client.exe

The executable client.exe has been detected as malware by 1 anti-virus scanner. This executable runs as a local area network (LAN) Internet proxy server listening on port 62097 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address 74-115-4-114.anchorfree.com on port 443.
MD5:
3a8fa7a063d97750bf4afa3bf42a63b0

SHA-1:
12f1faf284ee76c00bf49f75838ab501a157f919

SHA-256:
5aabc3f4c39d617cabadd95b2275f886032c83a45099b4287347690e18b2f3ae

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/27/2024 7:25:21 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.6.17.4

File size:
2.5 MB (2,591,232 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\search extensions\client.exe

File PE Metadata
Compilation timestamp:
12/29/2014 9:54:09 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:IqR/m2x/BLv385bLJqo/2pxJSBFjROk7ae5Rgs:7

Entry address:
0xAB57

Entry point:
E8, A3, 32, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 44, 89, 49, 00, FF, 15, 60, E0, 41, 00, 85, C0, 75, 18, 56, E8, 55, 33, 00, 00, 8B, F0, FF, 15, 5C, E0, 41, 00, 50, E8, 05, 33, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, C1, 83, 60, 04, 00, C7, 00, 2C, 24, 49, 00, C6, 40, 08, 00, C3, 8B, FF, 55, 8B, EC, 8B, C1, 8B, 4D, 08, C7, 00, 2C, 24, 49, 00, 8B, 09, 89, 48, 04, C6, 40, 08, 00, 5D, C2, 08, 00, 8B, 41, 04, 85, C0, 75, 05, B8, 34, 24, 49, 00, C3, 8B...
 
[+]

Entropy:
6.0868

Code size:
114.5 KB (117,248 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:62097/

Local host port:
62097

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-154-109-8.eu-west-1.compute.amazonaws.com  (54.154.109.8:80)

TCP (HTTP):
Connects to ec2-50-17-224-168.compute-1.amazonaws.com  (50.17.224.168:80)

TCP (HTTP SSL):
Connects to 74-115-4-114.anchorfree.com  (74.115.4.114:443)

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (199.58.87.151:80)

TCP (HTTP SSL):
Connects to ec2-52-73-109-231.compute-1.amazonaws.com  (52.73.109.231:443)

TCP (HTTP):
Connects to server-54-192-159-148.sin3.r.cloudfront.net  (54.192.159.148:80)

TCP (HTTP):
Connects to ec2-23-23-137-17.compute-1.amazonaws.com  (23.23.137.17:80)

TCP (HTTP SSL):
Connects to a184-51-117-221.deploy.static.akamaitechnologies.com  (184.51.117.221:443)

Remove client.exe - Powered by Reason Core Security