home

client.exe

The application client.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Rockettab by Rich River Media, LLC and “RocketTab” by Adknowledge, both potentially unwanted software.
MD5:
d51470f1509c09af9e53701397be195d

SHA-1:
d62b4fbcf359b43df95577fb9df721cccbf7caf8

SHA-256:
2e43701c6df65e83a906be886e8e08b3a751b7d68619ea4ac6cc4f9ef1c2b0c9

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 10:47:04 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/iBryte.Gen4
7.11.201.124

Baidu Antivirus
Adware.MSIL.iBryte
4.0.3.15116

ESET NOD32
MSIL/Adware.iBryte (variant)
9.11015

McAfee
Artemis!D51470F1509C
5600.6884

Reason Heuristics
Threat.Win.Reputation.IMP
15.1.16.3

Rising Antivirus
PE:Trojan.FakeIcon!1.64A5
23.00.65.15114

Sophos
Mal/Wintrim-A
4.98

Trend Micro House Call
TROJ_GEN.R0C1H08AE15
7.2.16

File size:
2.4 MB (2,555,392 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\search extensions\client.exe

File PE Metadata
Compilation timestamp:
1/14/2015 5:13:29 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:T9TtWPt/jGXPqFYF1jx+n6E4i1CzWhlwwrlbzeNgltvW7ZFPskKpuGx5kfHDyoD/:T9TkNjuqCOZAEJBeeSZux54tvEEihI

Entry address:
0xB9F7

Entry point:
E8, B3, 33, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 24, FD, 48, 00, FF, 15, 60, F0, 41, 00, 85, C0, 75, 18, 56, E8, 65, 34, 00, 00, 8B, F0, FF, 15, 5C, F0, 41, 00, 50, E8, 15, 34, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, C1, 83, 60, 04, 00, C7, 00, 0C, 88, 48, 00, C6, 40, 08, 00, C3, 8B, FF, 55, 8B, EC, 8B, C1, 8B, 4D, 08, C7, 00, 0C, 88, 48, 00, 8B, 09, 89, 48, 04, C6, 40, 08, 00, 5D, C2, 08, 00, 8B, 41, 04, 85, C0, 75, 05, B8, 14, 88, 48, 00, C3, 8B...
 
[+]

Code size:
119 KB (121,856 bytes)

The file client.exe has been discovered within the following programs.

“RocketTab”  by Adknowledge
RocketTab is a web browser extension that injects display advertising in the user's browser. Ads are displayed in the form of banners and contextual text-links and are both injected in white space areas of the HTML page or over existing ads of the underlying web site.
85% remove it
Rockettab  by Rich River Media, LLC
RocketTab is an adware program that injects advertising in the user's web browser by creating a local proxy server and routing all Internet traffic through that proxy. By re-routing traffic the service will be able to include various ads in the HTML of the displaying web page.
rockettab.com
88% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-221-252-20.compute-1.amazonaws.com  (54.221.252.20:80)

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP SSL):
Connects to msnbot-65-55-252-43.search.msn.com  (65.55.252.43:443)

TCP (HTTP):
Connects to ec2-54-69-82-117.us-west-2.compute.amazonaws.com  (54.69.82.117:80)

TCP (HTTP):
Connects to ec2-54-221-254-214.compute-1.amazonaws.com  (54.221.254.214:80)

TCP (HTTP):
Connects to ec2-52-10-34-114.us-west-2.compute.amazonaws.com  (52.10.34.114:80)

TCP (HTTP):
Connects to server-52-85-33-240.mnl50.r.cloudfront.net  (52.85.33.240:80)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:443)

TCP (HTTP SSL):
Connects to msnbot-65-52-108-154.search.msn.com  (65.52.108.154:443)

TCP (HTTP):
Connects to ec2-54-243-128-145.compute-1.amazonaws.com  (54.243.128.145:80)

TCP (HTTP):
Connects to ec2-54-235-95-208.compute-1.amazonaws.com  (54.235.95.208:80)

TCP (HTTP):
Connects to ec2-54-191-59-48.us-west-2.compute.amazonaws.com  (54.191.59.48:80)

TCP (HTTP):
Connects to ec2-50-112-255-27.us-west-2.compute.amazonaws.com  (50.112.255.27:80)

TCP (HTTP):
Connects to ec2-23-23-224-210.compute-1.amazonaws.com  (23.23.224.210:80)

TCP (HTTP):
Connects to ec2-23-23-122-91.compute-1.amazonaws.com  (23.23.122.91:80)

TCP (HTTP):
Connects to a23-43-75-27.deploy.static.akamaitechnologies.com  (23.43.75.27:80)

TCP (HTTP):
Connects to a23-43-69-163.deploy.static.akamaitechnologies.com  (23.43.69.163:80)

TCP (HTTP):
Connects to 50.115.122.46.static.westdc.net  (50.115.122.46:80)

TCP (HTTP):
Connects to 141.ip-51-255-168.eu  (51.255.168.141:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-lga1.fbcdn.net  (31.13.71.7:443)

Remove client.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.