Client.exe

Secureencoded

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application Client.exe by Secureencoded has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Adknowledge Fusion installer.
Publisher:
Secureencoded  (signed and verified)

Version:
1.0.5373.25092

MD5:
cd5c84384332bd561f477dbb4163bf0a

SHA-1:
f49f8d9942bc3127e1a62635071c1819ecc28bb6

SHA-256:
8a4b94434ab40b133ca7794f1df611bd010185be5b950f6d90bfc6c6772a6b73

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 2:15:50 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Adknowledge (M)
16.10.19.2

File size:
1.4 MB (1,423,080 bytes)

Product version:
1.0.5373.25092

Original file name:
Client.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
Language Neutral

Common path:
C:\Program Files\search extensions\client.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/14/2014 5:30:00 AM

Valid to:
7/15/2015 5:29:59 AM

Subject:
CN=Secureencoded, O=Secureencoded, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008A9DE5BF6D7E4070873AB08E9304F7FA

File PE Metadata
Compilation timestamp:
9/17/2014 8:26:43 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:UVE8VeqvnKNh8j6JSkf+rtgvhfquKzDvuGwU2pzJL+sXK:ctv6JSzrtgvh4Pzf26sa

Entry address:
0x151DF2

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 84, A1, 00, 80, 10, 00, 00, 00, D4, A1, 00, 80, 18, 00, 00, 00, 84, A4, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 02, 00, 00, 00, 48, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 60, 00, 00, 00, 6C, 20, 15, 00, 18, A1, 00, 00, 00, 00, 00, 00, 28, 00, 00, 00, 64, 00...
 
[+]

Entropy:
7.0983

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.3 MB (1,375,744 bytes)

Remove Client.exe - Powered by Reason Core Security