Client.exe

The application Client.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. This file is typically installed with the program Rockettab by Rich River Media, LLC which is a potentially unwanted software program.
Version:
1.0.5577.20076

MD5:
24a85ea8ddc39fc4df76571a5d7f6926

SHA-1:
9604ee654784a8183bad0f9f42591923dfbe9a90

SHA-256:
e14c5ef31d1c7175642b4e66c9cb633a8a4e1c1b7c4405f165d13db8348895eb

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
11/25/2017 8:52:50 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.RocketTab
2015.04.12

Antiy Labs AVL
GrayWare[AdWare:not-a-virus]/MSIL.RocketTab
1.0.0.1

avast!
Win32:IBryte-EP [PUP]
2014.9-150411

Baidu Antivirus
Adware.MSIL.iBryte
4.0.3.15411

ESET NOD32
MSIL/Adware.iBryte.F application
7.0.302.0

Fortinet FortiGate
Adware/RocketTab
4/11/2015

F-Prot
W32/A-425915ce
v6.4.7.1.166

G Data
Win32.Adware.Rockettab
15.4.25

Kaspersky
not-a-virus:AdWare.MSIL.RocketTab
15.0.0.543

McAfee
Program.Adware-RocketTab
16.8.708.2

McAfee Web Gateway
Adware-RocketTab
7.6798

Panda Antivirus
Trj/CI.A
15.04.11.09

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Sophos
Generic PUA JG
4.98

Trend Micro House Call
TROJ_GEN.R0C1H06DA15
7.2.101

File size:
1.4 MB (1,449,472 bytes)

Product version:
1.0.5577.20076

Original file name:
Client.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\search extensions\client.exe

File PE Metadata
Compilation timestamp:
4/9/2015 8:09:30 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:MwggJgNV9jHmM6HSiXw/jbn4ZvhtP4HFcDDiGMYHR:MyO6HS3fA5V4HFcvJMY

Entry address:
0x159126

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.1050

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.3 MB (1,405,440 bytes)

The file Client.exe has been discovered within the following programs.

Rockettab  by Rich River Media, LLC
RocketTab is an adware program that injects advertising in the user's web browser by creating a local proxy server and routing all Internet traffic through that proxy. By re-routing traffic the service will be able to include various ads in the HTML of the displaying web page.
rockettab.com
88% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-235-170-110.compute-1.amazonaws.com  (54.235.170.110:80)

TCP (HTTP):
Connects to ec2-54-221-254-214.compute-1.amazonaws.com  (54.221.254.214:80)

TCP (HTTP):
Connects to ec2-54-235-186-78.compute-1.amazonaws.com  (54.235.186.78:80)

TCP (HTTP):
Connects to ec2-23-23-122-91.compute-1.amazonaws.com  (23.23.122.91:80)

TCP (HTTP):
Connects to ec2-23-21-77-170.compute-1.amazonaws.com  (23.21.77.170:80)

TCP (HTTP):
Connects to ec2-54-83-193-6.compute-1.amazonaws.com  (54.83.193.6:80)

TCP (HTTP):
Connects to ec2-54-204-8-133.compute-1.amazonaws.com  (54.204.8.133:80)

TCP (HTTP SSL):
Connects to ec2-52-72-157-241.compute-1.amazonaws.com  (52.72.157.241:443)

TCP (HTTP):
Connects to ec2-50-17-224-168.compute-1.amazonaws.com  (50.17.224.168:80)

TCP (HTTP SSL):
Connects to bn2ap002.device.ra.live.com  (40.77.228.74:443)

TCP (HTTP SSL):
Connects to bl3301-c.1drv.com  (134.170.107.48:443)

TCP (HTTP SSL):
Connects to any-in-2014.1e100.net  (216.239.32.20:443)

TCP (HTTP SSL):
Connects to a-0011.a-msedge.net  (204.79.197.213:443)

TCP (HTTP):
Connects to pf.vitplatform.com  (149.202.192.156:80)

TCP (HTTP SSL):
Connects to geoip-zlb.vips.scl3.mozilla.com  (63.245.215.82:443)

TCP (HTTP):
Connects to ec2-52-2-115-167.compute-1.amazonaws.com  (52.2.115.167:80)

TCP (HTTP):
Connects to ec2-23-21-48-109.compute-1.amazonaws.com  (23.21.48.109:80)

TCP (HTTP):
Connects to ec2-184-73-208-133.compute-1.amazonaws.com  (184.73.208.133:80)

TCP (HTTP):
Connects to bitcast-b.bitgravity.com  (208.67.238.238:80)

TCP (HTTP):
Connects to a0.f0.2bd0.ip4.static.sl-reverse.com  (208.43.240.160:80)

Remove Client.exe - Powered by Reason Core Security