home

client.exe

ClientWrapper

The application client.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. This file is typically installed with the program Rockettab by Rich River Media, LLC which is a potentially unwanted software program.
Product:
ClientWrapper

Version:
1.0.0.0

MD5:
1c1fa54b04d80b890c55ce3a708f0ba4

SHA-1:
600cd7a459ff595acb2f84430fde61d651b117aa

SHA-256:
9098a1ab445a07071278704f05166c0f3d2c9323c1868851da1ebe91c021351b

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
4/27/2024 7:25:34 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.645530
573

Agnitum Outpost
PUA.Agent
7.1.1

Avira AntiVirus
ADWARE/iBryte.Gen
8.3.1.6

Arcabit
Trojan.Kazy.D9D99A
1.0.0.425

Baidu Antivirus
Adware.Win32.RocketTab
4.0.3.15711

Bitdefender
Gen:Variant.Kazy.645530
1.0.20.960

Emsisoft Anti-Malware
Gen:Variant.Kazy.645530
8.15.07.11.10

F-Secure
Gen:Variant.Kazy.645530
11.2015-11-07_7

G Data
Gen:Variant.Kazy.645530
15.7.25

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.9.5.0

MicroWorld eScan
Gen:Variant.Kazy.645530
16.0.0.576

File size:
64.5 KB (66,048 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
ClientWrapper.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\search extensions\client.exe

File PE Metadata
Compilation timestamp:
4/20/2015 8:14:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:soGcvj6FzrZ4sDLHr6+8w33tBCkWqBacSDSFQ6e5McQE8Necj26lRyYTLvMW5PvN:mFzF3LL6w3jC+4UQqkIdXDosPv8o

Entry address:
0x11732

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8778

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
62 KB (63,488 bytes)

The file client.exe has been discovered within the following programs.

Rockettab  by Rich River Media, LLC
RocketTab is an adware program that injects advertising in the user's web browser by creating a local proxy server and routing all Internet traffic through that proxy. By re-routing traffic the service will be able to include various ads in the HTML of the displaying web page.
rockettab.com
88% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-235-170-110.compute-1.amazonaws.com  (54.235.170.110:80)

TCP (HTTP):
Connects to ec2-54-221-254-214.compute-1.amazonaws.com  (54.221.254.214:80)

TCP (HTTP):
Connects to ec2-54-235-186-78.compute-1.amazonaws.com  (54.235.186.78:80)

TCP (HTTP):
Connects to ec2-23-23-122-91.compute-1.amazonaws.com  (23.23.122.91:80)

TCP (HTTP):
Connects to ec2-54-83-200-155.compute-1.amazonaws.com  (54.83.200.155:80)

TCP (HTTP):
Connects to ec2-23-21-48-109.compute-1.amazonaws.com  (23.21.48.109:80)

TCP (HTTP SSL):
Connects to any-in-2014.1e100.net  (216.239.32.20:443)

TCP (HTTP SSL):
Connects to top-fwz1.mail.ru  (217.69.133.148:443)

TCP (HTTP SSL):
Connects to sync.disk.yandex.net  (93.158.134.148:443)

TCP (HTTP SSL):
Connects to sovetnik.market.http.yandex.ru  (87.250.250.41:443)

TCP (HTTP SSL):
Connects to host69.rax.ru  (88.212.196.69:443)

TCP (HTTP):
Connects to ec2-54-83-193-6.compute-1.amazonaws.com  (54.83.193.6:80)

TCP (HTTP):
Connects to ec2-50-17-224-168.compute-1.amazonaws.com  (50.17.224.168:80)

TCP (HTTP SSL):
Connects to api.browser.yandex.ru  (87.250.251.82:443)

TCP (HTTP SSL):
Connects to a72-246-100-78.deploy.akamaitechnologies.com  (72.246.100.78:443)

TCP (HTTP SSL):
Connects to a172-227-85-103.deploy.static.akamaitechnologies.com  (172.227.85.103:443)

TCP (HTTP):
Connects to a172-227-101-45.deploy.static.akamaitechnologies.com  (172.227.101.45:80)

TCP (HTTP SSL):
Connects to static.144.152.243.136.clients.your-server.de  (136.243.152.144:443)

TCP (HTTP SSL):
Connects to mc.yandex.ru  (87.250.251.119:443)

TCP (HTTP):
Connects to ec2-54-225-245-141.compute-1.amazonaws.com  (54.225.245.141:80)

Remove client.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.