Client.exe

This executable runs as a local area network (LAN) Internet proxy server listening on port 49321.
Version:
1.0.5584.23405

MD5:
7b7bd69cd4256e0dc480c3d35f97d28c

SHA-1:
ba59d297f8d834a5a24d56a9ce430aab79e9f24d

SHA-256:
1e7706b20f578095dee2b283aee86ceae7d80a599830df23b0de9f211d418ca1

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/26/2024 10:11:16 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Trojan.Application-1873
0.98/23042

ESET NOD32
MSIL/Adware.iBryte.F application
6.3.12010.0

File size:
861.6 KB (882,315 bytes)

Product version:
1.0.5584.23405

Original file name:
Client.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\user extensions\client.exe

File PE Metadata
Compilation timestamp:
4/16/2015 10:00:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0xD8B3A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3333

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
859 KB (879,616 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49321/

Local host port:
49321

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-84-126-166.iad16.r.cloudfront.net  (52.84.126.166:80)

TCP (HTTP):
Connects to server-52-84-125-156.iad16.r.cloudfront.net  (52.84.125.156:80)

TCP (HTTP):
Connects to server-52-84-125-114.iad16.r.cloudfront.net  (52.84.125.114:80)

TCP (HTTP):
Connects to s3-1.amazonaws.com  (52.216.224.115:80)

TCP (HTTP):
Connects to ec2-54-235-186-78.compute-1.amazonaws.com  (54.235.186.78:80)

TCP (HTTP):
Connects to ec2-54-221-254-214.compute-1.amazonaws.com  (54.221.254.214:80)

TCP (HTTP):
Connects to ec2-54-164-237-181.compute-1.amazonaws.com  (54.164.237.181:80)

TCP (HTTP):
Connects to ec2-52-5-187-144.compute-1.amazonaws.com  (52.5.187.144:80)

TCP (HTTP):
Connects to ec2-52-45-125-171.compute-1.amazonaws.com  (52.45.125.171:80)

TCP (HTTP):
Connects to ec2-52-21-28-20.compute-1.amazonaws.com  (52.21.28.20:80)

TCP (HTTP):
Connects to ec2-52-206-93-196.compute-1.amazonaws.com  (52.206.93.196:80)

TCP (HTTP):
Connects to ec2-184-73-208-133.compute-1.amazonaws.com  (184.73.208.133:80)

TCP (HTTP):
Connects to a23-43-165-128.deploy.static.akamaitechnologies.com  (23.43.165.128:80)

TCP (HTTP):

TCP (HTTP):
Connects to a104-97-118-227.deploy.static.akamaitechnologies.com  (104.97.118.227:80)

TCP (HTTP SSL):
Connects to 209-150-80-76.static.twtelecom.net  (209.150.80.76:443)

TCP (HTTP):
Connects to 208.185.50.30.IPYX-063360-004-ZYO.zip.zayo.com  (208.185.50.30:80)

Scan Client.exe - Powered by Reason Core Security