client.exe

Firefox

KeyFinder LTD

The executable client.exe has been detected as malware by 3 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
Mozilla Foundation  (signed by KeyFinder LTD)

Product:
Firefox

Version:
4.12.7

MD5:
ded6aa82b34d2b25346a5b60e31a8dd5

SHA-1:
e0b3857551f9930533d965cba0befd4d97da0abf

SHA-256:
08db6f37a163cc85353e7947e783ccc838c655bcb3d5e081eac72f7fedb4ee82

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
12/25/2024 7:09:51 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
160728-1

Dr.Web
Trojan.DownLoader21.42271
9.0.1.05190

ESET NOD32
MSIL/Injector.PFO trojan
8.0.319.0

File size:
685.5 KB (701,960 bytes)

Product version:
4.12.7

Copyright:
License: MPL 2

Trademarks:
Mozilla

Original file name:
568.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\client\client.exe

Digital Signature
Signed by:

Authority:
Starfield Technologies, Inc.

Valid from:
2/26/2013 1:33:53 AM

Valid to:
4/26/2016 10:14:03 PM

Subject:
CN=KeyFinder LTD, O=KeyFinder LTD, L=Eastbourne, S="EAST SUSSEX ", C=GB

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B12EAD0A0A9F5

File PE Metadata
Compilation timestamp:
5/17/2016 5:34:01 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:mF54fY+jqzraxeRwJTYbBS2mWl8hx7YIm48WKSVd90kgy551bhUXnV2YqQH6miO+:4cgsK6KS6CEWbVN51FU30GaDONf+p

Entry address:
0xA644E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.0984

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
660 KB (675,840 bytes)

Scheduled Task
Task name:
Client Monitor

Trigger:
Logon (Runs on logon)


Remove client.exe - Powered by Reason Core Security