home

ctbe.exe

Conduit

This is part of the Conduit platform, a browser extension desigend to manage and control the web browser's search provider functionality. The application ctbe.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This file is typically installed with the program SAP Application Server for System NSP by SAP.
Publisher:
Conduit

Version:
2.1.1.1

MD5:
4ae5f34ab33261feb8b94f5ffc8e8f19

SHA-1:
91f440a8f2a0ffc91eda87fe5410b93141b1c6b0

SHA-256:
489a3f716ea0a1b02d0ad26428070f0dda90ab5cd5e2eacba96fce90b0146e1d

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:
4/15/2025 8:12:54 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clod1fe.Trojan
1.3.0.4613

Boost by Reason
Adware.Conduit.E
2013.7.26.9

Dr.Web
Adware.Conduit.4
9.0.1.042

herdProtect (fuzzy)
variant of conduitutil.exe (Adware)
2013.12.20.15

Malwarebytes
PUP.Optional.Conduit.A
v2013.11.25.12

Reason Heuristics
PUP.Conduit.E
14.2.26.9

Trend Micro House Call
TROJ_GEN.R0CBH0AJ313
7.2.42

VIPRE Antivirus
Conduit
24100

File size:
71.8 KB (73,543 bytes)

Copyright:
Conduit Ltd.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ctbe.exe

File PE Metadata
Compilation timestamp:
2/24/2012 11:20:04 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:TGarUa6LowvuhdNYh2Gf9rg6hzGPneCw11kCWNxZj5svPRSEvrGk:J5BuYAVrgUCPneCePYxZW5SEvrGk

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
6.9864

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file ctbe.exe has been discovered within the following program.

SAP Application Server for System NSP  by SAP
www.sap.com
About 8% of users remove it
 
Powered by Should I Remove It?

The file ctbe.exe has been seen being distributed by the following 4 URLs.

http://d2ugaifelwk06r.cloudfront.net/conduitchecker.exe

http://storage.stgbssint.com/ps/.../checktbexist.exe

http://storage.conduit.com/ps/utilities/.../checktbexist.exe

http://storage.conduit.com/ps/.../checktbexist.exe

Remove ctbe.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.