home

Client.exe

The application Client.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 49169 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Version:
1.0.5555.15504

MD5:
66df7455e547e715c83e85e3f48d11ff

SHA-1:
fd74e474f5d9f50e6ee838d13858032cbae1bac3

SHA-256:
ad1be9918d2d72af82e8914bf15551ab64f34668a6ffa2fb9be39fd74672fe4a

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/19/2024 12:12:15 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:IBryte-EP [PUP]
2014.9-150319

Comodo Security
Application.MSIL.BrowseFox.A
21453

ESET NOD32
MSIL/Adware.iBryte (variant)
9.11340

IKARUS anti.virus
Trojan.Msil
t3scan.1.8.6.0

File size:
848 KB (868,352 bytes)

Product version:
1.0.5555.15504

Original file name:
Client.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\browser extensions\client.exe

File PE Metadata
Compilation timestamp:
3/18/2015 5:37:06 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:pbsTdLHTp7AudRWAeAfB6usC2F6HSZSCD:po5LHTp7AudRWAeAfB6hF6HS

Entry address:
0xD550A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3167

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
845.5 KB (865,792 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49169/

Local host port:
49169

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-63-226-146.deploy.static.akamaitechnologies.com  (23.63.226.146:80)

TCP (HTTP):
Connects to a23-63-226-145.deploy.static.akamaitechnologies.com  (23.63.226.145:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-ort2.facebook.com  (157.240.2.35:443)

TCP (HTTP SSL):
Connects to fixed-187-190-119-209.totalplay.com.mx  (187.190.119.209:443)

TCP (HTTP):
Connects to ec2-54-235-170-110.compute-1.amazonaws.com  (54.235.170.110:80)

TCP (HTTP):
Connects to ec2-54-225-162-60.compute-1.amazonaws.com  (54.225.162.60:80)

TCP (HTTP):
Connects to ec2-54-221-254-214.compute-1.amazonaws.com  (54.221.254.214:80)

TCP (HTTP SSL):
Connects to ec2-52-70-36-202.compute-1.amazonaws.com  (52.70.36.202:443)

TCP (HTTP):
Connects to ec2-50-17-224-168.compute-1.amazonaws.com  (50.17.224.168:80)

TCP (HTTP SSL):
Connects to any-in-2014.1e100.net  (216.239.32.20:443)

TCP (HTTP):
Connects to a23-4-59-27.deploy.static.akamaitechnologies.com  (23.4.59.27:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-ort2.facebook.com  (157.240.2.20:443)

TCP (HTTP):
Connects to a23-63-226-122.deploy.static.akamaitechnologies.com  (23.63.226.122:80)

TCP (HTTP):
Connects to vip0x054.map2.ssl.hwcdn.net  (209.197.3.84:80)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.gq1.yahoo.com  (208.71.45.11:443)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:443)

TCP (HTTP SSL):
Connects to r2.ycpi.vip.ne1.yahoo.net  (98.138.81.73:443)

TCP (HTTP SSL):
Connects to l1-ha.ycs.mxa.yahoo.com  (189.247.129.162:443)

TCP (HTTP):
Connects to https-208-111-158-229.dal.llnw.net  (208.111.158.229:80)

TCP (HTTP SSL):
Connects to fixed-189-203-168-172.totalplay.com.mx  (189.203.168.172:443)

Remove Client.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.