client.exe

ClientWrapper

Product:
ClientWrapper

Version:
1.0.5696.19118

MD5:
285158e986109d1524f281e4bd706d26

SHA-1:
e00573b82506b8f991c5419c1de48aa45250820e

SHA-256:
144cb46f627c0dd35143e6fd9b04d39002beff06b9356598124f9c27b8dc921c

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/25/2024 3:39:21 AM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
Trojan.Crypt.XPACK
t3scan.1.9.5.0

McAfee
GeniusBox!285158E98610
5600.6681

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Sophos
iBryte Optimum Installer (PUA)
4.98

File size:
75 KB (76,800 bytes)

Product version:
1.0.5696.19118

Copyright:
Copyright © 2015

Original file name:
ClientWrapper.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\user extensions\client.exe

File PE Metadata
Compilation timestamp:
8/6/2015 4:37:57 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:X0db0UMcUeksvu4Y7E43KBOOZCxarAounOiIY2y6B+E3p:X0dXMcDe4KE4NcrTuOrF

Entry address:
0x141DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 5C, 03, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 50, 00, 00, 00, 5C, 60, 01, 00, 00, 03, 00, 00, 00, 00, 00, 00, 00, 03...
 
[+]

Entropy:
5.9634

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
72.5 KB (74,240 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 174.127.83.137.static.midphase.com  (174.127.83.137:80)

TCP:
Connects to ya-in-f188.1e100.net  (173.194.219.188:5228)

TCP (HTTP):
Connects to ec2-54-225-149-2.compute-1.amazonaws.com  (54.225.149.2:80)

TCP (HTTP):
Connects to ec2-174-129-19-94.compute-1.amazonaws.com  (174.129.19.94:80)

TCP (HTTP):
Connects to ec2-107-21-96-129.compute-1.amazonaws.com  (107.21.96.129:80)

TCP (HTTP SSL):
Connects to yw-in-f139.1e100.net  (64.233.176.139:443)

TCP (HTTP SSL):
Connects to yv-in-f93.1e100.net  (74.125.21.93:443)

TCP (HTTP SSL):
Connects to yv-in-f91.1e100.net  (74.125.21.91:443)

TCP (HTTP SSL):
Connects to yv-in-f139.1e100.net  (74.125.21.139:443)

TCP (HTTP SSL):
Connects to yk-in-f190.1e100.net  (74.125.196.190:443)

TCP (HTTP SSL):
Connects to yk-in-f139.1e100.net  (74.125.196.139:443)

TCP:
Connects to yb-in-f188.1e100.net  (64.233.185.188:5228)

TCP (HTTP SSL):
Connects to yb-in-f138.1e100.net  (64.233.185.138:443)

TCP (HTTP SSL):
Connects to ya-in-f100.1e100.net  (173.194.219.100:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sjc2.fbcdn.net  (31.13.77.12:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-ord1.fbcdn.net  (31.13.74.7:443)

TCP (HTTP SSL):
Connects to wd5-pdx.myworkday.com  (209.177.160.16:443)

TCP (HTTP):
Connects to vip026.ssl.hwcdn.net  (205.185.208.26:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

TCP (HTTP SSL):
Connects to snt-re4-8d.sjc.dropbox.com  (108.160.163.108:443)

Scan client.exe - Powered by Reason Core Security