spstub.exe

Search Protect

ClientConnect

This is part of the Conduit platform, a browser extension desigend to manage and control the web browser's search provider functionality. The application spstub.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from sp-storage.spccinta.com.
Publisher:
ClientConnect

Product:
Search Protect

Version:
2.5.1.2

MD5:
ac5429c0a5e1ddf52d37b79f6e05555a

SHA-1:
1487b7d901ec1956744617fbaf7e15c0afc47715

SHA-256:
5b1ea3b0e4eb7c5631822d15155d339b1c6863a775f839534693766f0c042951

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 4:37:00 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.6.29.20

File size:
245.6 KB (251,488 bytes)

Product version:
2.5.1.2

Copyright:
© 2014 ClientConnect Ltd.

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\spstub.exe

File PE Metadata
Compilation timestamp:
7/6/2011 5:31:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:HmgIF6g9GnvAR1mEtQkKGWlcp/5hMRDJxrVTfEJ8kX/euL4:Hmg8OvAR1meWlcghTcqkGuL4

Entry address:
0x354B

Entry point:
C6, C7, BB, 56, 76, 0E, 69, DF, AA, 15, 7B, 5D, 8D, 0D, E2, 18, 10, 23, 8B, DF, 85, DF, 86, D4, 51, 50, B0, D9, 3B, C9, 0D, 5B, B4, 64, 25, 0F, AF, C9, 4E, 25, 0A, B9, 86, 0C, F7, C6, 73, 02, 47, 8A, 69, DB, F4, 1A, E5, 66, E8, 00, 00, 00, 00, 84, EB, C6, C5, F8, F3, 8D, 0D, C8, 56, B3, 1E, 84, E1, FF, C5, 87, FA, 76, 03, 0F, BE, E9, F7, C5, 94, C6, F1, 4E, 11, DB, BF, 00, 00, 00, 00, 74, 09, 69, F6, 87, 8A, 31, 2E, F2, 88, D7, 33, FF, 0F, BF, D1, 2A, DC, 88, D7, 31, CA, 57, 86, DB, 8D, 15, 6D, 8B, 08, 45...
 
[+]

Entropy:
7.9000  (probably packed)

Code size:
25 KB (25,600 bytes)

The file spstub.exe has been seen being distributed by the following URL.

Remove spstub.exe - Powered by Reason Core Security