home

client.exe

The application client.exe has been detected as a potentially unwanted program by 29 anti-malware scanners. Additionally, the file is typically installed by a number of programs including RocketTab: by Adknowledge, Inc. and Rockettab by Rich River Media, LLC, both potentially unwanted software. According to AVG, this software downloads additional adware offers during setup.
MD5:
3d5e550924914d758d8304ef89a7b315

SHA-1:
3adcf579f3fff6988fa5ad93b93e20ace6849b62

SHA-256:
59dec28c71db933e523599bc8c6881b8d273c1e7d05459360317a6abbab4746b

Scanner detections:
29 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 5:01:13 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2087739
650

AhnLab V3 Security
Adware/Win32.Mikey
2015.04.22

Avira AntiVirus
ADWARE/iBryte.Gen4
7.11.202.26

avast!
Win32:Dropper-gen [Drp]
2014.9-150425

AVG
Downloader
2016.0.3128

Baidu Antivirus
Adware.MSIL.iBryte
4.0.3.15117

Bitdefender
Trojan.GenericKD.2087739
1.0.20.575

Comodo Security
ApplicUnwnt
21852

Emsisoft Anti-Malware
Trojan.GenericKD.2087739
8.15.04.25.07

ESET NOD32
MSIL/Adware.iBryte (variant)
9.11028

Fortinet FortiGate
MSIL/IBryte.A
4/25/2015

F-Secure
Trojan.GenericKD.2087739
11.2015-25-04_7

G Data
Trojan.GenericKD.2087739
15.4.25

K7 AntiVirus
Adware
13.203.15666

Kaspersky
not-a-virus:AdWare.Win32.iBryte
14.0.0.2136

McAfee
Artemis!3D5E55092491
5600.6784

MicroWorld eScan
Trojan.GenericKD.2087739
16.0.0.345

NANO AntiVirus
Riskware.Win32.IBryte.dnylmq
0.30.20.1219

Norman
Troj_Generic.YFMAB
11.20150425

nProtect
Trojan.GenericKD.2087739
15.04.20.01

Panda Antivirus
Trj/Genetic.gen
15.04.25.07

Qihoo 360 Security
Win32/Virus.Adware.5a6
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
15.1.17.11

Sophos
Mal/Wintrim-A
4.98

SUPERAntiSpyware
Adware.iBryte/Variant
9913

Trend Micro House Call
TROJ_GEN.R011C0EB315
7.2.115

Trend Micro
TROJ_GEN.R011C0EB315
10.465.25

VIPRE Antivirus
iBryte
39564

Zillya! Antivirus
Adware.iBryte.Win32.7482
2.0.0.2147

File size:
2.5 MB (2,628,608 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\search extensions\client.exe

File PE Metadata
Compilation timestamp:
1/16/2015 11:01:23 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:ZeFN6OgJ+JG+5Q8Cu7ravEYNRXDqRiwpw:Zx

Entry address:
0xCC07

Entry point:
E8, B3, 33, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 84, 0E, 4A, 00, FF, 15, 60, 00, 42, 00, 85, C0, 75, 18, 56, E8, 65, 34, 00, 00, 8B, F0, FF, 15, 5C, 00, 42, 00, 50, E8, 15, 34, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, C1, 83, 60, 04, 00, C7, 00, 00, A0, 49, 00, C6, 40, 08, 00, C3, 8B, FF, 55, 8B, EC, 8B, C1, 8B, 4D, 08, C7, 00, 00, A0, 49, 00, 8B, 09, 89, 48, 04, C6, 40, 08, 00, 5D, C2, 08, 00, 8B, 41, 04, 85, C0, 75, 05, B8, 08, A0, 49, 00, C3, 8B...
 
[+]

Code size:
123.5 KB (126,464 bytes)

The file client.exe has been discovered within the following programs.

Rockettab  by Rich River Media, LLC
RocketTab is an adware program that injects advertising in the user's web browser by creating a local proxy server and routing all Internet traffic through that proxy. By re-routing traffic the service will be able to include various ads in the HTML of the displaying web page.
rockettab.com
88% remove it
RocketTab:  by Adknowledge, Inc.
RocketTab is an advertising supported browser extension also known as adware and is designed to deliver ads to the user's Internet browser as banners, context text-links and transitionals ads. The injected ads are not affiliated with the underlying website on which they appear.
www.adknowledge.com
87% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to zacks.com  (208.65.116.3:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-dfw1.fbcdn.net  (31.13.66.5:443)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

TCP (HTTP SSL):
Connects to sea15s01-in-f6.1e100.net  (216.58.216.134:443)

TCP (HTTP SSL):
Connects to sea09s16-in-f21.1e100.net  (173.194.33.117:443)

TCP (HTTP SSL):
Connects to qg-in-f101.1e100.net  (74.125.29.101:443)

TCP (HTTP SSL):
Connects to par10s09-in-f1.1e100.net  (173.194.40.97:443)

TCP (HTTP SSL):
Connects to par03s15-in-f14.1e100.net  (216.58.211.110:443)

TCP (HTTP SSL):
Connects to par03s14-in-f14.1e100.net  (216.58.211.78:443)

TCP (HTTP SSL):
Connects to par03s13-in-f9.1e100.net  (173.194.45.73:443)

TCP (HTTP SSL):
Connects to ip-69-22-158-90.gtt.net  (69.22.158.90:443)

TCP (HTTP SSL):
Connects to ip-69-22-158-9.gtt.net  (69.22.158.9:443)

TCP (HTTP):
Connects to ifd1.bubbledock.co.uk  (178.32.60.37:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to host-62-24-200-18.as13285.net  (62.24.200.18:80)

TCP (HTTP):
Connects to host-62-24-200-12.as13285.net  (62.24.200.12:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-lax1.facebook.com  (31.13.70.1:443)

TCP (HTTP):
Connects to ec2-79-125-124-159.eu-west-1.compute.amazonaws.com  (79.125.124.159:80)

TCP (HTTP SSL):
Connects to ec2-54-84-52-85.compute-1.amazonaws.com  (54.84.52.85:443)

Remove client.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.