home

client.exe

The application client.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 1090 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
MD5:
1a8fd7ba542e25d94e413193d0c6eaa9

SHA-1:
c7156ded711e87c9314b30e2a3af342b4f9820ae

SHA-256:
b482eb582e763dc7b6780b31c7e8d17272dda86dcbea5b31065b504fd2f2a60a

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 1:35:49 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.164387
5821412

avast!
Win32:Adware-CBG [PUP]
2014.9-141130

Bitdefender
Gen:Variant.Adware.Graftor.164387
1.0.20.1625

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.164387
9.0.0.4570

F-Secure
Gen:Variant.Adware.Graftor.164387
11.2014-21-11_6

G Data
Gen:Variant.Adware.Graftor.164387
14.11.24

McAfee
Artemis!45804C006E6C
5600.6931

MicroWorld eScan
Gen:Variant.Adware.Graftor.164387
15.0.0.975

Panda Antivirus
Trj/Genetic.gen
14.11.30.12

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.11.30.0

Sophos
iBryte Desktop
4.98

Trend Micro House Call
TROJ_GEN.R047H09KS14
7.2.334

VIPRE Antivirus
Trojan.Win32.Generic
35260

File size:
5.5 MB (5,812,224 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\search extensions\client.exe

File PE Metadata
Compilation timestamp:
11/21/2014 8:19:15 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:DfDckiFR7w9zHRrOyt/VezvPJUPVyuhOXVhc4AcX+5SgVrZntCfLkShIhx9Jkr/L:

Entry address:
0x1E8F

Entry point:
E8, 3B, 27, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, AC, 87, 98, 00, FF, 15, 3C, 80, 40, 00, 85, C0, 75, 18, 56, E8, ED, 27, 00, 00, 8B, F0, FF, 15, 38, 80, 40, 00, 50, E8, 9D, 27, 00, 00, 59, 89, 06, 5E, 5D, C3, 6A, 0C, 68, B0, A4, 40, 00, E8, 01, 25, 00, 00, 6A, 0E, E8, ED, 2A, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 00, 7C, 98, 00, BA, FC, 7B, 98, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A...
 
[+]

Entropy:
4.2263

Code size:
25.5 KB (26,112 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:1090/

Local host port:
1090

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-243-193-137.compute-1.amazonaws.com  (54.243.193.137:80)

TCP (HTTP):
Connects to ec2-54-225-130-198.compute-1.amazonaws.com  (54.225.130.198:80)

TCP (HTTP):
Connects to ec2-107-22-247-55.compute-1.amazonaws.com  (107.22.247.55:80)

TCP (HTTP SSL):
Connects to a23-33-61-216.deploy.static.akamaitechnologies.com  (23.33.61.216:443)

Remove client.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.