home

a553337b34a03058541fd1604e06ea4a.exe

The application a553337b34a03058541fd1604e06ea4a.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 49711 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Version:
2.40.2.46

MD5:
1b0da2c6d8d8d24fb3922a003bf536df

SHA-1:
401cb1e176aaa1ac5ea446cf97f9f794df299e87

SHA-256:
2609f2279e3a23bce9ad215eec0990e56cb31419afada1952f876bff60af3b92

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 2:46:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Meta (M)
16.1.25.15

File size:
490 KB (501,760 bytes)

Product version:
2.40.2.46

Original file name:
ZT9B83.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wanetworkenhancer\wanetworkenhancer internet enhancer\a553337b34a03058541fd1604e06ea4a.exe

File PE Metadata
Compilation timestamp:
1/18/2016 11:42:10 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:+yLLlsb1na0nP5/GF/w0Bdclvc/qdcZV1OiSZIrKPsFwJhVfQoHvybRs:+MRzdM5

Entry address:
0x7BCBE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
487.5 KB (499,200 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49711/

Local host port:
49711

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a184-25-109-40.deploy.static.akamaitechnologies.com  (184.25.109.40:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-sin6.facebook.com  (157.240.7.20:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sin6.facebook.com  (157.240.7.35:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sin6.fbcdn.net  (157.240.7.26:443)

TCP (HTTP):
Connects to ip-166-62-27-144.ip.secureserver.net  (166.62.27.144:80)

TCP (HTTP):
Connects to ec2-54-235-149-64.compute-1.amazonaws.com  (54.235.149.64:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-sit4.facebook.com  (31.13.78.13:443)

TCP (HTTP):
Connects to ec2-52-201-148-141.compute-1.amazonaws.com  (52.201.148.141:80)

TCP (HTTP):
Connects to k2questions.com  (85.195.100.180:80)

TCP (HTTP SSL):
Connects to edge-video-shv-01-sin6.fbcdn.net  (157.240.7.21:443)

TCP (HTTP SSL):
Connects to edge-atlas-shv-01-sin6.facebook.com  (157.240.7.8:443)

TCP (HTTP):
Connects to ec2-54-197-251-114.compute-1.amazonaws.com  (54.197.251.114:80)

TCP (HTTP SSL):
Connects to ec2-52-73-109-231.compute-1.amazonaws.com  (52.73.109.231:443)

TCP (HTTP SSL):
Connects to ec2-52-7-213-116.compute-1.amazonaws.com  (52.7.213.116:443)

TCP (HTTP):
Connects to a184-25-109-18.deploy.static.akamaitechnologies.com  (184.25.109.18:80)

TCP (HTTP):
Connects to a184-25-109-16.deploy.static.akamaitechnologies.com  (184.25.109.16:80)

TCP (HTTP):
Connects to 62-210-125-163.rev.poneytelecom.eu  (62.210.125.163:80)

TCP (HTTP SSL):
Connects to 163-172-113-28.rev.poneytelecom.eu  (163.172.113.28:443)

TCP (HTTP SSL):
Connects to whatsapp-cdn-shv-01-sit4.fbcdn.net  (31.13.78.53:443)

Remove a553337b34a03058541fd1604e06ea4a.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.