a43cefc7caac325a89291dbee39d6213.exe

The application a43cefc7caac325a89291dbee39d6213.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 49973 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Version:
2.40.2.36

MD5:
9854e0d71a0e5b27ce1ff5c8b75db317

SHA-1:
6e7b8515daf7139c94ce9638cc8be89b0bab812d

SHA-256:
778c78ab694d790bf715a4350501e9b1383dc6cb873893db6503d788bf5e808b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 1:40:52 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Meta (M)
16.1.14.15

File size:
489.5 KB (501,248 bytes)

Product version:
2.40.2.36

Original file name:
SEPJPH.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wanetworkenhancer\wanetworkenhancer internet enhancer\a43cefc7caac325a89291dbee39d6213.exe

File PE Metadata
Compilation timestamp:
1/12/2016 7:19:10 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:X47y6pIctnFm0rSkUgMyrZv05kb7l3mFoezkod9n/ybRs:X47VIKWkb7itH7

Entry address:
0x7BB7E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.8031

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
487 KB (498,688 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49973/

Local host port:
49973

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to PMPL_13.179.251.43_Cache.Google.Com  (43.251.179.13:80)

TCP (HTTP):
Connects to sg2plpkivs-v03.any.prod.sin2.secureserver.net  (182.50.136.239:80)

TCP (HTTP):
Connects to a96-17-182-122.deploy.akamaitechnologies.com  (96.17.182.122:80)

TCP (HTTP):
Connects to 151.bm-nginx-loadbalancer.mgmt.sin1.adnexus.net  (103.243.221.87:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:80)

TCP (HTTP):
Connects to bitcast-b.bitgravity.com  (208.67.238.238:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP SSL):
Connects to a23-57-210-244.deploy.static.akamaitechnologies.com  (23.57.210.244:443)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a23-207-145-160.deploy.static.akamaitechnologies.com  (23.207.145.160:80)

TCP (HTTP SSL):
Connects to a23-207-142-249.deploy.static.akamaitechnologies.com  (23.207.142.249:443)

TCP (HTTP):
Connects to a184-84-110-209.deploy.static.akamaitechnologies.com  (184.84.110.209:80)

TCP (HTTP SSL):
Connects to a122-252.143-166.deploy.akamaitechnologies.com  (122.252.143.166:443)

TCP (HTTP SSL):
Connects to a122-252.141-207.deploy.akamaitechnologies.com  (122.252.141.207:443)

TCP (HTTP):
Connects to a104-122-11-22.deploy.static.akamaitechnologies.com  (104.122.11.22:80)

TCP (HTTP):
Connects to a-0003.a-msedge.net  (204.79.197.203:80)

Remove a43cefc7caac325a89291dbee39d6213.exe - Powered by Reason Core Security