582fbcfa731b8932774fd03dcd8383ac.exe

The application 582fbcfa731b8932774fd03dcd8383ac.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Version:
2.40.2.50

MD5:
aaa2d3473346cc0e90578a14b18becc7

SHA-1:
0a3f479f850dec7c8ef701c90a80663d5d6f0700

SHA-256:
121dc8064de0c03b142ef445252fd999d4f30db0dd79dd6ecea18e0f672d3329

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 10:48:42 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Meta (M)
16.1.27.14

File size:
494 KB (505,856 bytes)

Product version:
2.40.2.50

Original file name:
WMCLPK.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wanetworkenhancer\wanetworkenhancer internet enhancer\582fbcfa731b8932774fd03dcd8383ac.exe

File PE Metadata
Compilation timestamp:
1/20/2016 1:15:57 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:UupR80J8GXSIip8TYgTlnejPgUoon8xvDybRs:UujJaMEUzRf

Entry address:
0x7CC7E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
491.5 KB (503,296 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sit4.facebook.com  (31.13.78.35:443)

TCP (HTTP):
Connects to 6bb6e9d9.setaptr.net  (107.182.233.217:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sit4.fbcdn.net  (31.13.78.17:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sin6.fbcdn.net  (157.240.7.26:443)

TCP (HTTP):
Connects to ip186.208-100-17.static.steadfastdns.net  (208.100.17.186:80)

TCP (HTTP):
Connects to ip185.208-100-17.static.steadfastdns.net  (208.100.17.185:80)

TCP (HTTP):
Connects to ec2-54-232-194-13.sa-east-1.compute.amazonaws.com  (54.232.194.13:80)

TCP (HTTP):
Connects to ec2-54-207-34-156.sa-east-1.compute.amazonaws.com  (54.207.34.156:80)

TCP (HTTP):
Connects to ec2-54-165-162-37.compute-1.amazonaws.com  (54.165.162.37:80)

TCP (HTTP):
Connects to ec2-52-73-178-249.compute-1.amazonaws.com  (52.73.178.249:80)

TCP (HTTP):
Connects to ec2-107-21-248-242.compute-1.amazonaws.com  (107.21.248.242:80)

TCP (HTTP):
Connects to b2.f1.2bd0.ip4.static.sl-reverse.com  (208.43.241.178:80)

TCP (HTTP):
Connects to amung.us  (67.202.94.94:80)

TCP (HTTP):
Connects to a23-45-217-208.deploy.static.akamaitechnologies.com  (23.45.217.208:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-sit4.facebook.com  (31.13.78.13:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-sin6.facebook.com  (157.240.7.20:443)

TCP (HTTP):
Connects to unallocated.barefruit.co.uk  (92.242.143.8:80)

TCP (HTTP):
Connects to uk.node.quickweb.co.nz  (146.185.29.13:80)

TCP (HTTP):
Connects to spcms.pbp.vip.bf1.yahoo.com  (72.30.202.150:80)

TCP (HTTP):
Connects to server-54-192-159-153.sin3.r.cloudfront.net  (54.192.159.153:80)

Remove 582fbcfa731b8932774fd03dcd8383ac.exe - Powered by Reason Core Security