» client.exe
Overview
Analysis
File Details
Network (1)

client.exe

Microsoft .Net framework IL compiler

Copyright © Microsoft 2015

The application client.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. While running, it connects to the Internet address 8a.eb.6132.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.

File name:

client.exe

Publisher:

Product:

Microsoft .Net framework IL compiler

Version:

11.7.21.77

MD5:

f757f95a23c1b3fe2f0a95daeba91910

SHA-1:

e454de26daf66e56fed1cbd0f7da1b5377e80398

SHA-256:

bd64ea6c522e9fb64dc35a83a7083173e0d2d5b60b23c7ad224e1dbd37898eaa

Scanner detections:

14 / 68

Status:

Potentially unwanted

Analysis date:

11/16/2024 3:18:49 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.GV0@re!ci@mi

5695302

Avira AntiVirus

ADWARE/Dowsserve.3680768.3

8.3.2.4

Arcabit

Trojan.Heur.EDD3E1

1.0.0.624

avast!

Win32:Malware-gen

151004-0

Baidu Antivirus

Adware.Win32.Dowsserve

4.0.3.151128

Bitdefender

Gen:Trojan.Heur.GV0@re!ci@mi

1.0.20.1660

Emsisoft Anti-Malware

Gen:Trojan.Heur.GV0@re!ci@mi

10.0.0.5366

ESET NOD32

Win32/Adware.Dowsserve.A application

7.0.302.0

F-Secure

Gen:Trojan.Heur.GV0@re!ci@mi

5.15.21

G Data

Gen:Trojan.Heur.GV0@re!ci@mi

15.11.25

MicroWorld eScan

Gen:Trojan.Heur.GV0@re!ci@mi

16.0.0.996

Norman

Gen:Trojan.Heur.GV0@re!ci@mi

07.10.2015 03:16:12

Qihoo 360 Security

HEUR/QVM05.1.Malware.Gen

1.0.0.1077

VIPRE Antivirus

Threat.4150696

45208

File size:

3.5 MB (3,680,768 bytes)

Product version:

11.7.21.66

Trademarks:

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\microsoft.net\v2.0.507237\client.exe

File PE Metadata

Compilation timestamp:

11/27/2015 2:53:32 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:/LieGNZFWSX6yl/6mGK8KzBPGJlDhhooUZzoX:OK0UKHz8hic

Entry address:

0x2D0D00

Entry point:

55, 8B, EC, 83, C4, F0, B8, 40, 60, 6C, 00, E8, 18, E8, D3, FF, A1, 88, D6, 6D, 00, 8B, 00, E8, 30, 83, F0, FF, A1, 88, D6, 6D, 00, 8B, 00, B2, 01, E8, 6A, A0, F0, FF, 8B, 0D, 9C, D4, 6D, 00, A1, 88, D6, 6D, 00, 8B, 00, 8B, 15, 6C, 53, 6C, 00, E8, 22, 83, F0, FF, A1, 88, D6, 6D, 00, 8B, 00, E8, 72, 84, F0, FF, E8, AD, 8B, D3, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.6011

Developed / compiled with:

Microsoft Visual C++

Code size:

2.8 MB (2,945,024 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 8a.eb.6132.ip4.static.sl-reverse.com (50.97.235.138:80)

Remove client.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.