Conduit & Spigot Malware | Joachim De Zutter
7th of August 2011

BS.Player ControlBar

Conduit Engine
Filename: ConduitEngine.dll
Filesize: 3908192
MD5: 01e190b029476013db4d7203fd20cebc
SHA1: 535083d61d58bc4975012bc060a7d06dc6012dde
SHA256: db2afc2fa63401c0cfc88ee594c21741400c91db086ef5d21b05cbce9c07ede9

Filename: ConduitEngineHelper.exe 
Filesize: 38496
MD5: a320df2b47cfcaf98d06eb59cd72084c
SHA1: ed0a3155e7256b1ee3daea9b5251a4a3141592dc
SHA256: 47f14a359b58f52b632347ec80d48b493a576e42350cc7cdd9029e95072691f4

Filename: prxConduitEngine.dll
Filesize: 175912
MD5: b92293778555ce3dabe7f0a7e98b34c0
SHA1: 685d65ccd52fd9d90c402cf9026344267e8b6fd9
SHA256: 1eedc82334bd95d94e4eea97e3c9a53a4464462236683770e5a9b34e843df04c
Conduit Community Alerts
Filename: Alert.dll
Filesize: 532064
MD5: 2a2935ce273513f881439d2feca78e51
SHA1: 743cf6f7c346a3cf7bb0b81442dc14a7f3da352d
SHA256: 658c5c0ff0e8aaaf8cdff38b92c9b8d7a551426287eb50bfd6c3b22796d8ba80

Filename: Alert0.dll
Filesize: 638560
MD5: 6796f6e449f90a543dc3345538acc46f
SHA1: 97bccd25561f44e9b13f05f6eef083c9ce9ba529
SHA256: f22e58cdfe94d4a5fbbf2795a743b167ed9923e289e14654631e0077dd306c1d
Widgi Toolbar
Filename: WidgiHelper.exe
Filesize: 64512
MD5: 1047516b168618c941b014a3da5ea4f1
SHA1: c619a1e65fcc83182bbfe19547bc3ecce0d1d796
SHA256: 159ac783df6b8117c109425d5d568dd5aaeb6185b5822402c9cb58770c01ffad
Spigot Application Updater
Filename: ApplicationUpdater.exe
Filesize: 380928
MD5: 293e66aa529f0fba1aa56340e293a389
SHA1: 48ce7f1e56dbfc352c67e8081b4381f4e6826b2f
SHA256: bb9a50948b0fe28011566a1d36c4e9b6485bac0d1e95eb2ded0b82422f495a81
An HTTP connection was established with 174.36.215.20

http://www.utrace.de/?query=174.36.215.20
SoftLayer Technologies, BitPusher, LLC (Dallas, United States)

Spigot Search Settings
Filename: SearchSettings.exe
Filesize: 974848
MD5: 589b64ebb836582c46fad4f16f837815
SHA1: c1df23e854680995a86a6dfd14a8958b752544a8
SHA256: 844d25dd0efe39d87dfc9a4c78ca301ab3524509d339c427a4e4424cf2ac900e

Filename: SearchSettings.dll
Filesize: 1109504
MD5: b2370f9e01367e37d6a5f3be1a02e1d1
SHA1: 32ac44fbe3e363d6c875dae5b2aedc33339be17f
SHA256: 7d61f9c01a9fda77de044082e1c2e77e51b0f027621849186ef60e4748b9bf47

Filename: SearchSettingsRes409.dll 
Filesize: 45056
MD5: bf929abf368f3e6a7e682454bed9a645
SHA1: 1955687a644735dcafa98d5354dcd85937590ebe
SHA256: ff4e57a9358a8506e1ad595d0e405f6343281e2378d06241cb9d0774cd675060
An HTTP connection was established with 174.36.215.20

http://www.utrace.de/?query=174.36.215.20
SoftLayer Technologies, BitPusher, LLC (Dallas, United States)

Dealio Toolbar
Filename: dealioToolbarIE.dll 
Filesize: 700416
MD5: 1c87d50f3792bb26f316fc70f7389157
SHA1: 3943b6fc24572ed31d88b14c8676f47de3755650
SHA256: bcfbf36bb36de2848811f7c240d6e7b1f822eef561c17c68e3d4e537cae66e53