valueapps.exe

ValueApps.exe

Conduit Ltd.

The file belongs to the Conduit API platform, a utility that bundles and monetizes search toolbars and web browser extensions. The application valueapps.exe by Conduit has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “ValueApps”. While running, it connects to the Internet address portal-xiva.yandex.net on port 443.
Publisher:
Conduit  (signed by Conduit Ltd.)

Product:
ValueApps.exe

Version:
2.2.6.4

MD5:
2f8ec16574849da5c09b9298fe7f2adb

SHA-1:
cff1165e2a3a85e14f8491202fe0ae7ab364dbb8

SHA-256:
db3c27216bc5e0e77ceb7f43a2a1404e97dbee847e553c973aa3b859d6a2a5aa

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
11/23/2024 9:32:14 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Service.Conduit.J
14.8.7.22

VIPRE Antivirus
Conduit
23830

File size:
2 MB (2,149,152 bytes)

Product version:
2.2.6.4

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\valueapps\valueapps.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/3/2013 1:00:00 AM

Valid to:
4/4/2016 1:59:59 AM

Subject:
CN=Conduit Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Conduit Ltd., L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3A82654719D8F75B59134F7B66465210

File PE Metadata
Compilation timestamp:
8/14/2013 3:34:38 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:dE33WOlm5JXxkHpv9txxXJqUPTCsiGu7MMt1GSn+XL18nqAvwzO6AyxaeOSATwKb:drG1tT8c1at1GY+JSnIFgSATN2kO7NO

Entry address:
0x13262F

Entry point:
E8, FA, 2D, 01, 00, E9, 78, FE, FF, FF, 6A, 10, 68, 00, B8, 5E, 00, E8, D3, 11, 00, 00, 8B, 5D, 08, 85, DB, 75, 0E, FF, 75, 0C, E8, DA, CF, FF, FF, 59, E9, CC, 01, 00, 00, 8B, 75, 0C, 85, F6, 75, 0C, 53, E8, 91, D0, FF, FF, 59, E9, B7, 01, 00, 00, 83, 3D, 80, AC, 5F, 00, 03, 0F, 85, 93, 01, 00, 00, 33, FF, 89, 7D, E4, 83, FE, E0, 0F, 87, 8A, 01, 00, 00, 6A, 04, E8, F9, 5F, 00, 00, 59, 89, 7D, FC, 53, E8, 1D, 61, 00, 00, 59, 89, 45, E0, 3B, C7, 0F, 84, 9E, 00, 00, 00, 3B, 35, A8, AC, 5F, 00, 77, 49, 56, 53...
 
[+]

Code size:
1.7 MB (1,734,144 bytes)

Service
Display name:
ValueApps

Description:
ValueApps service

Type:
Win32OwnProcess

Depends on:
RPCSS


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to wb-in-f188.1e100.net  (66.102.1.188:443)

TCP (HTTP SSL):
Connects to a104-93-246-90.deploy.static.akamaitechnologies.com  (104.93.246.90:443)

TCP (HTTP SSL):
Connects to ec2-52-2-10-61.compute-1.amazonaws.com  (52.2.10.61:443)

TCP (HTTP SSL):
Connects to ec2-52-6-82-78.compute-1.amazonaws.com  (52.6.82.78:443)

TCP (HTTP SSL):
Connects to ec2-52-59-102-196.eu-central-1.compute.amazonaws.com  (52.59.102.196:443)

TCP (HTTP SSL):
Connects to 92.13.7a9f.ip4.static.sl-reverse.com  (159.122.19.146:443)

TCP (HTTP):
Connects to ec2-54-225-182-66.compute-1.amazonaws.com  (54.225.182.66:80)

TCP (HTTP):
Connects to top-fwz1.mail.ru  (217.69.136.175:80)

TCP (HTTP SSL):
Connects to sovetnik.market.http.yandex.ru  (87.250.250.41:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-frt3.facebook.com  (31.13.92.36:443)

TCP (HTTP):
Connects to a2-16-4-160.deploy.akamaitechnologies.com  (2.16.4.160:80)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.gq1.yahoo.com  (208.71.45.11:443)

TCP (HTTP):
Connects to passport.yandex.ru  (213.180.204.24:80)

TCP (HTTP):
Connects to partner.rozetka.com.ua  (193.200.64.44:80)

TCP (HTTP):
Connects to ip40.ip-94-23-96.eu  (94.23.96.40:80)

TCP (HTTP SSL):
Connects to dsnl37.fornex.org  (185.18.52.85:443)

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

TCP (HTTP):
Connects to noexport.yandex.ru  (141.8.146.178:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-frt3.facebook.com  (31.13.92.10:443)

TCP (HTTP SSL):
Connects to ec2-52-72-157-241.compute-1.amazonaws.com  (52.72.157.241:443)

Remove valueapps.exe - Powered by Reason Core Security