b0bf849f686695388d9dfb2dafb0afe3.exe

The application b0bf849f686695388d9dfb2dafb0afe3.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Version:
2.39.2.44

MD5:
2e22958ca565735f5b90d7b2f66af2af

SHA-1:
dd1470ad12ff9430ae5c6bf703205a519d54f8b8

SHA-256:
dd64590a1217a4e447960a3f751deafeb0f294b69ffe70b7b12a94cd4803756d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 2:42:15 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Meta (M)
16.2.9.21

File size:
493.5 KB (505,344 bytes)

Product version:
2.39.2.44

Original file name:
CI75NJ.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wnetenhancer\wnetenhancer internet enhancer\b0bf849f686695388d9dfb2dafb0afe3.exe

File PE Metadata
Compilation timestamp:
11/26/2015 11:02:45 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:gVQO78ZVJ0CJkah3trptSalZUOtt9ONavuqN66VnybRs:gF+VJ0IHl4Nav/VT

Entry address:
0x7CBBE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.8057

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
491 KB (502,784 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sin6.facebook.com  (157.240.7.35:443)

TCP (HTTP):
Connects to server-54-230-87-191.lax3.r.cloudfront.net  (54.230.87.191:80)

TCP (HTTP):
Connects to 45.76.147.53.vultr.com  (45.76.147.53:80)

TCP (HTTP):
Connects to map2.hwcdn.net  (205.185.216.10:80)

TCP (HTTP):
Connects to 131.subnet180-250-66.speedy.telkom.net.id  (180.250.66.131:80)

TCP (HTTP):
Connects to IP-130-73-156-104.static.fibrenoire.ca  (104.156.73.130:80)

TCP (HTTP SSL):
Connects to ec2-54-87-204-118.compute-1.amazonaws.com  (54.87.204.118:443)

TCP (HTTP SSL):
Connects to ec2-52-6-82-78.compute-1.amazonaws.com  (52.6.82.78:443)

TCP (HTTP):
Connects to server-52-85-77-132.lax3.r.cloudfront.net  (52.85.77.132:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sit4.facebook.com  (31.13.78.35:443)

TCP (HTTP SSL):
Connects to ec2-52-7-213-116.compute-1.amazonaws.com  (52.7.213.116:443)

TCP (HTTP):
Connects to 5c.75.c0ad.ip4.static.sl-reverse.com  (173.192.117.92:80)

TCP (HTTP):
Connects to 133.54.211.130.bc.googleusercontent.com  (130.211.54.133:80)

TCP (HTTP):
Connects to securewebaccess.net  (103.20.91.187:80)

TCP (HTTP SSL):
Connects to ec2-52-205-14-132.compute-1.amazonaws.com  (52.205.14.132:443)

TCP (HTTP):
Connects to a96-17-72-24.deploy.akamaitechnologies.com  (96.17.72.24:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-iad3.fbcdn.net  (31.13.69.203:443)

TCP (HTTP):
Connects to vip0x016.map2.ssl.hwcdn.net  (209.197.3.22:80)

TCP (HTTP SSL):
Connects to text-lb.ulsfo.wikimedia.org  (198.35.26.96:443)

Remove b0bf849f686695388d9dfb2dafb0afe3.exe - Powered by Reason Core Security