» tbedrs.dll
Overview
Analysis
File Details
Downloads (1)

tbedrs.dll

Conduit Toolbar Automatic Update

Conduit Ltd.

The file is part of the Conduit Toolbar platform, a web browser monetization engine that is typiclaly distributed with third party programs through a bundled installation, this particular version is part of the Conduit Toolbar Automatic Update bundle. The module tbedrs.dll by Conduit has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from ieupdate.conduit.com.

File name:

tbedrs.dll

Publisher:

Conduit Ltd. (signed and verified)

Product:

Conduit Toolbar Automatic Update

Version:

6.16.0.34

MD5:

f0d0d383a31e1fd3759301d3f8d8e7ae

SHA-1:

ef90aa95dbeee8198249cdf7f949b68f449386d3

SHA-256:

7d67d7f2dd15f30d41edefc092f30cabba8539d45e9983a9564fdba902a183e0

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

This component is distributed and installed with the Conduit Toolbar platform.

Analysis date:

11/27/2024 12:27:43 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Conduit.SearchBar.Toolbar (M)

16.3.22.2

File size:

2.7 MB (2,855,200 bytes)

Product version:

6.16.0.34

Original file name:

Conduit Toolbar Automatic Update

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\tbedrs.dll

Digital Signature

Signed by:

Conduit Ltd.

Authority:

VeriSign, Inc.

Valid from:

1/3/2013 1:00:00 AM

Valid to:

4/4/2016 1:59:59 AM

Subject:

CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., L=Ness Ziona, S=Israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3A82654719D8F75B59134F7B66465210

File PE Metadata

Compilation timestamp:

8/14/2013 7:07:11 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:uj1a8ee/X6XeoSJ6vJGcc9uN8rQ/z1TJ9lgtjK+cVJX14daywlap9:G1BiXXbvscc9uC871dApKrVHU9

Entry address:

0x9800

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 65, 64, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 38, 4D, 02, 10, E8, 71, 57, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, F8, 88, 02, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, E8, D0, 01, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

107 KB (109,568 bytes)

The file tbedrs.dll has been seen being distributed by the following URL.

http://ieupdate.conduit.com/.../tbedrs.dll

Remove tbedrs.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.