home

instalador-spymaster.tmp

Syncsoft Softwares Ltda

The file instalador-spymaster.tmp by Syncsoft Softwaresa has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Lenovo Browser Guard Service”.
Publisher:
Syncsoft Softwares Ltda  (signed and verified)

Description:
Setup/Uninstall

Version:
51.52.0.0

MD5:
e46ba6bee27c4c56d74b72fa5ec2ad6e

SHA-1:
a80473c6c2969ef7f0510e8e5c996e9300b3f9cf

SHA-256:
8451237afa34315347f0f6783d36ec5e0cba5041c38584043b0f218f64725142

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:
2/27/2025 1:04:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Conduit.BrowserGuard (M)
16.7.12.19

File size:
740.2 KB (757,968 bytes)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\instalador-spymaster.tmp

Digital Signature
Signed by:
Syncsoft Softwares Ltda

Authority:
thawte, Inc.

Valid from:
6/16/2016 9:00:00 PM

Valid to:
6/17/2017 8:59:59 PM

Subject:
CN=Syncsoft Softwares Ltda, OU=Admin, O=Syncsoft Softwares Ltda, L=Candido Sales, S=Bahia, C=BR

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
57483D4C54143B18BF383F03F2E737E5

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:4sMLIMoi3rPR37dzHRA6nX0D9OKWbO7SERb5rNUK1bce0Gyx9dW:/McMoi3rPR37dzHRA6G7WbuSEmK50GyQ

Entry address:
0x9A490

Entry point:
55, 8B, EC, 83, C4, F4, 53, 56, 57, E8, A6, 8E, F6, FF, E8, FD, B1, F6, FF, E8, 4C, BF, F6, FF, E8, 67, C3, F6, FF, E8, EA, F8, F6, FF, E8, FD, 66, F7, FF, E8, 60, 69, F7, FF, E8, B7, 88, F7, FF, E8, CA, EF, F7, FF, E8, C5, AE, F8, FF, E8, D8, 56, F9, FF, E8, BF, 69, F9, FF, E8, 42, 58, FB, FF, E8, 09, 5D, FB, FF, E8, 74, 66, FB, FF, E8, 53, 7A, FB, FF, E8, 46, 94, FB, FF, E8, 5D, D3, FB, FF, E8, BC, E2, FB, FF, E8, CF, F5, FB, FF, E8, 12, AD, FC, FF, E8, A9, 35, FD, FF, E8, 5C, F9, FD, FF, E8, 63, AE, FE...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
614 KB (628,736 bytes)

Service
Display name:
Lenovo Browser Guard Service

Service name:
CltMngSvc

Description:
This service loads the Lenovo Browser Guard, which maintains your selected Search settings, and enables auto-updates.

Type:
Win32OwnProcess

Depends on:
TermService


Remove instalador-spymaster.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.