Client.exe

The application Client.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 49285 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Version:
1.0.5435.15511

MD5:
b2fb0721858bc906d55f97b6009af447

SHA-1:
c7d0c619829368171a6390477ecb709569e4a4bf

SHA-256:
cf1a7f59612f01a72e799d05379239bc65e50312bc376339e0d28307f4a9c409

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 6:37:41 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:IBryte-EP [PUP]
2014.9-141119

Baidu Antivirus
Adware.MSIL.iBryte
4.0.3.141119

ESET NOD32
MSIL/Adware.iBryte (variant)
8.10742

F-Prot
W32/A-425915ce
v6.4.7.1.166

McAfee
Adware-RocketTab
5600.6941

File size:
1.4 MB (1,437,696 bytes)

Product version:
1.0.5435.15511

Original file name:
Client.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\search extensions\client.exe

File PE Metadata
Compilation timestamp:
11/18/2014 9:37:21 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:lBob4jTTWvoawX6srj6JSR51zBwZT9dLP6wlXq3C:Xljr6JSRKt

Entry address:
0x15625E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.1102

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.3 MB (1,393,664 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49285/

Local host port:
49285

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-23-23-122-91.compute-1.amazonaws.com  (23.23.122.91:80)

TCP (HTTP):
Connects to ec2-54-221-254-214.compute-1.amazonaws.com  (54.221.254.214:80)

TCP:
Connects to wg-in-f188.1e100.net  (173.194.78.188:5228)

TCP (HTTP SSL):
Connects to mailderef.gmx.com  (195.20.250.25:443)

TCP (HTTP SSL):
Connects to lhr14s24-in-f5.1e100.net  (74.125.230.101:443)

TCP (HTTP SSL):
Connects to lhr14s24-in-f3.1e100.net  (74.125.230.99:443)

TCP (HTTP SSL):
Connects to lhr14s24-in-f26.1e100.net  (74.125.230.122:443)

TCP (HTTP SSL):
Connects to lhr14s24-in-f25.1e100.net  (74.125.230.121:443)

TCP (HTTP SSL):
Connects to lhr14s24-in-f13.1e100.net  (74.125.230.109:443)

TCP (HTTP):
Connects to ec2-54-83-201-51.compute-1.amazonaws.com  (54.83.201.51:80)

TCP (HTTP):
Connects to ec2-54-235-170-110.compute-1.amazonaws.com  (54.235.170.110:80)

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to a72-246-184-23.deploy.akamaitechnologies.com  (72.246.184.23:80)

TCP (HTTP SSL):
Connects to a2-16-115-234.deploy.akamaitechnologies.com  (2.16.115.234:443)

TCP (HTTP SSL):
Connects to 3c-bs.gmx.com  (217.72.201.130:443)

TCP (HTTP):
Connects to 149-210-169-43.colo.transip.net  (149.210.169.43:80)

Remove Client.exe - Powered by Reason Core Security