client.exe

The application client.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Rockettab by Rich River Media, LLC and “RocketTab” by Adknowledge, both potentially unwanted software.
MD5:
503ec5820ea124c9c96ef5241c7056b7

SHA-1:
99d73d5eebad4267bd18a43ed4b6d994c36694f2

SHA-256:
57b66304b4c797fc37c9c1d9e6468011419252aedb295afe98cb373bc9d7e082

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 7:53:45 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.164387
5821412

avast!
Win32:Adware-CBG [PUP]
2014.9-141130

Bitdefender
Gen:Variant.Adware.Graftor.164387
1.0.20.1625

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.164387
9.0.0.4570

F-Secure
Gen:Variant.Adware.Graftor.164387
11.2014-21-11_6

G Data
Gen:Variant.Adware.Graftor.164387
14.11.24

McAfee
Artemis!45804C006E6C
5600.6931

MicroWorld eScan
Gen:Variant.Adware.Graftor.164387
15.0.0.975

Panda Antivirus
Trj/Genetic.gen
14.11.30.12

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.11.30.0

Sophos
iBryte Desktop
4.98

Trend Micro House Call
TROJ_GEN.R047H09KS14
7.2.334

VIPRE Antivirus
Trojan.Win32.Generic
35260

File size:
5.5 MB (5,812,224 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\search extensions\client.exe

File PE Metadata
Compilation timestamp:
11/21/2014 5:36:38 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:GRbbbExHT9rbOU6vajfauQ23GkYk9Oh0qS4:obbbExJCU6va7auQ23GkYk900qp

Entry address:
0x1E9F

Entry point:
E8, 3B, 27, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, AC, 87, 98, 00, FF, 15, 3C, 80, 40, 00, 85, C0, 75, 18, 56, E8, ED, 27, 00, 00, 8B, F0, FF, 15, 38, 80, 40, 00, 50, E8, 9D, 27, 00, 00, 59, 89, 06, 5E, 5D, C3, 6A, 0C, 68, B0, A4, 40, 00, E8, 01, 25, 00, 00, 6A, 0E, E8, ED, 2A, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 00, 7C, 98, 00, BA, FC, 7B, 98, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A...
 
[+]

Code size:
25.5 KB (26,112 bytes)

The file client.exe has been discovered within the following programs.

“RocketTab”  by Adknowledge
RocketTab is a web browser extension that injects display advertising in the user's browser. Ads are displayed in the form of banners and contextual text-links and are both injected in white space areas of the HTML page or over existing ads of the underlying web site.
85% remove it
Rockettab  by Rich River Media, LLC
RocketTab is an adware program that injects advertising in the user's web browser by creating a local proxy server and routing all Internet traffic through that proxy. By re-routing traffic the service will be able to include various ads in the HTML of the displaying web page.
rockettab.com
88% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to a23-194-84-166.deploy.static.akamaitechnologies.com  (23.194.84.166:443)

TCP (HTTP):
Connects to ec2-54-235-170-110.compute-1.amazonaws.com  (54.235.170.110:80)

TCP (HTTP):
Connects to ec2-50-17-224-168.compute-1.amazonaws.com  (50.17.224.168:80)

TCP (HTTP SSL):
Connects to a23-194-104-20.deploy.static.akamaitechnologies.com  (23.194.104.20:443)

TCP (HTTP SSL):
Connects to yts2.yql.vip.ne1.yahoo.com  (98.138.243.53:443)

TCP (HTTP):
Connects to sfo-mta-31.taggedmail.com  (67.221.174.31:80)

TCP (HTTP):
Connects to sfo-mta-24.taggedmail.com  (67.221.174.24:80)

TCP (HTTP SSL):
Connects to sea15s01-in-f0.1e100.net  (216.58.216.128:443)

TCP (HTTP SSL):
Connects to sea09s18-in-f0.1e100.net  (173.194.33.160:443)

TCP (HTTP SSL):
Connects to s3-1-w.amazonaws.com  (54.231.33.73:443)

TCP (HTTP):
Connects to r1.ycpi.vip.sjb.yahoo.net  (206.190.61.106:80)

TCP (HTTP SSL):
Connects to r1.ycpi.vip.ne1.yahoo.net  (98.138.81.72:443)

TCP (HTTP SSL):
Connects to r1.ycpi.vip.lax.yahoo.net  (216.115.107.206:443)

TCP (HTTP SSL):
Connects to pr.pbp.vip.gq1.yahoo.com  (216.39.54.212:443)

TCP (HTTP SSL):
Connects to pr.comet.vip.ne1.yahoo.com  (98.138.79.73:443)

TCP (HTTP):
Connects to pprd1-rtr1.manhattan.vip.gq1.yahoo.com  (98.136.223.38:80)

TCP (HTTP):
Connects to mpr2.ngd.vip.ne1.yahoo.com  (98.138.49.43:80)

TCP (HTTP SSL):
Connects to mpr1.ngd.vip.ne1.yahoo.com  (98.138.49.42:443)

TCP (HTTP SSL):
Connects to l3.ycs.vip.sjb.yahoo.com  (206.190.60.139:443)

TCP (HTTP SSL):
Connects to l1.ycs.vip.sjb.yahoo.com  (206.190.60.138:443)

Remove client.exe - Powered by Reason Core Security