home

Client.exe

The application Client.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. This file is typically installed with the program Rockettab by Rich River Media, LLC which is a potentially unwanted software program. While running, it connects to the Internet address mx-ll-110.164.11-99.static.3bb.co.th on port 80 using the HTTP protocol.
Version:
1.0.5668.17100

MD5:
60a08ff38878ac0e1db8e4e14c9660e2

SHA-1:
f0537a063927ff3e3dced67c0d89e8cbcf352e82

SHA-256:
ab16dfe78766fc8b748d599343bf210e25fa6590306b2f34cf450d344d03bb4f

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 4:56:17 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.RocketTab
2015.07.10

avast!
Win32:IBryte-EP [PUP]
2014.9-150710

ESET NOD32
MSIL/Adware.iBryte (variant)
9.11915

F-Prot
W32/A-425915ce
v6.4.7.1.166

G Data
Win32.Adware.Rockettab
15.7.25

Kaspersky
not-a-virus:HEUR:AdWare.MSIL.Generic
14.0.0.1757

Malwarebytes
PUP.Optional.RocketTab.A
v2015.07.10.12

McAfee
Adware-RocketTab
5600.6708

File size:
1.4 MB (1,457,664 bytes)

Product version:
1.0.5668.17100

Original file name:
Client.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\search extensions\client.exe

File PE Metadata
Compilation timestamp:
7/9/2015 6:30:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:nKD+w4lN4PLe0Q0p6nS6SMg44hFkqvUwF/NqIYFYziWD2:n7wOuPyY6nSOgZFkqsw/u8iWD2

Entry address:
0x15B10A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.0993

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.3 MB (1,413,632 bytes)

The file Client.exe has been discovered within the following program.

Rockettab  by Rich River Media, LLC
RocketTab is an adware program that injects advertising in the user's web browser by creating a local proxy server and routing all Internet traffic through that proxy. By re-routing traffic the service will be able to include various ads in the HTML of the displaying web page.
rockettab.com
88% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-221-254-214.compute-1.amazonaws.com  (54.221.254.214:80)

TCP (HTTP):
Connects to cdn-178-79-198-253.tlv.llnw.net  (178.79.198.253:80)

TCP (HTTP SSL):
Connects to any-in-2014.1e100.net  (216.239.32.20:443)

TCP (HTTP):
Connects to ec2-54-235-170-110.compute-1.amazonaws.com  (54.235.170.110:80)

TCP (HTTP SSL):
Connects to bn2b-cor002.api.p001.1drv.com  (131.253.14.227:443)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:443)

TCP (HTTP SSL):
Connects to lb03.us.ext.opera.com  (37.228.108.252:443)

TCP (HTTP):
Connects to ec2-54-204-8-133.compute-1.amazonaws.com  (54.204.8.133:80)

TCP (HTTP SSL):
Connects to e2.ycpi.vip.amb.yahoo.com  (87.248.116.12:443)

TCP (HTTP SSL):
Connects to e1.ycpi.vip.amb.yahoo.com  (87.248.116.11:443)

TCP (HTTP SSL):
Connects to edge-video-shv-01-fra3.fbcdn.net  (31.13.93.15:443)

TCP (HTTP SSL):
Connects to nl.extension-updates.opera.com.215.145.82.in-addr.arpa  (82.145.215.85:443)

TCP (HTTP SSL):
Connects to ec2-52-57-198-59.eu-central-1.compute.amazonaws.com  (52.57.198.59:443)

TCP (HTTP):
Connects to ec2-50-17-224-168.compute-1.amazonaws.com  (50.17.224.168:80)

TCP (HTTP):
Connects to ec2-23-23-122-91.compute-1.amazonaws.com  (23.23.122.91:80)

TCP (HTTP):
Connects to ec2-23-23-102-70.compute-1.amazonaws.com  (23.23.102.70:80)

TCP (HTTP SSL):
Connects to a25-01-03.opera.com  (37.228.108.172:443)

TCP (HTTP SSL):
Connects to a184-25-216-99.deploy.static.akamaitechnologies.com  (184.25.216.99:443)

TCP (HTTP SSL):
Connects to a104-121-29-119.deploy.static.akamaitechnologies.com  (104.121.29.119:443)

TCP (HTTP SSL):
Connects to a-0011.a-msedge.net  (204.79.197.213:443)

Remove Client.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.