67b5399c36e11ac1b6fb0741783fcf64.exe

The application 67b5399c36e11ac1b6fb0741783fcf64.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 52541 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Version:
2.36.2.62

MD5:
402a54304f2f956f586682be0792dadf

SHA-1:
42ff674c1c60622ff6bb96973b820980ef60625f

SHA-256:
a634863516ff8611ef78270631e5c088441a61395d7bb3bc5c630805898902f2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 11:32:04 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Meta (M)
16.2.9.22

File size:
370 KB (378,880 bytes)

Product version:
2.36.2.62

Original file name:
BKZWX3.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\waintenhancer\waintenhancer internet enhancer\67b5399c36e11ac1b6fb0741783fcf64.exe

File PE Metadata
Compilation timestamp:
9/15/2015 8:30:21 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:e9IiJxvdu3383kUKm8FLfAztDG/vMDA9wWLg1U664ofDLnR/gkZ/JrxSTB:0IiJU383/3+oBjCLg1U6mfDLnR/gkDxo

Entry address:
0x5DC3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.9088

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
367.5 KB (376,320 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:52541/

Local host port:
52541

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to kvmde29-9782.fornex.org  (91.228.155.160:80)

TCP (HTTP):
Connects to mail.tdt.edu.vn  (119.17.254.79:80)

TCP (HTTP SSL):
Connects to 125.234.55.44.hcm.viettel.vn  (125.234.55.44:443)

TCP (HTTP):
Connects to mail.mmg.vn  (42.112.31.59:80)

TCP (HTTP):
Connects to coccoc.com  (123.30.175.40:80)

TCP (HTTP SSL):
Connects to 125.234.51.214.hcm.viettel.vn  (125.234.51.214:443)

TCP (HTTP SSL):
Connects to 125.234.48.54.hcm.viettel.vn  (125.234.48.54:443)

TCP (HTTP):
Connects to c4.3e.559e.ip4.static.sl-reverse.com  (158.85.62.196:80)

TCP (HTTP SSL):
Connects to 94.31.29.55.IPYX-077437-ZYO.above.net  (94.31.29.55:443)

TCP (HTTP):
Connects to 80.211.186.35.bc.googleusercontent.com  (35.186.211.80:80)

TCP (HTTP):
Connects to 23.193.186.35.bc.googleusercontent.com  (35.186.193.23:80)

TCP (HTTP SSL):
Connects to 125.234.54.183.hcm.viettel.vn  (125.234.54.183:443)

TCP (HTTP SSL):
Connects to 125.234.51.216.hcm.viettel.vn  (125.234.51.216:443)

TCP (HTTP):
Connects to server-54-239-132-4.sfo9.r.cloudfront.net  (54.239.132.4:80)

TCP (HTTP):
Connects to server-54-239-132-39.sfo9.r.cloudfront.net  (54.239.132.39:80)

TCP (HTTP):
Connects to server-54-239-132-254.sfo9.r.cloudfront.net  (54.239.132.254:80)

TCP (HTTP):
Connects to server-54-239-132-140.sfo9.r.cloudfront.net  (54.239.132.140:80)

TCP (HTTP):
Connects to server-52-84-22-219.sea32.r.cloudfront.net  (52.84.22.219:80)

TCP (HTTP):
Connects to reesak.com  (37.46.131.99:80)

TCP (HTTP):
Connects to hdlroot30.ashampoo.com  (176.28.52.37:80)

Remove 67b5399c36e11ac1b6fb0741783fcf64.exe - Powered by Reason Core Security