» Client.exe
Overview
Analysis
File Details
Network (48)

Client.exe

The application Client.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Client.exe

Version:

1.0.5561.12886

MD5:

f618987984ad1afbfd8252d7ab527395

SHA-1:

dd166709d422ca7f7c1d9f77945b60b37fcbf316

SHA-256:

5501c7b14ce7a0f4fad5965bdf0d2fff836fb1e9fac7a646f2c7e83421871bf3

Scanner detections:

4 / 68

Status:

Potentially unwanted

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/18/2024 11:29:59 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

avast!

Win32:IBryte-FV [PUP]

2014.9-150326

Comodo Security

Application.MSIL.BrowseFox.A

21520

ESET NOD32

MSIL/Adware.iBryte (variant)

9.11369

IKARUS anti.virus

Trojan.Msil

t3scan.1.8.6.0

File size:

860 KB (880,640 bytes)

Product version:

1.0.5561.12886

Original file name:

Client.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\browser extensions\client.exe

File PE Metadata

Compilation timestamp:

3/24/2015 3:09:51 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:Zb5plZ/Kro+wlemws8U+MoNCxI2Xm8N6HSYHMYk:7/Aro+Iemws8U+MoNCxI236HS6k

Entry address:

0xD85DA

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, D0, 02, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 50, 00, 00, 00, 5C, A0, 0D, 00, 74, 02, 00, 00, 00, 00... 
[+]

Entropy:

6.3291

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

857.5 KB (878,080 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to a104-98-66-173.deploy.static.akamaitechnologies.com (104.98.66.173:80)

TCP (HTTP):

Connects to a23-215-104-106.deploy.static.akamaitechnologies.com (23.215.104.106:80)

TCP (HTTP):

Connects to ec2-54-225-145-152.compute-1.amazonaws.com (54.225.145.152:80)

TCP (HTTP):

Connects to ec2-23-21-63-170.compute-1.amazonaws.com (23.21.63.170:80)

TCP (HTTP):

Connects to ec2-107-22-215-174.compute-1.amazonaws.com (107.22.215.174:80)

TCP (HTTP):

Connects to 123.214.196.104.bc.googleusercontent.com (104.196.214.123:80)

TCP (HTTP):

Connects to vip0x024.map2.ssl.hwcdn.net (209.197.3.36:80)

TCP (HTTP):

Connects to s1-eu.adformnet.akadns.net (37.157.6.252:80)

TCP (HTTP):

Connects to ec2-54-196-164-240.compute-1.amazonaws.com (54.196.164.240:80)

TCP (HTTP):

Connects to ec2-52-67-89-54.sa-east-1.compute.amazonaws.com (52.67.89.54:80)

TCP (HTTP):

Connects to ec2-52-33-46-229.us-west-2.compute.amazonaws.com (52.33.46.229:80)

TCP (HTTP):

Connects to c0.a2.2ca9.ip4.static.sl-reverse.com (169.44.162.192:80)

TCP (HTTP):

Connects to 114.255.178.107.bc.googleusercontent.com (107.178.255.114:80)

TCP (HTTP):

Connects to ec2-23-21-84-250.compute-1.amazonaws.com (23.21.84.250:80)

TCP (HTTP):

Connects to a23-209-190-9.deploy.static.akamaitechnologies.com (23.209.190.9:80)

TCP (HTTP):

Connects to 208.185.50.20.IPYX-063360-004-ZYO.zip.zayo.com (208.185.50.20:80)

TCP (HTTP):

Connects to server-52-84-63-167.ord51.r.cloudfront.net (52.84.63.167:80)

TCP (HTTP):

Connects to s3-1-w.amazonaws.com (54.231.49.154:80)

TCP (HTTP):

Connects to prod-hzeu-exebid-lba-5.dca-ops.tech (213.239.222.29:80)

TCP (HTTP):

Connects to pr-bh.pbp.vip.bf1.yahoo.com (72.30.2.182:80)

Remove Client.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.