Client.exe

The application Client.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Rockettab by Rich River Media, LLC and “RocketTab” by Adknowledge, both potentially unwanted software.
Version:
1.0.5658.21782

MD5:
336823473ae1cbcacc03f9934a3259ac

SHA-1:
500f2b24778b77651696987192963b5ce05501a9

SHA-256:
40bdddb6726d6fe3e475cffc3336424b6971a801d71d4722dd2482ca96d3558b

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2017 8:28:44 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.RocketTab
2015.06.30

avast!
Win32:IBryte-EP [PUP]
2014.9-150630

Baidu Antivirus
Adware.MSIL.iBryte
4.0.3.15630

Emsisoft Anti-Malware
Application.Generic.1392916
11.5.0.6191

ESET NOD32
MSIL/Adware.iBryte.F application
6.3

F-Prot
W32/A-425915ce
v6.4.7.1.166

F-Secure
Riskware.Application.Generic.1392916
5.15.96

G Data
Win32.Adware.Rockettab
15.6.25

Kaspersky
not-a-virus:AdWare.MSIL.RocketTab
15.0.0.562

Malwarebytes
PUP.Optional.RocketTab.A
v2015.06.30.07

McAfee
Program.Adware-RocketTab
17.6.569.0

McAfee Web Gateway
Adware-RocketTab
7.6719

Norman
Application.Generic.1392916
19.05.2016 01:04:49

Reason Heuristics
PUP.iBryte (M)
16.7.14.0

File size:
1.4 MB (1,457,664 bytes)

Product version:
1.0.5658.21782

Original file name:
Client.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\search extensions\client.exe

File PE Metadata
Compilation timestamp:
6/29/2015 4:06:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:+vJW6tB49UKBMQ0p6nS+Sf61RxMYwPyRILzztpWAyVo:+ftBe1i6nSB6bfwPyeJpWAco

Entry address:
0x15B102

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.0999

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.3 MB (1,413,632 bytes)

The file Client.exe has been discovered within the following programs.

“RocketTab”  by Adknowledge
RocketTab is a web browser extension that injects display advertising in the user's browser. Ads are displayed in the form of banners and contextual text-links and are both injected in white space areas of the HTML page or over existing ads of the underlying web site.
85% remove it
Rockettab  by Rich River Media, LLC
RocketTab is an adware program that injects advertising in the user's web browser by creating a local proxy server and routing all Internet traffic through that proxy. By re-routing traffic the service will be able to include various ads in the HTML of the displaying web page.
rockettab.com
88% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-221-254-214.compute-1.amazonaws.com  (54.221.254.214:80)

TCP (HTTP):
Connects to ec2-54-243-115-164.compute-1.amazonaws.com  (54.243.115.164:80)

TCP (HTTP):
Connects to ec2-54-235-186-78.compute-1.amazonaws.com  (54.235.186.78:80)

TCP (HTTP SSL):
Connects to any-in-2014.1e100.net  (216.239.32.20:443)

TCP (HTTP):
Connects to ec2-54-235-170-110.compute-1.amazonaws.com  (54.235.170.110:80)

TCP (HTTP):
Connects to ec2-23-23-122-91.compute-1.amazonaws.com  (23.23.122.91:80)

TCP (HTTP):
Connects to ec2-23-21-54-183.compute-1.amazonaws.com  (23.21.54.183:80)

TCP (HTTP):
Connects to ec2-35-163-9-66.us-west-2.compute.amazonaws.com  (35.163.9.66:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-cdg2.fbcdn.net  (179.60.192.7:443)

TCP (HTTP):
Connects to server-54-230-78-54.cdg50.r.cloudfront.net  (54.230.78.54:80)

TCP (HTTP):
Connects to server-54-192-119-21.sfo9.r.cloudfront.net  (54.192.119.21:80)

TCP (HTTP SSL):
Connects to s3-1.amazonaws.com  (54.231.81.244:443)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:443)

TCP (HTTP):
Connects to haproxy10.ca.servers.visadd.com  (167.114.83.160:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sin6.facebook.com  (157.240.7.35:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-cdg2.facebook.com  (179.60.192.36:443)

TCP (HTTP):
Connects to ec2-54-69-82-117.us-west-2.compute.amazonaws.com  (54.69.82.117:80)

TCP (HTTP):
Connects to ec2-54-243-170-226.compute-1.amazonaws.com  (54.243.170.226:80)

TCP (HTTP):
Connects to ec2-54-243-163-248.compute-1.amazonaws.com  (54.243.163.248:80)

TCP (HTTP):
Connects to ec2-54-243-163-102.compute-1.amazonaws.com  (54.243.163.102:80)

Remove Client.exe - Powered by Reason Core Security