spdownloader.exe

Conduit Ltd.

The file belongs to the Conduit API platform, a utility that bundles and monetizes search toolbars and web browser extensions. The application spdownloader.exe, “Search Protect by conduit” by Conduit has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the Conduit Setup Manager installer. Additionally, the file is typically installed by a number of programs including IMVU Avatar Chat Software by IMVU Inc. and Open Downloader Manager by Installer Technology Co.
Publisher:
Conduit  (signed by Conduit Ltd.)

Description:
Search Protect by conduit

Version:
1.1.1.0

MD5:
9fb9d49c2db7edd1084ab765d619f5c6

SHA-1:
c4420c6e94b8caaccb3811384280d8a93cb0a37d

SHA-256:
b42f721e861c4ae46c71993c87a01d8e5cba55096db4dd7804f26e40cc5d24d5

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Bundles the Conduit Toolbar and/or Conduit Search Protect.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/23/2024 11:19:38 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Boost by Reason
Adware.SearchProtect.Conduit.M
2013.8.9.12

Dr.Web
Adware.Conduit.6
9.0.1.0221

ESET NOD32
Win32/Toolbar.Conduit
7.9190

G Data
Win32.Application.ConduitBrothersoftTB
13.12.22

Malwarebytes
PUP.Optional.Conduit.A
v2013.11.26.10

Reason Heuristics
PUP.SearchProtect.Conduit.M
14.8.7.22

VIPRE Antivirus
Conduit
24866

XVirus List
Win32.Detected
2.8.7

File size:
64.8 KB (66,368 bytes)

Copyright:
Conduit Ltd.

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Conduit Setup Manager (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\spdownloader.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/2/2013 4:00:00 PM

Valid to:
4/3/2016 4:59:59 PM

Subject:
CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3A82654719D8F75B59134F7B66465210

File PE Metadata
Compilation timestamp:
7/6/2011 7:31:20 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:JM31cmV+V3/XruLU9ltCE7yP3Q7ywCzvFgXhW/XPDt0T:6cmVWD5ltbmP3Q7ywCz5Xx0T

Entry address:
0x354B

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Entropy:
7.2211

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file spdownloader.exe has been discovered within the following programs.

Publisher's description - “IMVU is an instant messaging tool that lets you chat with people from all over the globe in a 3D environment, instead of the plain, text-only chat room we're all used to.”
About 8% of users remove it
Open Downloader Manager  by Installer Technology Co
ODM is a download manager that plugs into various web browsers (IE, Chrome and Firefox). The installer is designed to bundle and offer various additional offers including toolbars and other potentially harmful programs.
opendownloadmanager.com
73% remove it
 
Powered by Should I Remove It?

The file spdownloader.exe has been seen being distributed by the following 26 URLs.

https://teabag.blob.core.windows.net/public-source/downloadguide/resources/file/freemium/search protect/2.0/.../sp-downloader.exe

http://113.171.224.167/.../sp-downloader.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-225-182-66.compute-1.amazonaws.com  (54.225.182.66:80)

TCP (HTTP SSL):
Connects to a23-221-228-187.deploy.static.akamaitechnologies.com  (23.221.228.187:443)

TCP (HTTP):

TCP (HTTP):
Connects to ec2-23-23-99-139.compute-1.amazonaws.com  (23.23.99.139:80)

TCP (HTTP SSL):
Connects to a104-69-59-135.deploy.static.akamaitechnologies.com  (104.69.59.135:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to a104-101-101-31.deploy.static.akamaitechnologies.com  (104.101.101.31:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to a23-10-23-188.deploy.static.akamaitechnologies.com  (23.10.23.188:443)

TCP (HTTP SSL):
Connects to a104-122-76-219.deploy.static.akamaitechnologies.com  (104.122.76.219:443)

TCP (HTTP):
Connects to sg2plpkivs-v03.any.prod.sin2.secureserver.net  (182.50.136.239:80)

TCP (HTTP SSL):
Connects to a23-51-54-239.deploy.static.akamaitechnologies.com  (23.51.54.239:443)

TCP (HTTP):

TCP (HTTP):
Connects to n1plpkivs-v03.any.prod.ams1.secureserver.net  (188.121.36.239:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP SSL):
Connects to a104-104-142-162.deploy.static.akamaitechnologies.com  (104.104.142.162:443)

Remove spdownloader.exe - Powered by Reason Core Security