client.exe

ClientWrapper

Product:
ClientWrapper

Version:
1.0.5681.21828

MD5:
27f5f708b555be1c7dfd2765eb278fbd

SHA-1:
5929f26c8a9222a840a763797184115a9cfe8d90

SHA-256:
db2646a09f7814e8b2d94a489271f8a904954c365f0c7a5c57b8423ed8a1ac11

Scanner detections:
9 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/25/2024 1:23:13 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.687406
562

Arcabit
Trojan.Kazy.DA7D2E
1.0.0.425

Bitdefender
Gen:Variant.Kazy.687406
1.0.20.1015

Emsisoft Anti-Malware
Gen:Variant.Kazy.687406
10.0.0.5366

F-Secure
Gen:Variant.Kazy.687406
5.14.151

G Data
Gen:Variant.Kazy.687406
15.7.25

McAfee
Trojan.GeniusBox!27F5F708B555
18.0.204.0

MicroWorld eScan
Gen:Variant.Kazy.687406
16.0.0.609

Norman
Gen:Variant.Kazy.687406
07.07.2015 03:10:29

File size:
75 KB (76,800 bytes)

Product version:
1.0.5681.21828

Copyright:
Copyright © 2015

Original file name:
ClientWrapper.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\user extensions\client.exe

File PE Metadata
Compilation timestamp:
7/22/2015 6:08:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:b+b8esB0wO9gLY4OfKwemU88KGKylYEhYQSy03Ih:b+b8ew44oKwx4KTyyEhx

Entry address:
0x1413E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9567

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
72.5 KB (74,240 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-50-17-224-168.compute-1.amazonaws.com  (50.17.224.168:80)

TCP (HTTP):
Connects to a23-61-194-163.deploy.static.akamaitechnologies.com  (23.61.194.163:80)

TCP (HTTP):
Connects to a23-203-227-90.deploy.static.akamaitechnologies.com  (23.203.227.90:80)

TCP (HTTP):
Connects to ec2-54-204-8-133.compute-1.amazonaws.com  (54.204.8.133:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.gq1.yahoo.com  (208.71.45.11:80)

TCP (HTTP SSL):
Connects to any-in-2014.1e100.net  (216.239.32.20:443)

TCP (HTTP):
Connects to a23-61-194-250.deploy.static.akamaitechnologies.com  (23.61.194.250:80)

TCP (HTTP):
Connects to a23-61-194-209.deploy.static.akamaitechnologies.com  (23.61.194.209:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to a-0001.a-msedge.net  (204.79.197.200:443)

TCP (HTTP):
Connects to 172-245-127-102-host.colocrossing.com  (172.245.127.102:80)

TCP (HTTP):
Connects to ec2-54-235-170-110.compute-1.amazonaws.com  (54.235.170.110:80)

TCP (HTTP):
Connects to ec2-54-215-230-52.us-west-1.compute.amazonaws.com  (54.215.230.52:80)

TCP (HTTP):
Connects to a23-61-194-178.deploy.static.akamaitechnologies.com  (23.61.194.178:80)

TCP (HTTP SSL):
Connects to a23-56-127-214.deploy.static.akamaitechnologies.com  (23.56.127.214:443)

TCP (HTTP):
Connects to a23-56-112-113.deploy.static.akamaitechnologies.com  (23.56.112.113:80)

TCP (HTTP):

TCP (HTTP):
Connects to keepracinesafe.org  (12.231.44.141:80)

TCP (HTTP):
Connects to IP-208-40-245-50.nframe.net  (208.40.245.50:80)

TCP (HTTP):
Connects to ec2-54-152-209-31.compute-1.amazonaws.com  (54.152.209.31:80)

Scan client.exe - Powered by Reason Core Security