8032f53b06b5eb95bdfd9c9153953413.exe

The application 8032f53b06b5eb95bdfd9c9153953413.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 52895 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address b4.e0.559e.ip4.static.sl-reverse.com on port 443.
Version:
2.40.2.13

MD5:
ae57f0234cba89876a7a4689f32916f4

SHA-1:
6dc69d05a45cf4e54ac44af7771b353f410075fe

SHA-256:
5253dc9a1a4d376d3b9f4896eebe2d6cab2e6e52763a6a2eea88df44aede6a51

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 7:00:46 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Meta (M)
16.1.6.0

File size:
487 KB (498,688 bytes)

Product version:
2.40.2.13

Original file name:
8R343Y.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\wanetworkenhancer\wanetworkenhancer internet enhancer\8032f53b06b5eb95bdfd9c9153953413.exe

File PE Metadata
Compilation timestamp:
12/11/2015 12:02:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:1hgmRv1fXxMKClz3rQkUYA3dkMq1Dvqtj+G7JDybRs:1hJxsSFJ

Entry address:
0x7B10E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.8047

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
484.5 KB (496,128 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:52895/

Local host port:
52895

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to 2a.4a.37a9.ip4.static.sl-reverse.com  (169.55.74.42:443)

TCP (HTTP SSL):
Connects to 32.4a.37a9.ip4.static.sl-reverse.com  (169.55.74.50:443)

TCP (HTTP SSL):
Connects to 31.4a.37a9.ip4.static.sl-reverse.com  (169.55.74.49:443)

TCP (HTTP):
Connects to server-52-84-105-230.del51.r.cloudfront.net  (52.84.105.230:80)

TCP (HTTP SSL):
Connects to ec2-52-22-209-164.compute-1.amazonaws.com  (52.22.209.164:443)

TCP (HTTP):
Connects to a104-108-209-166.deploy.static.akamaitechnologies.com  (104.108.209.166:80)

TCP (HTTP):

TCP (HTTP):
Connects to a23-57-237-128.deploy.static.akamaitechnologies.com  (23.57.237.128:80)

TCP (HTTP SSL):
Connects to server-52-84-102-12.del51.r.cloudfront.net  (52.84.102.12:443)

TCP (HTTP):
Connects to ec2-54-243-44-224.compute-1.amazonaws.com  (54.243.44.224:80)

TCP (HTTP SSL):
Connects to ec2-34-200-193-65.compute-1.amazonaws.com  (34.200.193.65:443)

TCP (HTTP SSL):
Connects to 9c.45.37a9.ip4.static.sl-reverse.com  (169.55.69.156:443)

TCP (HTTP SSL):
Connects to b3.e0.559e.ip4.static.sl-reverse.com  (158.85.224.179:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to a104-122-96-98.deploy.static.akamaitechnologies.com  (104.122.96.98:443)

TCP (HTTP):
Connects to static.vnpt.vn  (123.30.60.243:80)

TCP (HTTP):
Connects to mess5.wizzlabs.com  (176.31.106.195:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sin6.facebook.com  (157.240.7.35:443)

TCP (HTTP SSL):
Connects to ec2-52-7-147-1.compute-1.amazonaws.com  (52.7.147.1:443)

TCP (HTTP):
Connects to a104-108-243-210.deploy.static.akamaitechnologies.com  (104.108.243.210:80)

Remove 8032f53b06b5eb95bdfd9c9153953413.exe - Powered by Reason Core Security