» client.exe
Overview
Analysis
File Details
Network (63)

client.exe

Joltlogic

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application client.exe by Joltlogic has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer.

File name:

client.exe

Publisher:

Joltlogic (signed and verified)

MD5:

c6cb268dfd7cd2f0fd3640a15248d620

SHA-1:

2ab251e9da82494f06d76814b621fc46acb2a476

SHA-256:

74fe2675a16e9ca8d3a77ca690e01966057be404d1bffa99cba4c21fd814cadb

Scanner detections:

7 / 68

Status:

Adware

Explanation:

This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/23/2024 5:46:55 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/iBryte.Gen4

7.11.206.130

AVG

Generic

2016.0.3210

ESET NOD32

MSIL/Adware.iBryte (variant)

9.11110

Qihoo 360 Security

Win32/Virus.Adware.5a6

1.0.0.1015

Reason Heuristics

PUP.Adknowledge

15.2.2.20

Rising Antivirus

PE:Trojan.FakeIcon!1.64A5

23.00.65.15131

VIPRE Antivirus

AdKnowledge

37190

File size:

1.8 MB (1,849,056 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Common path:

C:\users\{user}\appdata\local\browser extensions\client.exe

Digital Signature

Signed by:

Joltlogic

Authority:

COMODO CA Limited

Valid from:

7/15/2014 8:00:00 PM

Valid to:

7/16/2015 7:59:59 PM

Subject:

CN=Joltlogic, O=Joltlogic, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

5EE011413A702F6705B25B34B674F3AB

File PE Metadata

Compilation timestamp:

2/2/2015 9:11:40 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:BDOxuTkOCPeAyxlQGD5e/PzSvDJarY2Y9vc2L6Xo4W+52cWrirFSm0IlgEUuVsh5:Ba4TlCGl1yIA3uvcjljVQRQsG

Entry address:

0xCA77

Entry point:

E8, B3, 33, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 84, AA, 49, 00, FF, 15, 60, 00, 42, 00, 85, C0, 75, 18, 56, E8, 65, 34, 00, 00, 8B, F0, FF, 15, 5C, 00, 42, 00, 50, E8, 15, 34, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, C1, 83, 60, 04, 00, C7, 00, 04, 42, 49, 00, C6, 40, 08, 00, C3, 8B, FF, 55, 8B, EC, 8B, C1, 8B, 4D, 08, C7, 00, 04, 42, 49, 00, 8B, 09, 89, 48, 04, C6, 40, 08, 00, 5D, C2, 08, 00, 8B, 41, 04, 85, C0, 75, 05, B8, 0C, 42, 49, 00, C3, 8B... 
[+]

Entropy:

6.0614

Code size:

123 KB (125,952 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to yk-in-f147.1e100.net (74.125.196.147:443)

TCP (HTTP):

Connects to webcluster50.one.com (46.30.212.50:80)

TCP (HTTP SSL):

Connects to server-54-192-81-145.mia50.r.cloudfront.net (54.192.81.145:443)

TCP (HTTP SSL):

Connects to ord30s22-in-f14.1e100.net (216.58.216.110:443)

TCP (HTTP SSL):

Connects to ord30s21-in-f3.1e100.net (216.58.216.67:443)

TCP (HTTP SSL):

Connects to ord30s21-in-f14.1e100.net (216.58.216.78:443)

TCP (HTTP SSL):

Connects to ord30s21-in-f1.1e100.net (216.58.216.65:443)

TCP (HTTP SSL):

Connects to msnbot-65-55-252-43.search.msn.com (65.55.252.43:443)

TCP (HTTP):

Connects to mpr1.ngd.vip.bf1.yahoo.com (98.139.225.42:80)

TCP (HTTP):

Connects to hosted-by.leaseweb.com (198.7.59.23:80)

TCP (HTTP SSL):

Connects to float.1448.bm-impbus.prod.nym2.adnexus.net (68.67.152.8:443)

TCP (HTTP):

Connects to float.1239.bm-impbus.prod.nym2.adnexus.net (68.67.152.104:80)

TCP (HTTP):

Connects to float.1141.bm-impbus.prod.nym2.adnexus.net (68.67.152.135:80)

TCP (HTTP SSL):

Connects to edge-star-shv-01-dfw1.facebook.com (31.13.66.1:443)

TCP (HTTP):

Connects to ec2-54-243-78-45.compute-1.amazonaws.com (54.243.78.45:80)

TCP (HTTP):

Connects to ec2-54-243-247-40.compute-1.amazonaws.com (54.243.247.40:80)

TCP (HTTP):

Connects to ec2-54-243-180-63.compute-1.amazonaws.com (54.243.180.63:80)

TCP (HTTP):

Connects to ec2-54-237-84-180.compute-1.amazonaws.com (54.237.84.180:80)

TCP (HTTP):

Connects to ec2-54-236-147-174.compute-1.amazonaws.com (54.236.147.174:80)

TCP (HTTP):

Connects to ec2-54-229-255-217.eu-west-1.compute.amazonaws.com (54.229.255.217:80)

Remove client.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.