client.exe

The executable client.exe has been detected as malware by 1 anti-virus scanner. This file is typically installed with the program Rockettab by Rich River Media, LLC which is a potentially unwanted software program.
MD5:
23e2500dc838215c8f5c719141f0653d

SHA-1:
d1273baf3f5d4c286b214bc58726cf54b1a51674

SHA-256:
59a06423003bc7b5bb072e22d5fdfe7f399b01bd4202f4fcd20ab6a194b4740e

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/29/2024 4:21:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
15.3.25.17

File size:
2.5 MB (2,585,088 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\search extensions\client.exe

File PE Metadata
Compilation timestamp:
3/25/2015 6:47:05 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:VLbksJYTtaSFxo5uLRXfjygzYDA06zZm:V

Entry address:
0xD3C7

Entry point:
E8, B3, 33, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 04, DB, 49, 00, FF, 15, 60, 10, 42, 00, 85, C0, 75, 18, 56, E8, 65, 34, 00, 00, 8B, F0, FF, 15, 5C, 10, 42, 00, 50, E8, 15, 34, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, C1, 83, 60, 04, 00, C7, 00, 50, 6E, 49, 00, C6, 40, 08, 00, C3, 8B, FF, 55, 8B, EC, 8B, C1, 8B, 4D, 08, C7, 00, 50, 6E, 49, 00, 8B, 09, 89, 48, 04, C6, 40, 08, 00, 5D, C2, 08, 00, 8B, 41, 04, 85, C0, 75, 05, B8, 58, 6E, 49, 00, C3, 8B...
 
[+]

Code size:
125 KB (128,000 bytes)

The file client.exe has been discovered within the following program.

Rockettab  by Rich River Media, LLC
RocketTab is an adware program that injects advertising in the user's web browser by creating a local proxy server and routing all Internet traffic through that proxy. By re-routing traffic the service will be able to include various ads in the HTML of the displaying web page.
rockettab.com
88% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 76-110.furanet.com  (91.192.110.76:80)

TCP (HTTP):
Connects to 174-108.furanet.com  (91.192.108.174:80)

TCP (HTTP):
Connects to server-54-230-243-83.mel50.r.cloudfront.net  (54.230.243.83:80)

TCP (HTTP SSL):
Connects to any-in-2014.1e100.net  (216.239.32.20:443)

TCP (HTTP):
Connects to server-54-230-243-162.mel50.r.cloudfront.net  (54.230.243.162:80)

TCP (HTTP):
Connects to ec2-23-23-122-91.compute-1.amazonaws.com  (23.23.122.91:80)

TCP (HTTP):
Connects to cdn-117-121-253-253.syd.llnw.net  (117.121.253.253:80)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-syd2.fbcdn.net  (157.240.8.23:80)

TCP (HTTP):
Connects to server-54-230-243-223.mel50.r.cloudfront.net  (54.230.243.223:80)

TCP (HTTP):
Connects to server-54-230-243-199.mel50.r.cloudfront.net  (54.230.243.199:80)

TCP (HTTP):
Connects to server-54-230-243-165.mel50.r.cloudfront.net  (54.230.243.165:80)

TCP (HTTP):
Connects to edge-star-mini-shv-01-syd2.facebook.com  (157.240.8.35:80)

TCP:
Connects to ec2-54-76-219-80.eu-west-1.compute.amazonaws.com  (54.76.219.80:7800)

TCP (HTTP SSL):
Connects to ec2-54-229-81-144.eu-west-1.compute.amazonaws.com  (54.229.81.144:443)

TCP (HTTP):
Connects to ec2-54-225-145-152.compute-1.amazonaws.com  (54.225.145.152:80)

TCP (HTTP):
Connects to ec2-52-48-137-18.eu-west-1.compute.amazonaws.com  (52.48.137.18:80)

TCP (HTTP SSL):
Connects to ec2-52-20-120-15.compute-1.amazonaws.com  (52.20.120.15:443)

TCP (HTTP):
Connects to ec2-52-19-161-150.eu-west-1.compute.amazonaws.com  (52.19.161.150:80)

TCP (HTTP):
Connects to ec2-50-19-82-224.compute-1.amazonaws.com  (50.19.82.224:80)

TCP (HTTP SSL):
Connects to a23-215-201-225.deploy.static.akamaitechnologies.com  (23.215.201.225:443)

Remove client.exe - Powered by Reason Core Security