» client.exe
Overview
Analysis
File Details
Behaviors (1)

client.exe

Internet Download Manager (IDM)

FlyVPN INC

It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.

File name:

client.exe

Publisher:

Tonec Inc. (signed by FlyVPN INC)

Product:

Internet Download Manager (IDM)

Version:

4.12.7

MD5:

486395d77025af680f4339948562f2db

SHA-1:

f1c0c32491423590fecbbe48411d484a2f3bb444

SHA-256:

a255d75b655eadef6930b2f0f0e9edfecee9c1130636af4343c1809db69a0b92

Scanner detections:

2 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/15/2024 4:44:23 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.DownLoader19.4625

9.0.1.05190

ESET NOD32

MSIL/Injector.QII trojan

6.3.12010.0

File size:

981.8 KB (1,005,384 bytes)

Product version:

4.12.7

Trademarks:

Internet Download Manager

Original file name:

hjh.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\client\client.exe

Digital Signature

Signed by:

FlyVPN INC

Authority:

GlobalSign nv-sa

Valid from:

12/17/2014 9:22:42 PM

Valid to:

3/10/2018 6:46:43 PM

Subject:

CN=FlyVPN INC, O=FlyVPN INC, L=Shanghai, S=Shanghai, C=CN

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121B7225F596FBEADC5B4D07694003A0917

File PE Metadata

Compilation timestamp:

9/30/2016 8:23:53 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0xF0A3E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.1332

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

956 KB (978,944 bytes)

Scheduled Task

Task name:

Client Monitor

Trigger:

Logon (Runs on logon)

Scan client.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.