home

client.exe

The application client.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 1052 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
MD5:
331e61f7efa24efd5ab462d971b5bf8e

SHA-1:
62dd4cc2baab33eaefa890156a88a8a62892be27

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
5/12/2025 3:52:46 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.164387
797

avast!
Win32:Adware-CBG [PUP]
2014.9-141130

Bitdefender
Gen:Variant.Adware.Graftor.164387
1.0.20.1670

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.164387
8.14.11.30.12

F-Secure
Gen:Variant.Adware.Graftor.164387
11.2014-30-11_1

G Data
Gen:Variant.Adware.Graftor.164387
14.11.24

McAfee
Artemis!45804C006E6C
5600.6931

MicroWorld eScan
Gen:Variant.Adware.Graftor.164387
15.0.0.1002

Panda Antivirus
Trj/Genetic.gen
14.11.30.12

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.11.30.0

Sophos
iBryte Desktop
4.98

Trend Micro House Call
TROJ_GEN.R047H09KS14
7.2.334

VIPRE Antivirus
Trojan.Win32.Generic
35260

File size:
5.5 MB (5,812,224 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\search extensions\client.exe

File PE Metadata
Compilation timestamp:
11/19/2014 11:00:32 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:uaZHwdYlvc3E+FZoiL0p52dV33Hpb0IDonpiMzzVeA+ghMqqTwuo5s/SjiO6+jae:J4tub+5SNwlmJ

Entry address:
0x1E8F

Entry point:
E8, 3B, 27, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, AC, 87, 98, 00, FF, 15, 3C, 80, 40, 00, 85, C0, 75, 18, 56, E8, ED, 27, 00, 00, 8B, F0, FF, 15, 38, 80, 40, 00, 50, E8, 9D, 27, 00, 00, 59, 89, 06, 5E, 5D, C3, 6A, 0C, 68, B0, A4, 40, 00, E8, 01, 25, 00, 00, 6A, 0E, E8, ED, 2A, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 00, 7C, 98, 00, BA, FC, 7B, 98, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A...
 
[+]

Entropy:
4.5677

Code size:
25.5 KB (26,112 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:1052/

Local host port:
1052

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to s3-1-w.amazonaws.com  (54.231.32.169:443)

TCP (HTTP):
Connects to ec2-54-225-197-149.compute-1.amazonaws.com  (54.225.197.149:80)

TCP (HTTP SSL):
Connects to den03s06-in-f6.1e100.net  (74.125.225.198:443)

TCP (HTTP SSL):
Connects to cloud.iccgh.com  (209.198.196.108:443)

TCP (HTTP SSL):
Connects to cloud.gti.mcafee.com  (8.18.25.6:443)

TCP (HTTP):
Connects to a23-3-12-162.deploy.static.akamaitechnologies.com  (23.3.12.162:80)

TCP (HTTP SSL):
Connects to 184.172.26.52-static.reverse.softlayer.com  (184.172.26.52:443)

Remove client.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.