1679282a48f5a9a625f8e688c29d464f.exe

The executable 1679282a48f5a9a625f8e688c29d464f.exe has been detected as malware by 11 anti-virus scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 50664 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Version:
2.37.12.1

MD5:
8d9a9c4961b748c8804c5b15139405a3

SHA-1:
532e9509bf312334dff05516d333616a0d8e5597

SHA-256:
f01ed3d6c20a0e0244c62c9932880b5f1758faa33699027093ddcc92fd01f8d6

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
12/23/2024 10:45:08 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2830475
447

Arcabit
Trojan.Generic.D2B308B
1.0.0.585

Bitdefender
Trojan.GenericKD.2830475
1.0.20.1595

Emsisoft Anti-Malware
Trojan.GenericKD.2830475
8.15.11.15.05

F-Secure
Trojan.GenericKD.2830475
11.2015-15-11_1

G Data
Trojan.GenericKD.2830475
15.11.25

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.1119

MicroWorld eScan
Trojan.GenericKD.2830475
16.0.0.957

nProtect
Trojan.GenericKD.2830475
15.10.30.01

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Rising Antivirus
PE:Trojan.FakeIcon!1.64A5[F1]
23.00.65.151011

File size:
311 KB (318,464 bytes)

Product version:
2.37.12.1

Original file name:
BQMQA5.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wnetenhancer\wnetenhancer internet enhancer\1679282a48f5a9a625f8e688c29d464f.exe

File PE Metadata
Compilation timestamp:
10/7/2015 12:35:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:TkQlmHnekA5mHqaxiFNclXOa/1Dc5vx8htBuR94e:TkQl2ned5mKaxiFNclXTC5vx8htBcF

Entry address:
0x4F00E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.8931

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
308.5 KB (315,904 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:50664/

Local host port:
50664

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to pc-pool.flickr.vip.bf1.yahoo.com  (63.250.200.72:443)

TCP (HTTP):

TCP (HTTP):
Connects to mx-ll-110.164.17-19.static.3bb.co.th  (110.164.17.19:80)

TCP (HTTP):
Connects to ec2-52-55-209-160.compute-1.amazonaws.com  (52.55.209.160:80)

TCP (HTTP SSL):
Connects to a104-92-5-116.deploy.static.akamaitechnologies.com  (104.92.5.116:443)

TCP (HTTP):
Connects to 74.113.235.138.dub.iaccap.com  (74.113.235.138:80)

TCP (HTTP):
Connects to li491-84.members.linode.com  (50.116.29.84:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to a-0001.a-msedge.net  (204.79.197.200:443)

TCP (HTTP):
Connects to server-52-85-63-242.lhr50.r.cloudfront.net  (52.85.63.242:80)

TCP (HTTP):
Connects to ox-173-241-240-143.xa.dc.openx.org  (173.241.240.143:80)

TCP (HTTP SSL):
Connects to ec2-54-200-125-198.us-west-2.compute.amazonaws.com  (54.200.125.198:443)

TCP (HTTP SSL):
Connects to ec2-52-52-87-56.us-west-1.compute.amazonaws.com  (52.52.87.56:443)

TCP (HTTP):
Connects to ec2-52-5-232-222.compute-1.amazonaws.com  (52.5.232.222:80)

TCP (HTTP SSL):
Connects to a104-82-228-233.deploy.static.akamaitechnologies.com  (104.82.228.233:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-lhr3.fbcdn.net  (31.13.90.6:443)

TCP (HTTP):
Connects to server-54-230-11-32.lhr3.r.cloudfront.net  (54.230.11.32:80)

TCP (HTTP):
Connects to server-54-230-11-23.lhr3.r.cloudfront.net  (54.230.11.23:80)

TCP (HTTP):
Connects to server-54-230-11-195.lhr3.r.cloudfront.net  (54.230.11.195:80)

TCP (HTTP SSL):
Connects to server-54-192-83-214.mia50.r.cloudfront.net  (54.192.83.214:443)

Remove 1679282a48f5a9a625f8e688c29d464f.exe - Powered by Reason Core Security