Reason Labs

conduit-search.xml

The file conduit-search.xml has been detected as malware named PUP.SearchPlugin.conduit-search. This is a Mozilla Firefox web browser search plugin called ‘Conduit Search’ which enables the search engine provider as well as search suggestions.
MD5:
3bc2be43b7b671a9829cf8e7eedae82b

SHA-1:
07b4bdf1cb8c3cb8fda2aded22e1dd9f24cb712f

SHA-256:
903ad696f91db47e0ec0962a4ac9915745c21df0208aeba074049aa0e3c936a7

Detection:
PUP.SearchPlugin.conduit-search

Risk:
Medium

Explanation:
This potentially unwanted conduit-search search plugin for Firefox is used to direct web searches from the search bar and runs as the browser's search engine.

Analysis date:
12/15/2018 10:49:59 PM UTC  (today)

File size:
861 Bytes

File type:
OpenSearch plugin for Firefox

Common path:
C:\users\{user}\appdata\roaming\mozilla\firefox\profiles\{user}.default\searchplugins\conduit-search.xml

Mozilla Search Plugins
Name:
Conduit Search

Search Template:
http://search.conduit.com/Results.aspx?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP4A7F44CA-6962-4567-BA43-3DA46C094706&q={searchTerms}&SSPV=


<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">
  <ShortName>Conduit Search</ShortName>
  <Description>Conduit Search</Description>
  <InputEncoding>UTF-8</InputEncoding>
  <Image width="16" height="16">data:image/x-icon;base64,{removed}</Image>
  <Url type="text/html" method="GET" template="http://search.conduit.com/Results.aspx?ctid=CT3315513&amp;octid=EB_ORIGINAL_CTID&amp;SearchSource=58&amp;CUI=&amp;UM=4&amp;UP=SP4A7F44CA-6962-4567-BA43-3DA46C094706&amp;q={searchTerms}&amp;SSPV=" />
  <Url type="application/x-suggestions+json" template="http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}" />
</SearchPlugin>
Download Reason Core Security - Powerful anti-malware software