client.exe

ClientWrapper

The application client.exe has been detected as a potentially unwanted program by 14 anti-malware scanners.
Product:
ClientWrapper

Version:
1.0.5668.16525

MD5:
78b94e9c98056c8f96b3a4df603b2e15

SHA-1:
629fce89200054bbd40cef2a606835b2e7708c37

SHA-256:
27369f13b4dc94787acf22be55d306750288d31437f4691d39355754ce762e98

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 2:47:49 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.1288018
552

Avira AntiVirus
ADWARE/iBryte.Gen
8.3.1.6

Arcabit
Adware.Generic.D13A752
1.0.0.425

avast!
Win32:Dropper-gen [Drp]
2014.9-150801

Bitdefender
Adware.Generic.1288018
1.0.20.1065

Emsisoft Anti-Malware
Adware.Generic.1288018
8.15.08.01.12

Fortinet FortiGate
W32/IBryte_Optimum_Installer!tr
8/1/2015

F-Secure
Adware.Generic.1288018
11.2015-01-08_7

G Data
Adware.Generic.1288018
15.8.25

McAfee
GeniusBox!78B94E9C9805
5600.6686

MicroWorld eScan
Adware.Generic.1288018
16.0.0.639

Panda Antivirus
Trj/CI.A
15.08.01.12

Trend Micro
TROJ_GEN.R0C1C0OGN15
10.465.01

File size:
77 KB (78,848 bytes)

Product version:
1.0.5668.16525

Copyright:
Copyright © 2015

Original file name:
ClientWrapper.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\user extensions\client.exe

File PE Metadata
Compilation timestamp:
7/9/2015 3:11:42 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:07ry8+xC7cj09H7xVI6QktAUWu1/+zx3vjjWmSgCN4jpOs:ory8+bf4AzY/sv3xSgC4Os

Entry address:
0x1495E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9096

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
74.5 KB (76,288 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-221-254-214.compute-1.amazonaws.com  (54.221.254.214:80)

TCP (HTTP):
Connects to ec2-50-17-224-168.compute-1.amazonaws.com  (50.17.224.168:80)

TCP (HTTP):
Connects to server-54-192-55-194.jfk6.r.cloudfront.net  (54.192.55.194:80)

TCP (HTTP SSL):
Connects to ec2-52-72-157-241.compute-1.amazonaws.com  (52.72.157.241:443)

TCP (HTTP):
Connects to ec2-50-19-232-40.compute-1.amazonaws.com  (50.19.232.40:80)

TCP (HTTP):
Connects to ec2-23-23-122-91.compute-1.amazonaws.com  (23.23.122.91:80)

TCP (HTTP):
Connects to ec2-23-21-77-170.compute-1.amazonaws.com  (23.21.77.170:80)

TCP (HTTP):
Connects to a23-196-96-124.deploy.static.akamaitechnologies.com  (23.196.96.124:80)

TCP (HTTP SSL):
Connects to a104-92-4-142.deploy.static.akamaitechnologies.com  (104.92.4.142:443)

TCP (HTTP):
Connects to a104-91-251-12.deploy.static.akamaitechnologies.com  (104.91.251.12:80)

TCP (HTTP):
Connects to 209.67.99.100.wildtangent.com  (209.67.99.100:80)

TCP (HTTP):
Connects to ec2-54-235-170-110.compute-1.amazonaws.com  (54.235.170.110:80)

TCP (HTTP):
Connects to a23-219-163-49.deploy.static.akamaitechnologies.com  (23.219.163.49:80)

Remove client.exe - Powered by Reason Core Security