» 157830995bf50e6b733fe619512528b6.exe
Overview
Analysis
File Details
Network (62)

157830995bf50e6b733fe619512528b6.exe

The application 157830995bf50e6b733fe619512528b6.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address rtr3.l7.search.vip.sg3.yahoo.com on port 80 using the HTTP protocol.

File name:

Version:

2.40.10.8

MD5:

8dd017c290acfd6d4006232437872cd2

SHA-1:

b9c5baa7b1e3134ff348d71515005708b31418be

SHA-256:

0e6d2d66c8172c59ca3bbac9bec164b2e13b6dcac1d852f9907e629e332c25cf

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

12/26/2024 3:43:10 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Wajam.Meta (M)

16.1.23.3

File size:

489 KB (500,736 bytes)

Product version:

2.40.10.8

Original file name:

CP2AE6.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\wanetworkenhancer\wanetworkenhancer internet enhancer\157830995bf50e6b733fe619512528b6.exe

File PE Metadata

Compilation timestamp:

1/19/2016 10:48:04 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:J162MDFXoEoZCRyXpotG6pTZoAZbGvME+nHybRs:nC4m

Entry address:

0x7B7FE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

486.5 KB (498,176 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to iuscmdistc1201-ge-6-0.msft.net (207.46.129.137:80)

TCP (HTTP SSL):

Connects to 206-135.amazon.com (72.21.206.135:443)

TCP (HTTP SSL):

Connects to 125.234.52.55.hcm.viettel.vn (125.234.52.55:443)

TCP (HTTP SSL):

Connects to mc.yandex.ru (93.158.134.119:443)

TCP (HTTP SSL):

Connects to coccoc.com (123.30.175.14:443)

TCP (HTTP):

Connects to c4.3e.559e.ip4.static.sl-reverse.com (158.85.62.196:80)

TCP (HTTP):

Connects to a23-2-16-114.deploy.static.akamaitechnologies.com (23.2.16.114:80)

TCP (HTTP SSL):

Connects to t3-ha.ycpi.sgb.yahoo.com (119.161.11.99:443)

TCP (HTTP):

Connects to t1-ha.ycpi.sgb.yahoo.com (119.161.10.101:80)

TCP (HTTP):

Connects to server-54-230-151-11.sin2.r.cloudfront.net (54.230.151.11:80)

TCP (HTTP):

Connects to rtr3.l7.search.vip.sg3.yahoo.com (106.10.162.43:80)

TCP (HTTP):

Connects to probot3.lax.hv.prod (208.111.40.79:80)

TCP (HTTP):

Connects to ocsp.comodoca.com (178.255.83.1:80)

TCP (HTTP):

Connects to hk2-dspcdn.tlu.dl.delivery.mp.microsoft.com (40.77.226.72:80)

TCP (HTTP):

Connects to button3.ams.hv.prod (176.58.93.77:80)

TCP (HTTP):

Connects to a104-93-103-120.deploy.static.akamaitechnologies.com (104.93.103.120:80)

TCP (HTTP):

Connects to 85.243.178.107.bc.googleusercontent.com (107.178.243.85:80)

TCP (HTTP):

Connects to 50.115.122.46.static.westdc.net (50.115.122.46:80)

TCP (HTTP):

Connects to 34.6f.caa1.ip4.static.sl-reverse.com (161.202.111.52:80)

TCP (HTTP):

Connects to 156.subnet180-250-68.speedy.telkom.net.id (180.250.68.156:80)

Remove 157830995bf50e6b733fe619512528b6.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.