ct3080215_chatvibes.exe

Conduit Ltd.

The file belongs to the Conduit API platform, a utility that bundles and monetizes search toolbars and web browser extensions. The application ct3080215_chatvibes.exe by Conduit has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Wise Installer installer. The file has been seen being downloaded from integrations.conduit-download.com and multiple other hosts. While running, it connects to the Internet address cms.distributionengine.conduit-services.com on port 80 using the HTTP protocol.
Publisher:
Conduit Ltd.  (signed and verified)

MD5:
913aaad2e9820706e1d5d1e3e0b44fe9

SHA-1:
3409135e96fc4e14a7fc683d103f4180030769a4

SHA-256:
580fcaf519348c17aec5f795b9ebd2d6d90d1aedd85201340aa5a816fa18667b

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:
11/27/2024 1:53:09 PM UTC  (today)

Scan engine
Detection
Engine version

Panda Antivirus
Adware/Conduit
14.07.13.06

Reason Heuristics
PUP.Conduit.T
14.8.7.22

File size:
190.8 KB (195,408 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Wise Installer

Language:
English (United States)

Common path:
C:\users\{user}\downloads\ct3080215_chatvibes.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
2/17/2010 8:00:00 AM

Valid to:
3/30/2013 7:59:59 AM

Subject:
CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3736DA15AF647632CCE61CD41B6577DD

File PE Metadata
Compilation timestamp:
4/9/1999 4:24:47 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:MsJ6Ej7rNuYDvFebKpjwd87vNP2R2d7BdXvGJxH5YTWyh4BVq0CYdohT:M4T5JDvFeKBw8v92A7BBe3XdUT

Entry address:
0x1000

Entry point:
55, 8B, EC, 81, EC, 78, 05, 00, 00, 53, 56, BE, 04, 01, 00, 00, 57, 8D, 85, 94, FD, FF, FF, 56, 33, DB, 50, 53, FF, 15, 34, 20, 40, 00, 8D, 85, 94, FD, FF, FF, 56, 50, 8D, 85, 94, FD, FF, FF, 50, FF, 15, 30, 20, 40, 00, 8B, 3D, 2C, 20, 40, 00, 53, 53, 6A, 03, 53, 6A, 01, 8D, 85, 94, FD, FF, FF, 68, 00, 00, 00, 80, 50, FF, D7, 83, F8, FF, 89, 45, FC, 0F, 84, 7B, 01, 00, 00, 8D, 85, 90, FC, FF, FF, 50, 56, FF, 15, 28, 20, 40, 00, 8D, 85, 98, FE, FF, FF, 50, 53, 8D, 85, 90, FC, FF, FF, 68, 10, 30, 40, 00, 50...
 
[+]

Entropy:
7.8970

Packer / compiler:
Wise Installer Stub

Code size:
512 Bytes (512 bytes)

The file ct3080215_chatvibes.exe has been seen being distributed by the following 2 URLs.

http://integrations.conduit-download.com/15/308/CT3080215/.../CT3080215_ChatVibes.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ude.conduit-data.com  (195.78.120.173:80)

TCP (HTTP):

 
http://offering.service.distributionengine.conduit-services.com/DecisionEngine.ashx

TCP (HTTP):
Connects to cms.distributionengine.conduit-services.com  (54.243.251.51:80)

Remove ct3080215_chatvibes.exe - Powered by Reason Core Security