 11:15:40 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Conduit.Q
188838

Reason Heuristics
PUP.Conduit.Q
14.8.7.22

File size:
66.4 KB (67,976 bytes)

Copyright:
Conduit Ltd.

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\visualbeeexe\conduitinstaller.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
2/16/2010 7:00:00 PM

Valid to:
3/29/2013 7:59:59 PM

Subject:
CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3736DA15AF647632CCE61CD41B6577DD

File PE Metadata
Compilation timestamp:
12/5/2009 5:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:SfYBrbzmFizYwUK1G0DRXJhCwAf2sLfk/DxgCg/:CY4FizYxCDRXJhCJO8k/D4

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.3615

Code size:
23.5 KB (24,064 bytes)

The file conduitinstaller.exe has been discovered within the following programs.

Veoh Web Player  by Veoh Networks, Inc.
Veoh Web Player bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.veoh.com
48% remove it
Veoh Web Player Beta  by Veoh Networks, Inc.
60% remove it
 
Powered by Should I Remove It?

The file conduitinstaller.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

 
http://offering.service.distributionengine.conduit-services.com/DecisionEngine.ashx

TCP (HTTP):
Connects to cms.distributionengine.conduit-services.com  (54.243.251.51:80)

Remove conduitinstaller.exe - Powered by Reason Core Security