Client.exe

The application Client.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Version:
1.0.5561.12886

MD5:
f618987984ad1afbfd8252d7ab527395

SHA-1:
dd166709d422ca7f7c1d9f77945b60b37fcbf316

SHA-256:
5501c7b14ce7a0f4fad5965bdf0d2fff836fb1e9fac7a646f2c7e83421871bf3

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
12/17/2018 9:42:26 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:IBryte-FV [PUP]
2014.9-150326

Comodo Security
Application.MSIL.BrowseFox.A
21520

ESET NOD32
MSIL/Adware.iBryte (variant)
9.11369

IKARUS anti.virus
Trojan.Msil
t3scan.1.8.6.0

File size:
860 KB (880,640 bytes)

Product version:
1.0.5561.12886

Original file name:
Client.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\browser extensions\client.exe

File PE Metadata
Compilation timestamp:
3/24/2015 3:09:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:Zb5plZ/Kro+wlemws8U+MoNCxI2Xm8N6HSYHMYk:7/Aro+Iemws8U+MoNCxI236HS6k

Entry address:
0xD85DA

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, D0, 02, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 50, 00, 00, 00, 5C, A0, 0D, 00, 74, 02, 00, 00, 00, 00...
 
[+]

Entropy:
6.3291

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
857.5 KB (878,080 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a104-98-66-173.deploy.static.akamaitechnologies.com  (104.98.66.173:80)

TCP (HTTP):
Connects to a23-215-104-106.deploy.static.akamaitechnologies.com  (23.215.104.106:80)

TCP (HTTP):
Connects to ec2-54-225-145-152.compute-1.amazonaws.com  (54.225.145.152:80)

TCP (HTTP):
Connects to ec2-23-21-63-170.compute-1.amazonaws.com  (23.21.63.170:80)

TCP (HTTP):
Connects to ec2-107-22-215-174.compute-1.amazonaws.com  (107.22.215.174:80)

TCP (HTTP):
Connects to 123.214.196.104.bc.googleusercontent.com  (104.196.214.123:80)

TCP (HTTP):
Connects to vip0x024.map2.ssl.hwcdn.net  (209.197.3.36:80)

TCP (HTTP):
Connects to s1-eu.adformnet.akadns.net  (37.157.6.252:80)

TCP (HTTP):
Connects to ec2-54-196-164-240.compute-1.amazonaws.com  (54.196.164.240:80)

TCP (HTTP):
Connects to ec2-52-67-89-54.sa-east-1.compute.amazonaws.com  (52.67.89.54:80)

TCP (HTTP):
Connects to ec2-52-33-46-229.us-west-2.compute.amazonaws.com  (52.33.46.229:80)

TCP (HTTP):
Connects to c0.a2.2ca9.ip4.static.sl-reverse.com  (169.44.162.192:80)

TCP (HTTP):
Connects to 114.255.178.107.bc.googleusercontent.com  (107.178.255.114:80)

TCP (HTTP):
Connects to ec2-23-21-84-250.compute-1.amazonaws.com  (23.21.84.250:80)

TCP (HTTP):

TCP (HTTP):
Connects to 208.185.50.20.IPYX-063360-004-ZYO.zip.zayo.com  (208.185.50.20:80)

TCP (HTTP):
Connects to server-52-84-63-167.ord51.r.cloudfront.net  (52.84.63.167:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.49.154:80)

TCP (HTTP):
Connects to prod-hzeu-exebid-lba-5.dca-ops.tech  (213.239.222.29:80)

TCP (HTTP):
Connects to pr-bh.pbp.vip.bf1.yahoo.com  (72.30.2.182:80)

Remove Client.exe - Powered by Reason Core Security