client.exe

ClientWrapper

The application client.exe has been detected as a potentially unwanted program by 13 anti-malware scanners.
Product:
ClientWrapper

Version:
1.0.5658.21664

MD5:
24989731b7189f0ef7072034f56e5d43

SHA-1:
6f876efc277c41c0104c24c7e738c8eddf1f099c

SHA-256:
be47f1225f7aa562d0db946a08ec366ed20833a46d80747e953ce066c6fa5c49

Scanner detections:
13 / 68

Status:
Potentially unwanted

Analysis date:
9/25/2017 1:43:43 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.1280733
560

Avira AntiVirus
ADWARE/iBryte.Gen
8.3.1.6

Arcabit
Adware.Generic.D138ADD
1.0.0.425

avast!
Win32:Dropper-gen [Drp]
2014.9-150725

Bitdefender
Adware.Generic.1280733
1.0.20.1030

Emsisoft Anti-Malware
Adware.Generic.1280733
8.15.07.25.12

Fortinet FortiGate
W32/IBryte_Optimum_Installer!tr
7/25/2015

F-Secure
Adware.Generic.1280733
11.2015-25-07_7

G Data
Adware.Generic.1280733
15.7.25

McAfee
GeniusBox!24989731B718
5600.6694

McAfee Web Gateway
GeniusBox!24989731B718
7.6694

MicroWorld eScan
Adware.Generic.1280733
16.0.0.618

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

File size:
77 KB (78,848 bytes)

Product version:
1.0.5658.21664

Copyright:
Copyright © 2015

Original file name:
ClientWrapper.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\user extensions\client.exe

File PE Metadata
Compilation timestamp:
6/29/2015 8:02:56 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:aL69g37cj09H7xVI6QktAUWu1/+zt8vjjWmSdCNEjtxV3:aL693f4AzY/Lv3xSdCm3

Entry address:
0x1495E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9076

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
74.5 KB (76,288 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to unallocated.barefruit.co.uk  (92.242.140.21:443)

TCP (HTTP):
Connects to ec2-54-191-171-112.us-west-2.compute.amazonaws.com  (54.191.171.112:80)

TCP (HTTP):
Connects to ec2-52-86-81-116.compute-1.amazonaws.com  (52.86.81.116:80)

TCP (HTTP):
Connects to ec2-184-73-208-133.compute-1.amazonaws.com  (184.73.208.133:80)

TCP (HTTP):
Connects to ec2-107-21-94-87.compute-1.amazonaws.com  (107.21.94.87:80)

TCP (HTTP SSL):
Connects to dh-in-f154.1e100.net  (209.85.203.154:443)

TCP (HTTP SSL):
Connects to any-in-2014.1e100.net  (216.239.32.20:443)

TCP (HTTP):
Connects to server-52-85-63-88.lhr50.r.cloudfront.net  (52.85.63.88:80)

TCP (HTTP):
Connects to msnbot-207-46-194-14.search.msn.com  (207.46.194.14:80)

TCP (HTTP):
Connects to li491-84.members.linode.com  (50.116.29.84:80)

TCP (HTTP):
Connects to ec2-54-235-170-110.compute-1.amazonaws.com  (54.235.170.110:80)

TCP (HTTP SSL):
Connects to ec2-52-73-109-231.compute-1.amazonaws.com  (52.73.109.231:443)

TCP (HTTP):
Connects to ec2-52-3-215-241.compute-1.amazonaws.com  (52.3.215.241:80)

TCP (HTTP):
Connects to ec2-50-17-224-168.compute-1.amazonaws.com  (50.17.224.168:80)

TCP (HTTP):
Connects to ec2-35-165-46-237.us-west-2.compute.amazonaws.com  (35.165.46.237:80)

TCP (HTTP):
Connects to ds-usa-abl-5.itftd.com  (149.56.19.6:80)

TCP (HTTP):
Connects to dg-in-f95.1e100.net  (209.85.202.95:80)

TCP (HTTP SSL):
Connects to b-app04-08.boldchat.com  (66.150.108.69:443)

TCP (HTTP SSL):
Connects to b-app04-05.boldchat.com  (66.150.108.91:443)

TCP (HTTP):
Connects to a92-123-180-201.deploy.akamaitechnologies.com  (92.123.180.201:80)

Remove client.exe - Powered by Reason Core Security