Client.exe

Joltlogic

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application Client.exe by Joltlogic has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This executable runs as a local area network (LAN) Internet proxy server listening on port 52082 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
Joltlogic  (signed and verified)

Version:
1.0.5463.19915

MD5:
382a62135cc01adab9a002774e2aa439

SHA-1:
bc9708c814d66b5c74a66c345e11e4041d81275f

SHA-256:
833d421be6a4355f84d87e5cfe25cbd3f6c9c6aeac1a1b50759561e75efdd987

Scanner detections:
6 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/2/2024 1:37:50 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:IBryte-FV [PUP]
141214-1

AVG
Generic
2015.0.3258

ESET NOD32
MSIL/Adware.iBryte.F application
7.0.302.0

F-Secure
Riskware.Gen:Variant.Application.Bundler
5.13.68

Reason Heuristics
PUP.Joltlogic.G
14.12.16.14

VIPRE Antivirus
Threat.4798837
35418

File size:
853.4 KB (873,832 bytes)

Product version:
1.0.5463.19915

Original file name:
Client.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\geniusbox\client.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/15/2014 8:00:00 PM

Valid to:
7/16/2015 7:59:59 PM

Subject:
CN=Joltlogic, O=Joltlogic, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
5EE011413A702F6705B25B34B674F3AB

File PE Metadata
Compilation timestamp:
12/16/2014 6:04:13 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:V9pY38fjxwm5iDYXbwxre7PHlrbwbnYlSeuBJdTt6JS8dDpLQDNkMgk:VLYs7xTXbwxreTDduBJb6JSmh0Nkd

Entry address:
0xD59E6

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, D0, 02, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 50, 00, 00, 00, 5C, 60, 0D, 00, 74, 02, 00, 00, 00, 00, 00, 00, 74, 02, 34, 00, 00, 00, 56, 00, 53, 00...
 
[+]

Entropy:
6.3493

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
846.5 KB (866,816 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:52082/

Local host port:
52082

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to e1.ycpi.vip.nya.yahoo.com  (69.147.82.60:443)

TCP (HTTP SSL):
Connects to mpr2.ngd.vip.bf1.yahoo.com  (98.139.225.43:443)

TCP (HTTP SSL):
Connects to ir1.fp.vip.bf1.yahoo.com  (98.139.180.149:443)

TCP (HTTP):
Connects to ec2-52-206-2-43.compute-1.amazonaws.com  (52.206.2.43:80)

TCP (HTTP):
Connects to cdn-208-111-128-7.lga.llnw.net  (208.111.128.7:80)

TCP (HTTP SSL):
Connects to msnbot-65-55-252-43.search.msn.com  (65.55.252.43:443)

TCP (HTTP):
Connects to ec2-54-221-254-214.compute-1.amazonaws.com  (54.221.254.214:80)

TCP (HTTP):
Connects to ec2-50-17-224-168.compute-1.amazonaws.com  (50.17.224.168:80)

TCP (HTTP):
Connects to ec2-23-23-85-47.compute-1.amazonaws.com  (23.23.85.47:80)

TCP (HTTP):
Connects to ec2-23-23-80-186.compute-1.amazonaws.com  (23.23.80.186:80)

TCP (HTTP):
Connects to ec2-23-23-144-228.compute-1.amazonaws.com  (23.23.144.228:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to a104-88-89-135.deploy.static.akamaitechnologies.com  (104.88.89.135:443)

TCP (HTTP):

TCP (HTTP):
Connects to 67-219-146-17  (67.219.146.170:80)

TCP (HTTP):
Connects to video.dc6.vcmedia.com  (8.18.45.89:80)

TCP (HTTP):
Connects to sjd-rd12-8d.sjc.dropbox.com  (108.160.167.180:80)

TCP (HTTP):
Connects to server-54-230-51-127.jfk5.r.cloudfront.net  (54.230.51.127:80)

TCP (HTTP):
Connects to server-54-230-51-113.jfk5.r.cloudfront.net  (54.230.51.113:80)

TCP (HTTP SSL):
Connects to server-54-230-49-200.jfk5.r.cloudfront.net  (54.230.49.200:443)

Remove Client.exe - Powered by Reason Core Security