Client.exe

The application Client.exe has been detected as adware by 3 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Rockettab by Rich River Media, LLC and “RocketTab” by Adknowledge, both potentially unwanted software.
Version:
1.0.5347.16990

MD5:
acc8f3ac078f3aa6f68281c4ad90a63f

SHA-1:
5f1721492c29116042be913487395a24af7bcb29

SHA-256:
dfe9eed5e6a371f909e3c113ed696584566da07adb6135ebbf74dff9834b6a47

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
11/26/2024 10:47:46 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.MSIL.iBryte
4.0.3.14823

ESET NOD32
MSIL/Adware.iBryte (variant)
8.10298

Reason Heuristics
Adware.RocketTab.G
14.9.10.17

File size:
1.4 MB (1,416,192 bytes)

Product version:
1.0.5347.16990

Original file name:
Client.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\rockettab\client.exe

File PE Metadata
Compilation timestamp:
8/22/2014 6:26:39 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:WOls3owfRWbhBCzht6ZSaInG+Ro4iMT3Qbr4cLBYtDqFo:vNSX9t6ZSTRRoxId

Entry address:
0x150EC6

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.1021

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.3 MB (1,372,160 bytes)

The file Client.exe has been discovered within the following programs.

“RocketTab”  by Adknowledge
RocketTab is a web browser extension that injects display advertising in the user's browser. Ads are displayed in the form of banners and contextual text-links and are both injected in white space areas of the HTML page or over existing ads of the underlying web site.
85% remove it
Rockettab  by Rich River Media, LLC
RocketTab is an adware program that injects advertising in the user's web browser by creating a local proxy server and routing all Internet traffic through that proxy. By re-routing traffic the service will be able to include various ads in the HTML of the displaying web page.
rockettab.com
88% remove it
RocketTab:  by Adknowledge, Inc.
RocketTab is an advertising supported browser extension also known as adware and is designed to deliver ads to the user's Internet browser as banners, context text-links and transitionals ads. The injected ads are not affiliated with the underlying website on which they appear.
www.adknowledge.com
87% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to bn2ap002.device.ra.live.com  (40.77.228.74:443)

TCP (HTTP SSL):
Connects to a23-58-37-110.deploy.static.akamaitechnologies.com  (23.58.37.110:443)

TCP (HTTP SSL):
Connects to a-0011.a-msedge.net  (204.79.197.213:443)

TCP (HTTP SSL):
Connects to a23-58-53-127.deploy.static.akamaitechnologies.com  (23.58.53.127:443)

TCP (HTTP SSL):
Connects to a23-58-70-92.deploy.static.akamaitechnologies.com  (23.58.70.92:443)

TCP (HTTP SSL):
Connects to a23-58-30-86.deploy.static.akamaitechnologies.com  (23.58.30.86:443)

TCP (HTTP):
Connects to server-54-192-29-248.dub2.r.cloudfront.net  (54.192.29.248:80)

TCP (HTTP SSL):
Connects to msnbot-157-55-109-228.search.msn.com  (157.55.109.228:443)

TCP (HTTP SSL):
Connects to snt405-m.hotmail.com  (65.55.68.120:443)

TCP (HTTP SSL):
Connects to ieonlinews.microsoft.com  (131.253.34.240:443)

TCP (HTTP SSL):
Connects to a23-67-8-208.deploy.static.akamaitechnologies.com  (23.67.8.208:443)

TCP (HTTP):
Connects to server-52-84-246-17.sfo20.r.cloudfront.net  (52.84.246.17:80)

TCP (HTTP):
Connects to ec2-174-129-252-137.compute-1.amazonaws.com  (174.129.252.137:80)

TCP (HTTP SSL):
Connects to a23-50-84-148.deploy.static.akamaitechnologies.com  (23.50.84.148:443)

TCP (HTTP):
Connects to server-54-230-216-53.mrs50.r.cloudfront.net  (54.230.216.53:80)

TCP (HTTP):
Connects to server-54-230-216-41.mrs50.r.cloudfront.net  (54.230.216.41:80)

TCP (HTTP):
Connects to server-54-230-216-39.mrs50.r.cloudfront.net  (54.230.216.39:80)

TCP (HTTP):
Connects to server-54-230-216-102.mrs50.r.cloudfront.net  (54.230.216.102:80)

TCP (HTTP):
Connects to server-52-84-246-101.sfo20.r.cloudfront.net  (52.84.246.101:80)

TCP (HTTP SSL):
Connects to msnbot-157-55-109-230.search.msn.com  (157.55.109.230:443)

Remove Client.exe - Powered by Reason Core Security