client.exe

Joltlogic

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application client.exe by Joltlogic has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer.
Publisher:
Joltlogic  (signed and verified)

MD5:
c6cb268dfd7cd2f0fd3640a15248d620

SHA-1:
2ab251e9da82494f06d76814b621fc46acb2a476

SHA-256:
74fe2675a16e9ca8d3a77ca690e01966057be404d1bffa99cba4c21fd814cadb

Scanner detections:
7 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 2:11:12 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/iBryte.Gen4
7.11.206.130

AVG
Generic
2016.0.3210

ESET NOD32
MSIL/Adware.iBryte (variant)
9.11110

Qihoo 360 Security
Win32/Virus.Adware.5a6
1.0.0.1015

Reason Heuristics
PUP.Adknowledge
15.2.2.20

Rising Antivirus
PE:Trojan.FakeIcon!1.64A5
23.00.65.15131

VIPRE Antivirus
AdKnowledge
37190

File size:
1.8 MB (1,849,056 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Common path:
C:\users\{user}\appdata\local\browser extensions\client.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/15/2014 8:00:00 PM

Valid to:
7/16/2015 7:59:59 PM

Subject:
CN=Joltlogic, O=Joltlogic, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
5EE011413A702F6705B25B34B674F3AB

File PE Metadata
Compilation timestamp:
2/2/2015 9:11:40 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:BDOxuTkOCPeAyxlQGD5e/PzSvDJarY2Y9vc2L6Xo4W+52cWrirFSm0IlgEUuVsh5:Ba4TlCGl1yIA3uvcjljVQRQsG

Entry address:
0xCA77

Entry point:
E8, B3, 33, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 84, AA, 49, 00, FF, 15, 60, 00, 42, 00, 85, C0, 75, 18, 56, E8, 65, 34, 00, 00, 8B, F0, FF, 15, 5C, 00, 42, 00, 50, E8, 15, 34, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, C1, 83, 60, 04, 00, C7, 00, 04, 42, 49, 00, C6, 40, 08, 00, C3, 8B, FF, 55, 8B, EC, 8B, C1, 8B, 4D, 08, C7, 00, 04, 42, 49, 00, 8B, 09, 89, 48, 04, C6, 40, 08, 00, 5D, C2, 08, 00, 8B, 41, 04, 85, C0, 75, 05, B8, 0C, 42, 49, 00, C3, 8B...
 
[+]

Entropy:
6.0614

Code size:
123 KB (125,952 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to yk-in-f147.1e100.net  (74.125.196.147:443)

TCP (HTTP):
Connects to webcluster50.one.com  (46.30.212.50:80)

TCP (HTTP SSL):
Connects to server-54-192-81-145.mia50.r.cloudfront.net  (54.192.81.145:443)

TCP (HTTP SSL):
Connects to ord30s22-in-f14.1e100.net  (216.58.216.110:443)

TCP (HTTP SSL):
Connects to ord30s21-in-f3.1e100.net  (216.58.216.67:443)

TCP (HTTP SSL):
Connects to ord30s21-in-f14.1e100.net  (216.58.216.78:443)

TCP (HTTP SSL):
Connects to ord30s21-in-f1.1e100.net  (216.58.216.65:443)

TCP (HTTP SSL):
Connects to msnbot-65-55-252-43.search.msn.com  (65.55.252.43:443)

TCP (HTTP):
Connects to mpr1.ngd.vip.bf1.yahoo.com  (98.139.225.42:80)

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (198.7.59.23:80)

TCP (HTTP SSL):
Connects to float.1448.bm-impbus.prod.nym2.adnexus.net  (68.67.152.8:443)

TCP (HTTP):
Connects to float.1239.bm-impbus.prod.nym2.adnexus.net  (68.67.152.104:80)

TCP (HTTP):
Connects to float.1141.bm-impbus.prod.nym2.adnexus.net  (68.67.152.135:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-dfw1.facebook.com  (31.13.66.1:443)

TCP (HTTP):
Connects to ec2-54-243-78-45.compute-1.amazonaws.com  (54.243.78.45:80)

TCP (HTTP):
Connects to ec2-54-243-247-40.compute-1.amazonaws.com  (54.243.247.40:80)

TCP (HTTP):
Connects to ec2-54-243-180-63.compute-1.amazonaws.com  (54.243.180.63:80)

TCP (HTTP):
Connects to ec2-54-237-84-180.compute-1.amazonaws.com  (54.237.84.180:80)

TCP (HTTP):
Connects to ec2-54-236-147-174.compute-1.amazonaws.com  (54.236.147.174:80)

TCP (HTTP):
Connects to ec2-54-229-255-217.eu-west-1.compute.amazonaws.com  (54.229.255.217:80)

Remove client.exe - Powered by Reason Core Security