home

spqatools.exe

Search Protect

ClientConnect LTD

The file belongs to the ClientConnect (Conduit/Perion) platform, a utility that bundles and monetizes search toolbars and browser add-ons. The application spqatools.exe by ClientConnect has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Client Connect LTD  (signed by ClientConnect LTD)

Product:
Search Protect

Version:
2.15.0.91

MD5:
2acfdfd0034295600ed804e8493daf8c

SHA-1:
2f9c2f147e9dd3777e7565e93fbab8b1aab15e6c

SHA-256:
2e72802059e09cca8f0677d0dd4a08ea7ea805183036b860a6bec6aa3d2bcd80

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
5/7/2024 9:36:37 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Conduit.ClientConnect (M)
16.1.13.0

File size:
2.4 MB (2,499,544 bytes)

Product version:
2.15.0.91

Copyright:
© 2014 ClientConnect Ltd.

Original file name:
SearchProtect (R)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\jsystem\runner\thirdparty\conduit\spqatools.exe

Digital Signature
Signed by:
ClientConnect LTD

Authority:
Symantec Corporation

Valid from:
5/27/2014 3:00:00 AM

Valid to:
5/28/2016 2:59:59 AM

Subject:
CN=ClientConnect LTD, OU=NetGuard Search, O=ClientConnect LTD, L=Ness Ziona, S=Israel, C=IL

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
2212C4948383813DC0714A0028280207

File PE Metadata
Compilation timestamp:
6/1/2014 10:17:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
12.0

CTPH (ssdeep):
49152:oxqEju+LwaWYQ96+o4nN8KBMQ5ZZ+sil6nyqDzNhX3Uvz:A9juFeQ96EnNtBZ5VS

Entry address:
0x1582E5

Entry point:
E8, 0F, CE, 00, 00, E9, 7B, FE, FF, FF, 55, 8B, EC, 83, EC, 20, 83, 65, E0, 00, 33, C0, 57, 8D, 7D, E4, 6A, 07, 59, F3, AB, 39, 45, 14, 75, 18, E8, CC, 3C, 00, 00, C7, 00, 16, 00, 00, 00, E8, B7, 85, 00, 00, 83, C8, FF, E9, C4, 00, 00, 00, 8B, 7D, 10, 56, 8B, 75, 0C, 85, FF, 74, 1C, 85, F6, 75, 18, E8, A5, 3C, 00, 00, C7, 00, 16, 00, 00, 00, E8, 90, 85, 00, 00, 83, C8, FF, E9, 9C, 00, 00, 00, C7, 45, EC, 42, 00, 00, 00, 89, 75, E8, 89, 75, E0, 81, FF, FF, FF, FF, 3F, 76, 09, C7, 45, E4, FF, FF, FF, 7F, EB...
 
[+]

Entropy:
6.6111

Code size:
1.5 MB (1,580,544 bytes)

Remove spqatools.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.