0f0f4ad1d23faa58e910e76768255689.exe

The application 0f0f4ad1d23faa58e910e76768255689.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 54583 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Version:
2.40.2.29

MD5:
99843c601168f2b2600948b89750062c

SHA-1:
176d230f8e7405f24919ec1935582d0d02183768

SHA-256:
e12a27c849377d2b3d0e0ab1f10efc00dfda266d8f9e759692fc1b0d426f02ae

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 8:35:56 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Meta (M)
16.1.8.16

File size:
486.5 KB (498,176 bytes)

Product version:
2.40.2.29

Original file name:
3FHASX.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wanetworkenhancer\wanetworkenhancer internet enhancer\0f0f4ad1d23faa58e910e76768255689.exe

File PE Metadata
Compilation timestamp:
1/4/2016 2:44:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:Xav0og+df8qRs/3FvT85iQy6um7LLCdov5JyeybRs:XW0oZ2FEmmW7k

Entry address:
0x7AEBE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
484 KB (495,616 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:54583/

Local host port:
54583

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-hkg3.facebook.com  (31.13.95.36:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-hkg3.facebook.com  (31.13.95.8:443)

TCP (HTTP SSL):
Connects to ec2-52-20-120-15.compute-1.amazonaws.com  (52.20.120.15:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-hkg3.fbcdn.net  (31.13.95.12:443)

TCP (HTTP SSL):
Connects to ec2-54-87-204-118.compute-1.amazonaws.com  (54.87.204.118:443)

TCP (HTTP SSL):
Connects to 66-226-77-218.dedicated.codero.net  (66.226.77.218:443)

TCP (HTTP):
Connects to 053f96b4.rdns.100tb.com  (5.63.150.180:80)

TCP (HTTP):
Connects to hn.kd.ny.adsl  (42.236.74.213:80)

TCP (HTTP):
Connects to cdn-203-77-188-253.hkg.llnw.net  (203.77.188.253:80)

TCP (HTTP):
Connects to a6.8c.adb8.ip4.static.sl-reverse.com  (184.173.140.166:80)

TCP (HTTP SSL):
Connects to msnbot-64-4-54-153.search.msn.com  (64.4.54.153:443)

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (199.58.87.151:80)

TCP (HTTP SSL):
Connects to ec2-52-7-213-116.compute-1.amazonaws.com  (52.7.213.116:443)

TCP (HTTP):
Connects to cdn-203-77-188-254.hkg.llnw.net  (203.77.188.254:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to 158.118.255.173.bc.googleusercontent.com  (173.255.118.158:443)

Remove 0f0f4ad1d23faa58e910e76768255689.exe - Powered by Reason Core Security