2655fe5957a426e89c4a2dd9ccda3356.exe

The application 2655fe5957a426e89c4a2dd9ccda3356.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 49768 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Version:
2.36.80.20

MD5:
4a7d9c0f8ec4f8db5a47854ba59fdc80

SHA-1:
a840706638122866dc32e4a0e58fd62fc914fab1

SHA-256:
0d7a26eb08920c3fb0cfe9ff7a314b48a4c909de2b2cc86d2f292f433ae692b8

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 1:27:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Meta (M)
16.2.9.22

File size:
375 KB (384,000 bytes)

Product version:
2.36.80.20

Original file name:
2O7E08.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\waintenhancer\waintenhancer internet enhancer\2655fe5957a426e89c4a2dd9ccda3356.exe

File PE Metadata
Compilation timestamp:
9/15/2015 10:54:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:5EqK86fTZDPtZzjLYUapr/IcxA/pAlOR+4Qeq2wnOjia+oDaQc1eGq76SVa:5w8YVPTnipLIcxA/gcQeq2wOjia+oDal

Entry address:
0x5F08E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
372.5 KB (381,440 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49768/

Local host port:
49768

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:443)

TCP (HTTP):
Connects to p9pn-i.geo.vip.bf1.yahoo.com  (98.139.135.129:80)

TCP (HTTP):
Connects to md5.hackerwatch.org  (161.69.13.35:80)

TCP (HTTP):
Connects to ec2-54-243-238-196.compute-1.amazonaws.com  (54.243.238.196:80)

TCP (HTTP):
Connects to ec2-52-21-162-54.compute-1.amazonaws.com  (52.21.162.54:80)

TCP (HTTP):
Connects to ec2-107-20-162-204.compute-1.amazonaws.com  (107.20.162.204:80)

TCP (HTTP):
Connects to bom07s10-in-f174.1e100.net  (216.58.220.174:80)

TCP (HTTP):
Connects to bom05s08-in-f174.1e100.net  (216.58.199.174:80)

TCP (HTTP):

TCP (HTTP):
Connects to 67-222-59-48.unifiedlayer.com  (67.222.59.48:80)

Remove 2655fe5957a426e89c4a2dd9ccda3356.exe - Powered by Reason Core Security