Client.exe

The application Client.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup.
Version:
1.0.5576.24973

MD5:
b3f7923bc4d7194e35fda6bdaaf7a0cb

SHA-1:
8e6537b36401ee6fbadec86f82855afd466481f4

SHA-256:
64f8fe78cd5a748614ddc237c14f92d45811c4cabab5d475bbd974cff0051009

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 12:23:05 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Potentially harmful program Downloader.FMB
2013.0.4756

Clam AntiVirus
Win.Trojan.Ibryte-8769
0.98/23166

Dr.Web
Trojan.DownLoader18.39102
9.0.1.05190

ESET NOD32
MSIL/Adware.iBryte.F application
6.3.12010.0

F-Secure
Riskware.Application.Generic.1239271
5.16.24

Microsoft Security Essentials
Trojan:Win32/Fuery.B!cl
1.237.565.0

File size:
861.6 KB (882,297 bytes)

Product version:
1.0.5576.24973

Original file name:
Client.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\user extensions\client.exe

File PE Metadata
Compilation timestamp:
4/8/2015 10:52:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0xD8B4A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3336

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
859 KB (879,616 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-221-254-214.compute-1.amazonaws.com  (54.221.254.214:80)

TCP (HTTP):
Connects to ec2-54-235-170-110.compute-1.amazonaws.com  (54.235.170.110:80)

TCP (HTTP SSL):
Connects to any-in-2014.1e100.net  (216.239.32.20:443)

TCP (HTTP):
Connects to a104-96-210-207.deploy.static.akamaitechnologies.com  (104.96.210.207:80)

TCP (HTTP SSL):
Connects to server-54-230-51-148.jfk5.r.cloudfront.net  (54.230.51.148:443)

TCP (HTTP SSL):
Connects to server-54-192-36-92.jfk1.r.cloudfront.net  (54.192.36.92:443)

TCP (HTTP SSL):
Connects to server-54-192-36-148.jfk1.r.cloudfront.net  (54.192.36.148:443)

TCP (HTTP SSL):
Connects to server-52-84-33-82.ewr50.r.cloudfront.net  (52.84.33.82:443)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.40.187:80)

TCP (HTTP):
Connects to ec2-54-83-200-155.compute-1.amazonaws.com  (54.83.200.155:80)

TCP (HTTP):
Connects to ec2-23-23-122-91.compute-1.amazonaws.com  (23.23.122.91:80)

TCP (HTTP):
Connects to ec2-174-129-225-40.compute-1.amazonaws.com  (174.129.225.40:80)

TCP (HTTP SSL):
Connects to any-in-2041.1e100.net  (216.239.32.65:443)

TCP (HTTP):
Connects to server-52-84-33-54.ewr50.r.cloudfront.net  (52.84.33.54:80)

TCP (HTTP):
Connects to lasvegas-nv-datacenter.com  (64.235.37.96:80)

TCP (HTTP):
Connects to ec2-50-17-224-168.compute-1.amazonaws.com  (50.17.224.168:80)

TCP (HTTP):
Connects to ec2-50-16-186-182.compute-1.amazonaws.com  (50.16.186.182:80)

TCP (HTTP):
Connects to ec2-23-23-85-47.compute-1.amazonaws.com  (23.23.85.47:80)

TCP (HTTP):
Connects to ec2-23-23-166-158.compute-1.amazonaws.com  (23.23.166.158:80)

TCP (HTTP):
Connects to ec2-23-23-102-70.compute-1.amazonaws.com  (23.23.102.70:80)

Remove Client.exe - Powered by Reason Core Security