client.exe

The application client.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 49327 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program Rockettab by Rich River Media, LLC which is a potentially unwanted software program.
MD5:
9d77cf7ee316407e6a98ccee758b865f

SHA-1:
cc393370cc4405bcf5ac558d1f992ebf0d3aee41

SHA-256:
b9d8d6495c9f0d2cb229a474cc1dc178d33374688f102d118a47a3577c78752e

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 4:40:23 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/iBryte.Gen4
7.11.205.146

Baidu Antivirus
Adware.MSIL.iBryte
4.0.3.15130

Comodo Security
ApplicUnwnt
20870

ESET NOD32
MSIL/Adware.iBryte (variant)
9.11084

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
15.1.30.6

Rising Antivirus
PE:Trojan.FakeIcon!1.64A5
23.00.65.15128

Sophos
Mal/Wintrim-A
4.98

File size:
2.5 MB (2,651,648 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\search extensions\client.exe

File PE Metadata
Compilation timestamp:
1/27/2015 3:30:58 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:cc+DMicSJMtsMvR4lXqu7fwCYS+bJifgMvfHRe/N7cSe2UIJFsRzSJwLkKaBu2iN:cc6VJTMVCsWr8Nh0i0kEs97sqom0

Entry address:
0xDC77

Entry point:
E8, B3, 33, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, E4, 6C, 4A, 00, FF, 15, 60, 10, 42, 00, 85, C0, 75, 18, 56, E8, 65, 34, 00, 00, 8B, F0, FF, 15, 5C, 10, 42, 00, 50, E8, 15, 34, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, C1, 83, 60, 04, 00, C7, 00, 28, FA, 49, 00, C6, 40, 08, 00, C3, 8B, FF, 55, 8B, EC, 8B, C1, 8B, 4D, 08, C7, 00, 28, FA, 49, 00, 8B, 09, 89, 48, 04, C6, 40, 08, 00, 5D, C2, 08, 00, 8B, 41, 04, 85, C0, 75, 05, B8, 30, FA, 49, 00, C3, 8B...
 
[+]

Code size:
127.5 KB (130,560 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49327/

Local host port:
49327

Default credentials:
No


The file client.exe has been discovered within the following program.

Rockettab  by Rich River Media, LLC
RocketTab is an adware program that injects advertising in the user's web browser by creating a local proxy server and routing all Internet traffic through that proxy. By re-routing traffic the service will be able to include various ads in the HTML of the displaying web page.
rockettab.com
88% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to xml.es1.dc.weather.com  (96.8.82.129:80)

TCP:
Connects to wi-in-f188.1e100.net  (173.194.67.188:5228)

TCP (HTTP SSL):
Connects to streamerapi1.finance.vip.gq1.yahoo.com  (206.190.39.219:443)

TCP (HTTP SSL):
Connects to streamerapi1.finance.vip.bf1.yahoo.com  (69.147.76.93:443)

TCP (HTTP SSL):
Connects to server-54-230-97-101.arn1.r.cloudfront.net  (54.230.97.101:443)

TCP (HTTP):
Connects to float.767.bm-impbus.prod.ams1.adnexus.net  (37.252.162.66:80)

TCP (HTTP):
Connects to float.1883.bm-impbus.prod.ams1.adnexus.net  (37.252.162.137:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-ams3.facebook.com  (31.13.91.2:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-ams2.facebook.com  (31.13.64.1:443)

TCP (HTTP):
Connects to ec2-54-83-201-209.compute-1.amazonaws.com  (54.83.201.209:80)

TCP (HTTP):
Connects to ec2-54-77-76-190.eu-west-1.compute.amazonaws.com  (54.77.76.190:80)

TCP (HTTP):
Connects to ec2-54-243-116-107.compute-1.amazonaws.com  (54.243.116.107:80)

TCP (HTTP):
Connects to ec2-54-204-15-60.compute-1.amazonaws.com  (54.204.15.60:80)

TCP (HTTP):
Connects to dl12.clickmein.com  (50.7.133.50:80)

TCP (HTTP SSL):
Connects to ash-rb4-14c.sjc.dropbox.com  (108.160.170.47:443)

TCP (HTTP SSL):
Connects to arn09s05-in-f2.1e100.net  (216.58.209.130:443)

TCP (HTTP SSL):
Connects to arn06s07-in-f3.1e100.net  (216.58.209.99:443)

TCP (HTTP):
Connects to aclm-slb-p6.atlanta.hp.com  (15.193.0.148:80)

TCP (HTTP):

Remove client.exe - Powered by Reason Core Security