Client.exe

The application Client.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 49166 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Version:
1.0.5385.16930

MD5:
bcf7aab636c611042087ba8d3383bf7d

SHA-1:
28514ce87c3f9a47f3a4ca7be7463e925a2a8432

SHA-256:
8b60c0cb6cfa7dab5a2303ef14316c42cc5dc8f8317d35fa4d37d6c13b0e00ac

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 3:31:51 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.835175
794

avast!
Win32:IBryte-EP [PUP]
2014.9-141202

Baidu Antivirus
Adware.MSIL.iBryte
4.0.3.14122

Bitdefender
Application.Generic.835175
1.0.20.1680

ESET NOD32
MSIL/Adware.iBryte (variant)
8.10569

F-Secure
Application.Generic.835175
11.2014-02-12_3

G Data
Application.Generic.835175
14.12.24

MicroWorld eScan
Application.Generic.835175
15.0.0.1008

File size:
833.5 KB (853,504 bytes)

Product version:
1.0.5385.16930

Original file name:
Client.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\geniusbox\client.exe

File PE Metadata
Compilation timestamp:
9/29/2014 6:24:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:t+3pprFxCY0mnIpSTFNC9G2lNSztL6JSryZQucofD:tArumZwBlk6JSaQuckD

Entry address:
0xD1A9A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.2913

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
831 KB (850,944 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49166/

Local host port:
49166

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to video.dc6.vcmedia.com  (8.18.45.89:80)

TCP (HTTP):
Connects to usloft3956.serverprofi24.eu  (173.224.117.140:80)

TCP (HTTP):
Connects to server-54-192-192-65.iad53.r.cloudfront.net  (54.192.192.65:80)

TCP (HTTP SSL):
Connects to rtr2a.l7.search.vip.bf1.yahoo.com  (98.137.201.165:443)

TCP (HTTP):
Connects to ord08s13-in-f27.1e100.net  (173.194.46.123:80)

TCP (HTTP):
Connects to ord08s13-in-f25.1e100.net  (173.194.46.121:80)

TCP (HTTP):
Connects to ord08s08-in-f13.1e100.net  (74.125.225.109:80)

TCP (HTTP):
Connects to ec2-54-88-74-91.compute-1.amazonaws.com  (54.88.74.91:80)

TCP (HTTP SSL):
Connects to ec2-54-88-194-191.compute-1.amazonaws.com  (54.88.194.191:443)

TCP (HTTP):
Connects to ec2-54-83-37-21.compute-1.amazonaws.com  (54.83.37.21:80)

TCP (HTTP):
Connects to ec2-54-243-210-252.compute-1.amazonaws.com  (54.243.210.252:80)

TCP (HTTP):
Connects to ec2-54-235-91-75.compute-1.amazonaws.com  (54.235.91.75:80)

TCP (HTTP):
Connects to ec2-54-225-177-255.compute-1.amazonaws.com  (54.225.177.255:80)

TCP (HTTP):
Connects to ec2-23-21-54-14.compute-1.amazonaws.com  (23.21.54.14:80)

TCP (HTTP):
Connects to ec2-107-23-30-94.compute-1.amazonaws.com  (107.23.30.94:80)

TCP (HTTP):
Connects to ec2-107-23-113-72.compute-1.amazonaws.com  (107.23.113.72:80)

TCP (HTTP):
Connects to 174.127.83.136.static.midphase.com  (174.127.83.136:80)

TCP (HTTP):
Connects to 108.168.240.194-static.reverse.softlayer.com  (108.168.240.194:80)

Remove Client.exe - Powered by Reason Core Security