home

cyberclient.exe

CyberPlanet

Fidel Dali

The executable cyberclient.exe has been detected as malware by 12 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Client’.
Publisher:
Proyecto Redes  (signed by Fidel Dali)

Product:
CyberPlanet

Version:
5.07.0118

MD5:
af19e83ec879f09c6c1746a8bbde534b

SHA-1:
9bd639ba2521dc6e883b91bc1a00386eef528d62

SHA-256:
82517cfd09a1a032f236ca961a2d8f531b5f2e5d9e619c73502c38043b64f485

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
4/25/2024 6:18:10 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.7887062
257

Avira AntiVirus
TR/Rogue.7887062
7.11.152.70

Bitdefender
Trojan.Generic.7887062
1.0.20.720

Comodo Security
UnclassifiedMalware
18395

Dr.Web
BACKDOOR.Trojan
9.0.1.0144

Emsisoft Anti-Malware
Trojan.Generic.7887062
8.16.05.23.02

F-Secure
Trojan.Generic.7887062
11.2016-23-05_2

G Data
Trojan.Generic.7887062
16.5.24

McAfee
Artemis!AF19E83EC879
5600.6391

MicroWorld eScan
Trojan.Generic.7887062
17.0.0.432

nProtect
Trojan.Generic.7887062
14.06.01.01

Qihoo 360 Security
Win32/Trojan.9a4
1.0.0.1015

File size:
488.7 KB (500,416 bytes)

Product version:
5.07.0118

Copyright:
Fidel Dali

Trademarks:
Proyecto Redes

Original file name:
cyberclient.exe

File type:
Executable application (Win32 EXE)

Language:
Spanish

Common path:
C:\Program Files\cyberclient\cyberclient.exe

Digital Signature
Signed by:
Fidel Dali

Authority:
The USERTRUST Network

Valid from:
7/12/2009 7:00:00 PM

Valid to:
7/13/2010 6:59:59 PM

Subject:
CN=Fidel Dali, O=Fidel Dali, STREET=Ciudad de la Paz 1701 8 A, L=Capital Federal, S=Buenos Aires, PostalCode=1426, C=AR

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
543193D6B1CE0ED14B57CFA580B2F162

File PE Metadata
Compilation timestamp:
3/1/2010 2:39:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:B39YPCh49qxzoclY535JgtFDwMevLvi8TNg1HWCl0Jrllium6o9QK:EP2/lYB5mDDw/+8Tk5OR8B

Entry address:
0x1C5BF0

Entry point:
60, BE, 00, 40, 55, 00, 8D, BE, 00, D0, EA, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11...
 
[+]

Entropy:
7.8248

Packer / compiler:
UPX 2.90LZMA

Code size:
456 KB (466,944 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Client

Command:
C:\Program Files\cyberclient\cyberclient.exe


Remove cyberclient.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.