home

freeonlineradioplayerrecorderautoupdatehelper.exe

ToolbarHelper Application

Conduit Ltd.

The file belongs to the Conduit API platform, a utility that bundles and monetizes search toolbars and web browser extensions. The application freeonlineradioplayerrecorderautoupdatehelper.exe by Conduit has been detected as a potentially unwanted program by 39 anti-malware scanners.
Publisher:
ClientConnent Ltd.  (signed by Conduit Ltd.)

Product:
ToolbarHelper Application

Version:
1.0.7.1

MD5:
095b77cdac6c23240527556d19532be4

SHA-1:
29784eb031373e3360132e44535e66cd7f2c79a1

SHA-256:
87c518db7ee099c7c6121dc4aeca2e5bf77abfea62263c2eb66719ccc814a1fe

Scanner detections:
39 / 68

Status:
Potentially unwanted

Explanation:
This component is distributed and installed with the Conduit Toolbar platform.

Analysis date:
1/12/2025 1:07:54 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Virtob.Gen.12
915

Agnitum Outpost
Win32.Virut.Y.Gen
7.1.1

AhnLab V3 Security
Win32/Virut.F
2014.06.06

Avira AntiVirus
W32/Virut.Gen
7.11.30.172

avast!
Win32:Vitro
2014.9-140803

AVG
Win32/Chir
2015.0.3393

Bitdefender
Win32.Virtob.Gen.12
1.0.20.1075

Bkav FE
W32.Vetor.PE
1.3.0.4959

Clam AntiVirus
WIN.Worm.Brontok
0.98/19042

Comodo Security
Virus.Win32.Virut.Ce
18449

Dr.Web
Adware.Toolbar.202
9.0.1.091

Emsisoft Anti-Malware
Win32.Virtob.Gen.12
8.14.08.03.10

ESET NOD32
Win32/Virut.NBP virus
8.7.0.302.0

Fortinet FortiGate
W32/Virut.CE.gen
8/3/2014

F-Prot
W32/Thecid.B@mm
v6.4.6.5.141

F-Secure
Win32.Virtob.Gen.12
11.2014-03-08_1

G Data
Win32.Virtob.Gen.12
14.8.24

IKARUS anti.virus
Email-Worm.Win32.Runouce
t3scan.1.6.1.0

K7 AntiVirus
Virus
13.1712319

Kaspersky
Virus.Win32.Virut
14.0.0.3460

Malwarebytes
PUP.Optional.Conduit.A
v2014.08.03.10

McAfee
W32/Chir.gen!remnants
5600.7049

Microsoft Security Essentials
Threat.Undefined
1.175.1445.0

MicroWorld eScan
Win32.Virtob.Gen.12
15.0.0.645

NANO AntiVirus
Trojan.Win32.Toolbar.cspetd
0.28.0.58720

Norman
Virut.CLHZ
11.20140803

nProtect
Virus/W32.Virut.Gen
14.06.05.01

Panda Antivirus
PUP/Conduit.A
14.04.01.03

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Quick Heal
W32.Virut.G
8.14.14.00

Reason Heuristics
PUP.ToolbarHelperApplication.Conduit.n
14.8.7.22

Rising Antivirus
PE:Win32.Virut.cl!1523074
23.00.65.14801

Sophos
W32/Scribble-B
4.98

Total Defense
Win32/Virut.17408
37.0.10981

Trend Micro House Call
PE_VIRUX.A-3
7.2.215

Trend Micro
PE_VIRUX.A-3
10.465.03

Vba32 AntiVirus
Virus.Virut.06
3.12.26.0

VIPRE Antivirus
Conduit
27718

ViRobot
Win32.Virut.AM
2011.4.7.4223

File size:
84.8 KB (86,816 bytes)

Product version:
1.0.7.1

Copyright:
© 2014 ClientConnect Ltd.

Original file name:
ToolbarHelper

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\tbccint\ct2737658\freeonlineradioplayerrecorderautoupdatehelper.exe

Digital Signature
Signed by:
Conduit Ltd.

Authority:
VeriSign, Inc.

Valid from:
1/2/2013 7:00:00 PM

Valid to:
4/3/2016 7:59:59 PM

Subject:
CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3A82654719D8F75B59134F7B66465210

File PE Metadata
Compilation timestamp:
3/18/2014 9:26:38 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
768:tTtvwGU8Sllhu26ujhzEA21SD+f7g/BGnpG//WzNKFcp+LsWjcdtG387q2BTnepT:1Ul7BjSws1QXJcp+LsWjcdE3dhpjujJC

Entry address:
0x163F

Entry point:
E8, 8A, 33, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, C0, F8, 40, 00, E8, 8B, 13, 00, 00, E8, 57, 35, 00, 00, 0F, B7, F0, 6A, 02, E8, 1D, 33, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, FE, 2C, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
5.7803

Code size:
37.5 KB (38,400 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-169.net-80-236-33.suresnes.rev.numericable.fr  (80.236.33.169:80)

TCP (HTTP):
Connects to a23-75-23-50.deploy.static.akamaitechnologies.com  (23.75.23.50:80)

TCP (HTTP):
Connects to a23-220-203-49.deploy.static.akamaitechnologies.com  (23.220.203.49:80)

TCP (HTTP):
Connects to m122m6hel.dial.kolumbus.fi  (193.229.113.122:80)

TCP (HTTP):
Connects to a84-53-132-26.deploy.akamaitechnologies.com  (84.53.132.26:80)

TCP (HTTP):
Connects to a72-246-43-9.deploy.akamaitechnologies.com  (72.246.43.9:80)

TCP (HTTP):
Connects to a104-118-7-33.deploy.static.akamaitechnologies.com  (104.118.7.33:80)

TCP (HTTP):
Connects to i56.158.178.82.omantel.net.om  (82.178.158.56:80)

TCP (HTTP):
Connects to a88-221-52-51.deploy.akamaitechnologies.com  (88.221.52.51:80)

TCP (HTTP):
Connects to a23-15-246-9.deploy.static.akamaitechnologies.com  (23.15.246.9:80)

TCP (HTTP):
Connects to 16.183.246.94.ip4.epix.net.pl  (94.246.183.16:80)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.