home

dvd_shrink_v3.2.0.15_tsa27l6jd.exe

1.3.9.0.140504.01

ClientConnect LTD

The file belongs to the ClientConnect (Conduit/Perion) platform, a utility that bundles and monetizes search toolbars and browser add-ons. The application dvd_shrink_v3.2.0.15_tsa27l6jd.exe by ClientConnect has been detected as adware by 16 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from de.iod-aboutaudio.com. While running, it connects to the Internet address cms.dmccint.com on port 80 using the HTTP protocol.
Publisher:
ClientConnect LTD  (signed and verified)

Product:
1.3.9.0.140504.01

Description:
Setup.exe

Version:
1.3.9.0

MD5:
ce9c3c1fc84b42237c32da61a3def398

SHA-1:
5e314b9d60c49b980e974688db995e01b02882cb

SHA-256:
39164428918d81a0c0244ba0067893950c9b651c97f0ba03c1a1c51948f2b9a1

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:
11/24/2024 12:33:16 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.Conduit
7.1.1

avast!
Win32:Adware-BRM [PUP]
2014.9-150315

AVG
Generic
2016.0.3169

Dr.Web
Adware.Conduit.96
9.0.1.074

ESET NOD32
Win32/ClientConnect (variant)
9.10176

Fortinet FortiGate
Riskware/Toolbar_Conduit
3/15/2015

G Data
Win32.Application.Conduit
15.3.25

herdProtect (fuzzy)
variant of tb_television_fanatic.exe (Adware)
2015.6.21.15

K7 AntiVirus
Trojan
13.181.12872

Kaspersky
not-a-virus:WebToolbar.Win32.Agent
14.0.0.2342

Malwarebytes
PUP.Optional.Conduit.A
v2015.03.15.03

NANO AntiVirus
Riskware.Win32.Conduit.dbqqxi
0.28.2.61148

Quick Heal
PUA.Adware.OD6
3.15.14.00

Reason Heuristics
PUP.Installer.Conduit
15.3.15.15

Total Defense
Win32/Tnega.ALHeNWC
37.0.11089

VIPRE Antivirus
Conduit
31750

File size:
207.4 KB (212,336 bytes)

Product version:
1.3.9.0

Copyright:
© 2014 ClientConnect Ltd.

Original file name:
DVD_Shrink_v3.2.0.15.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\dvd_shrink_v3.2.0.15_tsa27l6jd.exe

Digital Signature
Signed by:
ClientConnect LTD

Authority:
VeriSign, Inc.

Valid from:
2/4/2014 12:00:00 AM

Valid to:
2/5/2016 11:59:59 PM

Subject:
CN=ClientConnect LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=WL, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5A60D12BC8FFD4AFAE161FA04715CBC4

File PE Metadata
Compilation timestamp:
6/9/2012 2:19:49 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:Kz+92mhAMJ/cPl3iwbNozlx/LVXHSPF0Mfi:KK2mhAMJ/cPlN+7VXT

Entry address:
0xAC87

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, 9F, 30, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, 8F, AB, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 24, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 24, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 0E, B1, FF, FF, C3, 56, 8B, F1, 8B, 06, 85, C0, 74, 07, 50, FF, 15, C4, 40, 41, 00, 83, 26, 00, 83, 66, 08, 00, 83, 66, 0C, 00, 5E, C3, 56, 8B, F1, 80, 7E, 04, 00, 75, 34, 68, F4, 44, 41, 00...
 
[+]

Entropy:
7.5166

Code size:
73 KB (74,752 bytes)

The file dvd_shrink_v3.2.0.15_tsa27l6jd.exe has been seen being distributed by the following URL.

http://de.iod-aboutaudio.com/12/585/ct5851112/c62722b7da764ef0adf09118edbfbf93/Downloads/Prod/SmallStub1.3.9.0.140504.01/.../DVD_Shrink_v3.2.0.15.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to cms.dmccint.com  (23.67.242.80:80)

 
http://cms.dmccint.com/DynamicOffer/19023712/19044835/?mainofferId=19020278&CurrentStep=2&TotalSteps=4&DownloadBrowser=IE&CType=-1&UserMode=-1&DMVersion=1.3.9.90.19043701.01&Language=US-EN

Remove dvd_shrink_v3.2.0.15_tsa27l6jd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.