client.exe

ClientWrapper

The application client.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 49335 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address cdn-208-111-168-6.ord.llnw.net on port 80 using the HTTP protocol.
Product:
ClientWrapper

Version:
1.0.0.0

MD5:
3cf150806bf9c607a041fd168344f50a

SHA-1:
e467e17bc93d2501fbe22ab859639a1b46c9cc46

SHA-256:
2d89580f4c6fdeaffd7dd54d3c2cbebaefc5e41260aa22648a954f913da08989

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 5:31:38 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Crypt.Xpack.192775
8.3.1.6

IKARUS anti.virus
Trojan.Crypt.XPACK
t3scan.1.8.9.0

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Reason Heuristics
Adware.Downloader.GB
16.2.28.9

File size:
77 KB (78,848 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
ClientWrapper.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\user extensions\client.exe

File PE Metadata
Compilation timestamp:
4/30/2015 8:23:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:UXqYP47cj09H7xVI6QktAUWu1v+zuEvjjWO8StCNdj2J:UXqYjf4AzYvyv38StCSJ

Entry address:
0x1495E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9050

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
74.5 KB (76,288 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49335/

Local host port:
49335

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn-208-111-168-6.ord.llnw.net  (208.111.168.6:80)

TCP (HTTP):
Connects to map2.hwcdn.net  (205.185.216.10:80)

TCP (HTTP SSL):
Connects to a23-9-80-61.deploy.static.akamaitechnologies.com  (23.9.80.61:443)

Remove client.exe - Powered by Reason Core Security