uninstallerui.exe

Conduit Ltd.

The file belongs to the Conduit API platform, a utility that bundles and monetizes search toolbars and web browser extensions. The application uninstallerui.exe by Conduit has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the Conduit Setup Manager installer. Additionally, the file is typically installed by a number of programs including A Free Ride Games Bar Toolbar for IE by Conduit Ltd. and SweetPacks Toolbar for IE by SweetIM Technologies Ltd., both potentially unwanted software.
Publisher:
Conduit  (signed by Conduit Ltd.)

Description:
1.4.0.1

Version:
1.4.0.1

MD5:
b23d301e29f53c9c8ebe007f17812170

SHA-1:
5fb95d21be8cf2753fd8a42398add26e2b21409f

SHA-256:
5eb4cb04b5b330d21c49681ae99c296fd3dec87ecd03ad58df337b0360b9bab6

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Bundles the Conduit Toolbar and/or Conduit Search Protect.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/24/2024 5:22:02 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Conduit.20
9.0.1.021

Panda Antivirus
Adware/Conduit
14.01.21.03

Reason Heuristics
PUP.1401.Conduit.N
14.8.7.22

VIPRE Antivirus
Conduit
25644

XVirus List
Win32.Detected
2.8.7

File size:
1.6 MB (1,715,696 bytes)

Copyright:
Conduit Ltd.

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Conduit Setup Manager (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\ProgramData\conduit\multi\ct408137\uninstallerui.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/2/2013 4:00:00 PM

Valid to:
4/3/2016 4:59:59 PM

Subject:
CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3A82654719D8F75B59134F7B66465210

File PE Metadata
Compilation timestamp:
9/26/2011 6:21:38 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:/OJKPMbvfO0vHCj3Uoz/DoCQKh2nAIdVW7/feii/lA8NLuMbDkhnq1oWv:8eMbe0vAkC/UudgWLmii/lA8Ncq1oWv

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
6.4552

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file uninstallerui.exe has been discovered within the following programs.

A Free Ride Games Bar Toolbar for IE is a potentially unwanted toolbar for Internet Explorer using the Conduit ClientConnect (now Perion) community toolbar platform. The toolbar runs as and Internet Explorer toolbar and Browser Helper Object.
AFreeRideGamesBar.OurToolbar.com
77% remove it
Connect DLCS Toolbar for IE  by Conduit Ltd.
Connect DLC is a Conduit Connect toolbar for Internet Explorer. This toolbar runs as a web browser extension and Browser Helper Object and is distributed using the Conduit/Perion monetization platform.
ConnectDLCS.OurToolbar.com
79% remove it
ConnectSo Toolbar for IE  by Conduit Ltd.
ConnectSo is a Conduit Connect toolbar for Internet Explorer. This toolbar runs as a web browser extension and Browser Helper Object and is distributed using the Conduit/Perion monetization platform.
ConnectSo.OurToolbar.com
74% remove it
DivX Browser Bar Toolbar for IE is a potentially unwanted toolbar for Internet Explorer using the Conduit ClientConnect (now Perion) community toolbar platform. The toolbar runs as and Internet Explorer toolbar and Browser Helper Object.
DivXBrowserBar.OurToolbar.com
86% remove it
entrusted11 Toolbar for IE  by Conduit Ltd.
entrusted11 Toolbar for IE is a Conduit distributed toolbar built on the community toolbar platform which provides web browser integration.
entrusted11.OurToolbar.com
83% remove it
Hotspot Shield is a Conduit Connect toolbar for Internet Explorer. This toolbar runs as a web browser extension and Browser Helper Object and is distributed using the Conduit/Perion monetization platform.
HotspotShield.OurToolbar.com
78% remove it
IMVU Inc Toolbar for IE  by Conduit Ltd.
IMVU Inc is a Conduit Connect toolbar for Internet Explorer. This toolbar runs as a web browser extension and Browser Helper Object and is distributed using the Conduit/Perion monetization platform.
IMVUInc.OurToolbar.com
75% remove it
Installl Converter Toolbar for IE is a web browser toolbar and extension that modifies the browsers search and home pages as well as delivers contextual based advertising. This toolbar currently supports Internet Explorer, Firefox and Chrome.
InstalllConverter.OurToolbar.com
79% remove it
SweetPacks Toolbar for IE  by SweetIM Technologies Ltd.
SweetPacks Toolbar for IE is a web browser toolbar and extension that modifies the browsers search and home pages as well as delivers contextual based advertising. This toolbar currently supports Internet Explorer, Firefox and Chrome.
SweetPacks.OurToolbar.com
73% remove it
SweetTunes Toolbar for IE  by Conduit Ltd.
SweetTunes Toolbar for IE is a Conduit distributed toolbar built on the community toolbar platform which provides potentially unwanted web browser integration.
SweetTunesToolbar.OurToolbar.com
87% remove it
 
Latest 20 of 10 programs
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a184-29-104-177.deploy.static.akamaitechnologies.com  (184.29.104.177:80)

TCP (HTTP):
Connects to broadband.actcorp.in  (202.83.24.145:80)

TCP (HTTP):

TCP (HTTP):
Connects to a172-227-12-216.deploy.static.akamaitechnologies.com  (172.227.12.216:80)

TCP (HTTP):
Connects to a104-81-135-228.deploy.static.akamaitechnologies.com  (104.81.135.228:80)

TCP (HTTP):

TCP (HTTP):
Connects to a104-122-76-219.deploy.static.akamaitechnologies.com  (104.122.76.219:80)

Remove uninstallerui.exe - Powered by Reason Core Security