8dda4b771a8b9ff7908171c045da8d64.exe

The application 8dda4b771a8b9ff7908171c045da8d64.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 57740 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address 50-87-222-212.unifiedlayer.com on port 80 using the HTTP protocol.
Version:
2.40.2.23

MD5:
f9bbf1054fac562b5bbe8c67841018fd

SHA-1:
87ed075556c9b45f8dc0c44011abbb2e3c1d4756

SHA-256:
22523956dba13547ced8779dc070d89b49355c23fb71d6729035a808a0bffee7

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/26/2024 11:15:59 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

F-Secure
Gen:Variant.MSILPerseus.2620
5.15.21

Reason Heuristics
PUP.Wajam.Meta (M)
16.1.6.0

File size:
487.5 KB (499,200 bytes)

Product version:
2.40.2.23

Original file name:
4SENQ7.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wanetworkenhancer\wanetworkenhancer internet enhancer\8dda4b771a8b9ff7908171c045da8d64.exe

File PE Metadata
Compilation timestamp:
12/27/2015 9:02:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:R/ROBHWgpRu+hWeUpslW8yIOQDWbEqTPVOg0lduI8KXybRs:R/wHOpslWPZKL

Entry address:
0x7B23E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.8035

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
485 KB (496,640 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:57740/

Local host port:
57740

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to bto-04-017.bto.ras.cantv.net  (200.44.23.145:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-02-mia1.fbcdn.net  (157.240.0.22:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-mia1.facebook.com  (31.13.73.36:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-mia1.facebook.com  (31.13.73.1:443)

TCP (HTTP SSL):
Connects to bto-04-034.bto.ras.cantv.net  (200.44.23.162:443)

TCP (HTTP SSL):
Connects to a23-74-2-106.deploy.static.akamaitechnologies.com  (23.74.2.106:443)

TCP (HTTP SSL):
Connects to a184-51-126-90.deploy.static.akamaitechnologies.com  (184.51.126.90:443)

TCP (HTTP SSL):
Connects to server-52-85-142-139.iad12.r.cloudfront.net  (52.85.142.139:443)

TCP (HTTP):
Connects to ec2-54-243-238-196.compute-1.amazonaws.com  (54.243.238.196:80)

TCP (HTTP):
Connects to m218-mp1.cvx2-c.lng.dial.ntli.net  (62.252.188.218:80)

TCP (HTTP):
Connects to ec2-52-30-226-196.eu-west-1.compute.amazonaws.com  (52.30.226.196:80)

TCP (HTTP):
Connects to ec2-52-213-35-52.eu-west-1.compute.amazonaws.com  (52.213.35.52:80)

TCP (HTTP SSL):
Connects to bto-04-033.bto.ras.cantv.net  (200.44.23.161:443)

TCP (HTTP SSL):
Connects to a23-74-2-58.deploy.static.akamaitechnologies.com  (23.74.2.58:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:80)

TCP (HTTP SSL):
Connects to d3-5-1-1-25-0.a00.nycmny03.us.ra.verio.net  (165.254.138.97:443)

TCP (HTTP SSL):
Connects to a23-34-57-130.deploy.static.akamaitechnologies.com  (23.34.57.130:443)

TCP (HTTP):

TCP (HTTP):
Connects to sync.1dmp.io  (136.243.6.169:80)

TCP (HTTP):
Connects to ns346140.ip-37-187-173.eu  (37.187.173.73:80)

Remove 8dda4b771a8b9ff7908171c045da8d64.exe - Powered by Reason Core Security