1bb5524d708568a8825571584118f79a.exe

The application 1bb5524d708568a8825571584118f79a.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 52635 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Version:
2.40.2.9

MD5:
cfc611b51ae32dbceaa48c0df60cc1b0

SHA-1:
7d6c70f57bc7f6b9e81da6c23780fd978bfb8264

SHA-256:
7660d2861255b82a40397bac97b973276fe09ccd31997b8744e24b5e54ed2e0b

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 10:09:10 AM UTC  (today)

Scan engine
Detection
Engine version

F-Secure
Gen:Variant.MSILPerseus.2620
5.15.21

Reason Heuristics
PUP.Wajam.Meta (M)
16.1.6.0

File size:
489.5 KB (501,248 bytes)

Product version:
2.40.2.9

Original file name:
9CJS77.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wanetworkenhancer\wanetworkenhancer internet enhancer\1bb5524d708568a8825571584118f79a.exe

File PE Metadata
Compilation timestamp:
12/9/2015 9:40:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:F5dC6I9iotm5LBYYt+4OwiJNLc/LzT7ZIR4ybRs:FZR6cMO

Entry address:
0x7BAAE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.8026

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
487 KB (498,688 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:52635/

Local host port:
52635

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-192-159-22.sin3.r.cloudfront.net  (54.192.159.22:80)

TCP (HTTP):
Connects to server-54-192-159-121.sin3.r.cloudfront.net  (54.192.159.121:80)

TCP (HTTP SSL):
Connects to a3.91.5177.ip4.static.sl-reverse.com  (119.81.145.163:443)

TCP (HTTP):
Connects to ptr10.adreactor.com  (46.166.179.122:80)

TCP (HTTP):
Connects to ec2-54-68-148-117.us-west-2.compute.amazonaws.com  (54.68.148.117:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP SSL):
Connects to 42.d4.5177.ip4.static.sl-reverse.com  (119.81.212.66:443)

TCP (HTTP):
Connects to a-0001.a-msedge.net  (204.79.197.200:80)

TCP (HTTP):
Connects to 94.31.29.64.IPYX-077437-ZYO.above.net  (94.31.29.64:80)

TCP (HTTP SSL):
Connects to hosted-by.hostspicy.com  (103.194.169.185:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sit4.facebook.com  (31.13.78.35:443)

TCP (HTTP):
Connects to 6bb6e72d.setaptr.net  (107.182.231.45:80)

TCP (HTTP):
Connects to 63.db.0cd8.ip4.static.sl-reverse.com  (216.12.219.99:80)

TCP (HTTP):
Connects to 62.a7.adb8.ip4.static.sl-reverse.com  (184.173.167.98:80)

TCP (HTTP):
Connects to 189.73.154.104.bc.googleusercontent.com  (104.154.73.189:80)

TCP (HTTP):

TCP (HTTP):
Connects to unknown.telstraglobal.net  (210.176.156.25:80)

TCP (HTTP SSL):
Connects to sv1.sendomail.eu  (185.163.109.148:443)

TCP (HTTP):
Connects to server-54-230-108-34.nrt53.r.cloudfront.net  (54.230.108.34:80)

Remove 1bb5524d708568a8825571584118f79a.exe - Powered by Reason Core Security