1f60232f7106bd3d373a39d5a408ebaf.exe

The application 1f60232f7106bd3d373a39d5a408ebaf.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 49833 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Version:
2.40.2.19

MD5:
11cb5206f2129bd0919b9e67ce268b58

SHA-1:
d7f63d3cf4c0d54b3334c1cae0f0024faeb20166

SHA-256:
d7dbb86cf315ac2bc49829d131a29eb3052feb84559bfc1b5ea64be441d846af

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 3:29:09 PM UTC  (today)

Scan engine
Detection
Engine version

F-Secure
Gen:Variant.MSILPerseus.2620
5.15.21

Reason Heuristics
PUP.Wajam.Meta (M)
16.1.6.0

File size:
494.5 KB (506,368 bytes)

Product version:
2.40.2.19

Original file name:
JWK5ZB.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wanetworkenhancer\wanetworkenhancer internet enhancer\1f60232f7106bd3d373a39d5a408ebaf.exe

File PE Metadata
Compilation timestamp:
12/25/2015 12:45:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:yq1WR2qK7mYHRhD8VXWUqMzydv7SATr0skfnpGP7xC8ybRs:v1WEMUt6/pesy

Entry address:
0x7CEEE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.7959

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
492 KB (503,808 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49833/

Local host port:
49833

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-50-17-205-172.compute-1.amazonaws.com  (50.17.205.172:80)

TCP (HTTP):
Connects to ip-184-168-221-43.ip.secureserver.net  (184.168.221.43:80)

TCP (HTTP):
Connects to ec2-54-221-252-20.compute-1.amazonaws.com  (54.221.252.20:80)

TCP (HTTP):
Connects to ec2-23-21-135-41.compute-1.amazonaws.com  (23.21.135.41:80)

TCP (HTTP SSL):
Connects to ec2-52-7-213-116.compute-1.amazonaws.com  (52.7.213.116:443)

TCP (HTTP SSL):
Connects to ec2-52-206-203-23.compute-1.amazonaws.com  (52.206.203.23:443)

TCP (HTTP):
Connects to ec2-54-243-128-145.compute-1.amazonaws.com  (54.243.128.145:80)

TCP (HTTP SSL):
Connects to ec2-52-73-109-231.compute-1.amazonaws.com  (52.73.109.231:443)

TCP (HTTP):
Connects to ec2-54-235-95-208.compute-1.amazonaws.com  (54.235.95.208:80)

TCP (HTTP):
Connects to ec2-54-235-86-71.compute-1.amazonaws.com  (54.235.86.71:80)

TCP (HTTP):
Connects to server-52-84-25-160.sea32.r.cloudfront.net  (52.84.25.160:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (52.216.0.176:80)

TCP (HTTP):
Connects to https-69-28-164-128.dal.llnw.net  (69.28.164.128:80)

TCP (HTTP SSL):
Connects to ec2-52-6-82-78.compute-1.amazonaws.com  (52.6.82.78:443)

TCP (HTTP SSL):
Connects to ec2-35-162-61-205.us-west-2.compute.amazonaws.com  (35.162.61.205:443)

TCP (HTTP SSL):
Connects to ec2-184-72-255-181.compute-1.amazonaws.com  (184.72.255.181:443)

TCP (HTTP SSL):
Connects to a24-01-03.opera.com  (37.228.108.171:443)

TCP (HTTP):
Connects to w04.ttms.eu  (46.105.156.76:80)

TCP (HTTP):
Connects to vip142.ssl.hwcdn.net  (205.185.208.142:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

Remove 1f60232f7106bd3d373a39d5a408ebaf.exe - Powered by Reason Core Security