Adware.Win32.Conduit.S

2025年5月13日

解析者: Raighen Sanchez

別名:

AdWare.Win32.Conduit.dau (KASPERSKY)

プラットフォーム:

Windows

危険度:

ダメージ度:

感染力:

感染確認数:

情報漏えい:

マルウェアタイプ:
アドウェア
破壊活動の有無:
なし
暗号化:
感染報告の有無 :
はい

詳細

ファイルサイズ 5,278,018 bytes

タイプ EXE

発見日 2025年5月12日

ペイロード URLまたはIPアドレスに接続, ファイルの作成

インストール

アドウェアは、以下のファイルを作成します。

%User Temp%\nspC498.tmp\FindProcDLL.dll
%User Temp%\nspC498.tmp\NSISdl.dll
%User Temp%\installer.exe
%User Temp%\nspC498.tmp\nsisunz.dll
%User Temp%\Toolbar\META-INF\zigbert.rsa
%User Temp%\Toolbar\conduitengine.xpi
%User Temp%\Toolbar\install.rdf
%User Temp%\Toolbar\nova-ja_tb.xpi
%User Temp%\Toolbar\META-INF\manifest.mf
%User Temp%\Toolbar\META-INF\zigbert.sf
%User Temp%\Toolbar\META-INF\zigbert.rsa
%User Temp%\Toolbar\chrome\nova-ja.jar
%User Temp%\Toolbar\chrome.manifest
%User Temp%\Toolbar\components\ConduitAutoCompleteSearch.js
%User Temp%\Toolbar\components\ConduitAutoCompleteSearch.xpt
%User Temp%\Toolbar\components\ConduitToolbar.idl
%User Temp%\Toolbar\components\ConduitToolbar.js
%User Temp%\Toolbar\components\ConduitToolbar.xpt
%User Temp%\Toolbar\components\RadioWMPCore.dll
%User Temp%\Toolbar\components\RadioWMPCore.xpt
%User Temp%\Toolbar\components\RadioWMPCoreGecko19.dll
%User Temp%\Toolbar\defaults\alertSettingsComponent.xml
%User Temp%\Toolbar\defaults\appContextMenu.xml
%User Temp%\Toolbar\defaults\engineContextMenu.xml
%User Temp%\Toolbar\defaults\engineSettings.json
%User Temp%\Toolbar\defaults\fbAlert.js
%User Temp%\Toolbar\defaults\getAppsContextMenu.xml
%User Temp%\Toolbar\defaults\postAppsContextMenu.xml
%User Temp%\Toolbar\defaults\toolbarContextMenu.xml
%User Temp%\Toolbar\defaults\unsharedAppsContextMenu.xml
%User Temp%\Toolbar\install.rdf
%User Temp%\Toolbar\lib\xpcom.js
%User Temp%\Toolbar\searchplugin\conduit.gif
%User Temp%\Toolbar\searchplugin\conduit.ico
%User Temp%\Toolbar\searchplugin\conduit.PNG
%User Temp%\Toolbar\searchplugin\conduit.src
%User Temp%\Toolbar\searchplugin\conduit.xml
%User Temp%\Toolbar\version.txt
%User Temp%\Toolbar\META-INF\manifest.mf
%User Temp%\Toolbar\META-INF\zigbert.sf
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\META-INF\zigbert.rsa
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\chrome\conduitengine.jar
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\chrome.manifest
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\components\ConduitToolbar.idl
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\components\ConduitToolbar.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\defaults\appContextMenu.xml
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\defaults\engineSettings.json
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\defaults\fbAlert.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\DualPackage\install.rdf
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\install.rdf
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\lib\xpcom.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\searchplugin\conduit.gif
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\searchplugin\conduit.ico
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\searchplugin\conduit.PNG
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\searchplugin\conduit.src
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\searchplugin\conduit.xml
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\version.txt
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\META-INF\manifest.mf
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\engine@conduit.com\META-INF\zigbert.sf
%User Temp%\Toolbar\setup.ini
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\chrome.manifest
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\install.rdf
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\setup.ini
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\version.txt
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\chrome\nova-ja.jar
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\components\ConduitAutoCompleteSearch.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\components\ConduitAutoCompleteSearch.xpt
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\components\ConduitToolbar.idl
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\components\ConduitToolbar.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\components\ConduitToolbar.xpt
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\components\RadioWMPCore.dll
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\components\RadioWMPCore.xpt
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\components\RadioWMPCoreGecko19.dll
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\defaults\alertSettingsComponent.xml
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\defaults\appContextMenu.xml
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\defaults\engineContextMenu.xml
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\defaults\engineSettings.json
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\defaults\fbAlert.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\defaults\getAppsContextMenu.xml
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\defaults\postAppsContextMenu.xml
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\defaults\toolbarContextMenu.xml
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\defaults\unsharedAppsContextMenu.xml
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\lib\xpcom.js
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\META-INF\manifest.mf
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\META-INF\zigbert.rsa
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\META-INF\zigbert.sf
%AppDataLocal%\Conduit\CT2132275\~GLH0006.TMP
%Program Files%\Nova-JA\~GLH0007.TMP
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\searchplugin\conduit.gif
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\searchplugin\conduit.ico
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\searchplugin\conduit.PNG
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\searchplugin\conduit.src
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\searchplugin\conduit.xml
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\prefs.new
%User Temp%\nspC498.tmp\System.dll
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\prefs.new
%AppDataLocalLow%\ConduitEngine\ConduitEngine.dll

アドウェアは、以下のフォルダを作成します。

%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\chrome
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\components
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\defaults
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\lib
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\META-INF
%Application Data%\Mozilla\Firefox\Profiles\dxxbjsgn.default\extensions\{001709de-38a5-4f77-a69b-2f284030ddff}\searchplugin

(註：%Application Data%フォルダは、現在ログオンしているユーザのアプリケーションデータフォルダです。Windows 2000(32-bit)、XP、Server 2003(32-bit)の場合、通常 "C:\Documents and Settings\＜ユーザ名＞\Local Settings\Application Data" です。また、Windows Vista、7、8、8.1、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Users\＜ユーザ名＞\AppData\Roaming" です。)

その他

アドウェアは、以下の不正なWebサイトにアクセスします。

http://{BLOCKED}s.conduit.com/iis2ebs.asp
http://{BLOCKED}gle.com/s/2/5/25623-656212-ccleaner.exe
http://{BLOCKEDration.engine.conduit-services.com/EngineRegistration.ashx
http://{BLOCKED}map.conduit-services.com/Toolbar/?ownerId=CT2132275
http://{BLOCKED}ation.engine.conduit-services.com/?browser=IE&lut=0&locale=en-us
http://{BLOCKED}tmenu.engine.conduit-services.com/apps/TranslatedApps.ashx?productId=1&name=engineContextMenu&locale=en-us
http://{BLOCKED}.ourtoolbar.com/notfound/?actid=CT2132275&octid=CT2132275&url=http://go.microsoft.com/fwlink/?LinkID=121792

Adware.Win32.Conduit.S

詳細

リソース

サポート

会社概要

東京本社

Adware.Win32.Conduit.S

詳細

リソース

サポート

会社概要

東京本社

The Americas

Asia Pacific

Europe, Middle East & Africa