Client.exe

Inertware

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application Client.exe by Inertware has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. Additionally, the file is typically installed by a number of programs including RocketTab: by Adknowledge, Inc. and “RocketTab” by Adknowledge, both potentially unwanted software.
Publisher:
Inertware  (signed and verified)

Version:
1.0.5370.12627

MD5:
e1572dc8ec81c9463b75fd88da678419

SHA-1:
ac8184c6625b30bbcdb889c0dbf8226bd64e5d77

SHA-256:
d16e023ec62180d2ad8a019ac487ffa5c450639fca14395b2d4f708c3cd55274

Scanner detections:
3 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/2/2024 7:22:47 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.iBryte (variant)
8.10415

Reason Heuristics
Adware.RocketTab.Adknowledge
15.2.10.11

VIPRE Antivirus
AdKnowledge
33104

File size:
1.4 MB (1,422,048 bytes)

Product version:
1.0.5370.12627

Original file name:
Client.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
Language Neutral

Common path:
C:\Program Files\rockettab\client.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/13/2014 5:00:00 PM

Valid to:
7/14/2015 4:59:59 PM

Subject:
CN=Inertware, O=Inertware, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B17D2DC81A4AB47B03A1531303433731

File PE Metadata
Compilation timestamp:
9/14/2014 1:01:48 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:vOT5WSSel0NFilxlH3KVKAouU/B6JS02XuZep7vE2AWry0WUyFRknJJoO:mTvgilxlXK5E6JSMexvLi0tyFGnvoO

Entry address:
0x15185E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.1010

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.3 MB (1,374,720 bytes)

The file Client.exe has been discovered within the following programs.

“RocketTab”  by Adknowledge
RocketTab is a web browser extension that injects display advertising in the user's browser. Ads are displayed in the form of banners and contextual text-links and are both injected in white space areas of the HTML page or over existing ads of the underlying web site.
85% remove it
Rockettab  by Rich River Media, LLC
RocketTab is an adware program that injects advertising in the user's web browser by creating a local proxy server and routing all Internet traffic through that proxy. By re-routing traffic the service will be able to include various ads in the HTML of the displaying web page.
rockettab.com
88% remove it
RocketTab:  by Adknowledge, Inc.
RocketTab is an advertising supported browser extension also known as adware and is designed to deliver ads to the user's Internet browser as banners, context text-links and transitionals ads. The injected ads are not affiliated with the underlying website on which they appear.
www.adknowledge.com
87% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to wi-in-f95.1e100.net  (173.194.67.95:80)

TCP (HTTP SSL):
Connects to st-sh-us-dc1-003.s.dss.vg  (69.175.108.139:443)

TCP (HTTP):
Connects to sjd-rd12-8c.sjc.dropbox.com  (108.160.167.179:80)

TCP (HTTP):
Connects to server-54-230-3-160.lhr5.r.cloudfront.net  (54.230.3.160:80)

TCP (HTTP SSL):
Connects to server-54-230-2-25.lhr5.r.cloudfront.net  (54.230.2.25:443)

TCP (HTTP):
Connects to server-54-230-1-114.lhr5.r.cloudfront.net  (54.230.1.114:80)

TCP (HTTP SSL):
Connects to server-54-230-0-50.lhr5.r.cloudfront.net  (54.230.0.50:443)

TCP (HTTP SSL):
Connects to s3-1-w.amazonaws.com  (54.231.0.73:443)

TCP (HTTP SSL):
Connects to pc-in-f99.1e100.net  (74.125.28.99:443)

TCP (HTTP SSL):
Connects to pc-in-f103.1e100.net  (74.125.28.103:443)

TCP (HTTP SSL):
Connects to par10s10-in-f30.1e100.net  (173.194.40.158:443)

TCP (HTTP SSL):
Connects to ord08s13-in-f16.1e100.net  (173.194.46.112:443)

TCP (HTTP):
Connects to no-reverse-yet.3winfra.com  (185.56.30.9:80)

TCP (HTTP):
Connects to m321-mp1-cvx1b.lan.ntl.com  (62.252.169.65:80)

TCP (HTTP SSL):
Connects to lhr08s06-in-f17.1e100.net  (74.125.230.241:443)

TCP (HTTP):
Connects to ifd2.bubbledock.co.uk  (94.23.156.62:80)

TCP (HTTP SSL):
Connects to edge-star-shv-10-lga1.facebook.com  (31.13.71.144:443)

TCP (HTTP):
Connects to ec2-54-83-206-97.compute-1.amazonaws.com  (54.83.206.97:80)

TCP (HTTP):
Connects to ec2-54-243-56-0.compute-1.amazonaws.com  (54.243.56.0:80)

TCP (HTTP):
Connects to ec2-54-243-115-149.compute-1.amazonaws.com  (54.243.115.149:80)

Remove Client.exe - Powered by Reason Core Security