tbupdaterlogic_1.0.0.2.dll

Toolbar Auto Update Dll

Conduit Ltd.

The file belongs to the Conduit API platform, a utility that bundles and monetizes search toolbars and web browser extensions. The module tbupdaterlogic_1.0.0.2.dll by Conduit has been detected as a potentially unwanted program by 5 anti-malware scanners. The file has been seen being downloaded from storage.stgbssint.com and multiple other hosts.
Publisher:
Conduit Ltd.  (signed and verified)

Product:
Toolbar Auto Update Dll

Version:
1.0.0.2

MD5:
1e6d9e1eb2729fc9879b666695d6f46a

SHA-1:
d3cbdd7c6ed2c9d81da4fcf9af57cdd5d3711ed3

SHA-256:
d5a556844c51658af6de9db7277456309ed131bcda1db619c5f5a6415de8e322

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
This component is distributed and installed with the Conduit Toolbar platform.

Analysis date:
12/25/2024 12:12:22 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Adware.ToolbarAutoUpdateDll.Conduit.T
2013.11.6.13

Dr.Web
Adware.Downware.1730
9.0.1.0363

herdProtect (fuzzy)
2013.12.20.17

Reason Heuristics
SearchPlugin.ConduitSearchBar.ToolbarAutoUpdateDll.T
14.8.7.22

VIPRE Antivirus
Conduit
24644

File size:
271.8 KB (278,272 bytes)

Product version:
1.0.0.2

Copyright:
Copyright © Conduit Ltd. 2013

Original file name:
TBUpdate.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\conduit\backgroundcontainer\tbupdaterlogic_1.0.0.2.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/2/2013 4:00:00 PM

Valid to:
4/3/2016 4:59:59 PM

Subject:
CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3A82654719D8F75B59134F7B66465210

File PE Metadata
Compilation timestamp:
10/14/2013 12:40:16 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:z5k7+BC3DYNJPeW0TY3lXNcIzvXyx6GPa:9k7+g3Ahelwlv7GPa

Entry address:
0x152E4

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 75, 72, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 60, 5D, 03, 10, E8, 7D, 62, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 30, AD, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, B0, E4, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.1035

Developed / compiled with:
Microsoft Visual C++

Code size:
172.5 KB (176,640 bytes)

The file tbupdaterlogic_1.0.0.2.dll has been seen being distributed by the following 4 URLs.

Remove tbupdaterlogic_1.0.0.2.dll - Powered by Reason Core Security