» Client.exe
Overview
Analysis
File Details
Behaviors (1)

Client.exe

Software Jockey

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application Client.exe by Software Jockey has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Adknowledge Fusion installer. This executable runs as a local area network (LAN) Internet proxy server listening on port 54407 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.

File name:

Client.exe

Publisher:

Software Jockey (signed and verified)

Version:

1.0.5406.14403

MD5:

48ec06bcc5ac28fcb5903b9dd46ac7d2

SHA-1:

b6bcf91dbd06a307e8d36ebbd4ef9b05b8a22d1e

SHA-256:

bca7560749c66c8054171c9950b9e0c248a8e33f7856ee3d34e732d7020a04b0

Scanner detections:

1 / 68

Status:

Adware

Explanation:

This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

5/20/2024 6:12:46 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Adknowledge (M)

17.2.18.23

File size:

1.4 MB (1,425,128 bytes)

Product version:

1.0.5406.14403

Original file name:

Client.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\search extensions\client.exe

Digital Signature

Signed by:

Software Jockey

Authority:

COMODO CA Limited

Valid from:

3/24/2014 1:00:00 AM

Valid to:

3/25/2015 12:59:59 AM

Subject:

CN=Software Jockey, O=Software Jockey, STREET="4600 Madison Ave, 10th FL", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

3481FC293A085AD3BA94D30DC9CC2E95

File PE Metadata

Compilation timestamp:

10/20/2014 11:00:25 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0x152522

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1.3 MB (1,377,792 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:54407/

Local host port:

54407

Default credentials:

Remove Client.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.