» client.exe
Overview
Analysis
File Details
Behaviors (1)
Network (143)

client.exe

Joltlogic

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application client.exe by Joltlogic has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This executable runs as a local area network (LAN) Internet proxy server listening on port 49337 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address 89.240.178.107.bc.googleusercontent.com on port 443.

File name:

client.exe

Publisher:

Joltlogic (signed and verified)

MD5:

448deb5ad3e094ec47f6e5ec397764a4

SHA-1:

f8ee33236c8d5b6e913c50b937478cfa1593fc9c

SHA-256:

af51a560be1af7ad18ce4d2242fb5b566db074d53f0b623b463609b02fd5b3ec

Scanner detections:

11 / 68

Status:

Adware

Explanation:

This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/26/2024 3:40:29 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/iBryte.Gen4

7.11.211.202

avast!

Win32:IBryte-JX [PUP]

150203-1

AVG

Generic

2016.0.3192

Bkav FE

W32.HfsAdware

1.3.0.6379

ESET NOD32

MSIL/Adware.iBryte.S application

7.0.302.0

Kaspersky

not-a-virus:AdWare.Win32.iBryte

15.0.0.543

McAfee

Trojan.Artemis!448DEB5AD3E0

16.8.708.2

Qihoo 360 Security

Win32/Virus.Adware.5a6

1.0.0.1015

Reason Heuristics

PUP.Adknowledge

15.2.20.23

Sophos

Virus 'Mal/Wintrim-A'

5.10

VIPRE Antivirus

Threat.4798837

37588

File size:

1.7 MB (1,794,784 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Common path:

C:\users\{user}\appdata\local\browser extensions\client.exe

Digital Signature

Signed by:

Joltlogic

Authority:

COMODO CA Limited

Valid from:

7/15/2014 8:00:00 PM

Valid to:

7/16/2015 7:59:59 PM

Subject:

CN=Joltlogic, O=Joltlogic, STREET=4600 Madison Ave FL 10, L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

5EE011413A702F6705B25B34B674F3AB

File PE Metadata

Compilation timestamp:

2/20/2015 9:52:25 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:xrFfQJci9P+YpBY+CUhyToYfS+Tksb5VpzztRLq8sTowVw5SNWNdZH1EnoZ:VdiXif3fXTddHqhUhn

Entry address:

0xCAD7

Entry point:

E8, B3, 33, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, A4, 77, 49, 00, FF, 15, 60, 00, 42, 00, 85, C0, 75, 18, 56, E8, 65, 34, 00, 00, 8B, F0, FF, 15, 5C, 00, 42, 00, 50, E8, 15, 34, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, C1, 83, 60, 04, 00, C7, 00, F4, 0F, 49, 00, C6, 40, 08, 00, C3, 8B, FF, 55, 8B, EC, 8B, C1, 8B, 4D, 08, C7, 00, F4, 0F, 49, 00, 8B, 09, 89, 48, 04, C6, 40, 08, 00, 5D, C2, 08, 00, 8B, 41, 04, 85, C0, 75, 05, B8, FC, 0F, 49, 00, C3, 8B... 
[+]

Entropy:

6.0999

Code size:

123 KB (125,952 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:49337/

Local host port:

49337

Default credentials:

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-221-254-214.compute-1.amazonaws.com (54.221.254.214:80)

TCP (HTTP):

Connects to ec2-50-17-224-168.compute-1.amazonaws.com (50.17.224.168:80)

TCP (HTTP):

Connects to server-54-230-87-157.lax3.r.cloudfront.net (54.230.87.157:80)

TCP (HTTP):

Connects to ec2-54-83-200-155.compute-1.amazonaws.com (54.83.200.155:80)

TCP (HTTP):

Connects to ec2-54-72-47-163.eu-west-1.compute.amazonaws.com (54.72.47.163:80)

TCP (HTTP):

Connects to ec2-23-23-122-91.compute-1.amazonaws.com (23.23.122.91:80)

TCP (HTTP SSL):

Connects to dub407-m.hotmail.com (157.56.194.24:443)

TCP (HTTP):

Connects to c0.a2.2ca9.ip4.static.sl-reverse.com (169.44.162.192:80)

TCP (HTTP SSL):

Connects to bn2b-cor003.api.p001.1drv.com (131.253.14.230:443)

TCP (HTTP):

Connects to ec2-52-3-190-48.compute-1.amazonaws.com (52.3.190.48:80)

TCP (HTTP):

Connects to server-54-230-87-70.lax3.r.cloudfront.net (54.230.87.70:80)

TCP (HTTP):

Connects to server-54-230-87-48.lax3.r.cloudfront.net (54.230.87.48:80)

TCP (HTTP):

Connects to server-54-230-87-156.lax3.r.cloudfront.net (54.230.87.156:80)

TCP (HTTP SSL):

Connects to server-54-192-19-47.iad12.r.cloudfront.net (54.192.19.47:443)

TCP (HTTP):

Connects to server-52-85-77-92.lax3.r.cloudfront.net (52.85.77.92:80)

TCP (HTTP SSL):

Connects to server-52-85-77-89.lax3.r.cloudfront.net (52.85.77.89:443)

TCP (HTTP SSL):

Connects to server-52-85-147-119.iad12.r.cloudfront.net (52.85.147.119:443)

TCP (HTTP):

Connects to s3-1.amazonaws.com (52.216.1.3:80)

TCP (HTTP):

Connects to l3dsr-cserv-um-21.iad3.btrll.com (162.208.22.39:80)

TCP (HTTP SSL):

Connects to java.com.ssl.d1.sc.omtrdc.net (66.235.145.8:443)

Remove client.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.