home

Client.exe

The application Client.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. Additionally, the file is typically installed by a number of programs including “RocketTab” by Adknowledge and Rockettab by Rich River Media, LLC, both potentially unwanted software. While running, it connects to the Internet address th-us1.vporn.com on port 443.
Version:
1.0.5435.23772

MD5:
453e971f4101cf577da47460e18ebd42

SHA-1:
b022083a2e988ab212f08371e33bbef92a8b094b

SHA-256:
dfd2f615bcf072e511fa610cadefd512c1d35dd6992010168b1795953c28aa33

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 10:08:40 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:IBryte-EP [PUP]
2014.9-141118

Baidu Antivirus
Adware.MSIL.iBryte
4.0.3.141118

ESET NOD32
MSIL/Adware.iBryte (variant)
8.10745

Fortinet FortiGate
Adware/IBryte
11/18/2014

F-Prot
W32/A-425915ce
v6.4.7.1.166

Kaspersky
not-a-virus:AdWare.MSIL.RocketTab
14.0.0.2925

McAfee
Adware-RocketTab
5600.6942

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Sophos
Generic PUA LA
4.98

Trend Micro House Call
TROJ_GEN.R047H06KI14
7.2.322

File size:
1.4 MB (1,437,696 bytes)

Product version:
1.0.5435.23772

Original file name:
Client.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\search extensions\client.exe

File PE Metadata
Compilation timestamp:
11/18/2014 2:12:43 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:pbjSsFJpVDbwKBcGxQ6JSD5fEscCnY9OGHr+o5SAuGYOa9N6x7ND:plFdQ6JSOxCn9PubuemS7ND

Entry address:
0x15624E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.3 MB (1,393,664 bytes)

The file Client.exe has been discovered within the following programs.

“RocketTab”  by Adknowledge
RocketTab is a web browser extension that injects display advertising in the user's browser. Ads are displayed in the form of banners and contextual text-links and are both injected in white space areas of the HTML page or over existing ads of the underlying web site.
85% remove it
Rockettab  by Rich River Media, LLC
RocketTab is an adware program that injects advertising in the user's web browser by creating a local proxy server and routing all Internet traffic through that proxy. By re-routing traffic the service will be able to include various ads in the HTML of the displaying web page.
rockettab.com
88% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP SSL):
Connects to vw0.vporn.com  (204.155.151.79:443)

TCP (HTTP SSL):
Connects to um-21.btrll.com  (162.208.22.39:443)

TCP (HTTP SSL):
Connects to th-us2.vporn.com  (204.155.151.83:443)

TCP (HTTP SSL):
Connects to th-us1.vporn.com  (204.155.151.82:443)

TCP (HTTP):
Connects to snt-re3-7d.sjc.dropbox.com  (108.160.162.104:80)

TCP (HTTP SSL):
Connects to server-54-230-51-17.jfk5.r.cloudfront.net  (54.230.51.17:443)

TCP (HTTP SSL):
Connects to server-54-230-49-200.jfk5.r.cloudfront.net  (54.230.49.200:443)

TCP (HTTP SSL):
Connects to server-54-192-36-4.jfk1.r.cloudfront.net  (54.192.36.4:443)

TCP (HTTP SSL):
Connects to ox-173-241-250-143.ca.dc.openx.org  (173.241.250.143:443)

TCP (HTTP):
Connects to ec2-54-83-49-119.compute-1.amazonaws.com  (54.83.49.119:80)

TCP (HTTP SSL):
Connects to ec2-54-235-190-106.compute-1.amazonaws.com  (54.235.190.106:443)

TCP (HTTP):
Connects to ec2-54-225-197-149.compute-1.amazonaws.com  (54.225.197.149:80)

TCP (HTTP):
Connects to ec2-54-221-193-35.compute-1.amazonaws.com  (54.221.193.35:80)

TCP (HTTP SSL):
Connects to ec2-54-208-132-9.compute-1.amazonaws.com  (54.208.132.9:443)

TCP (HTTP SSL):
Connects to ec2-54-173-252-183.compute-1.amazonaws.com  (54.173.252.183:443)

TCP (HTTP SSL):
Connects to ec2-52-8-54-32.us-west-1.compute.amazonaws.com  (52.8.54.32:443)

TCP (HTTP SSL):
Connects to ec2-52-204-76-90.compute-1.amazonaws.com  (52.204.76.90:443)

TCP (HTTP SSL):
Connects to ec2-52-200-235-142.compute-1.amazonaws.com  (52.200.235.142:443)

TCP (HTTP):
Connects to ec2-23-21-54-14.compute-1.amazonaws.com  (23.21.54.14:80)

Remove Client.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.