de5cd11af4aed77ab50d0b638e5664fb.exe

The application de5cd11af4aed77ab50d0b638e5664fb.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 61595 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Version:
2.40.2.27

MD5:
b020489cadbb58243510004e75164c53

SHA-1:
5a98f0e1799733f3f38d013c7ac3b3619956dfeb

SHA-256:
1ef1f892e25252f44ab4dac3f3050895561c88cc4c3875eb1ba152296a40172b

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/22/2024 9:20:58 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Sality.AT
7.11.30.172

F-Secure
Win32.Sality.3
5.05.7110

Reason Heuristics
PUP.Wajam.Meta (M)
16.1.14.17

File size:
491 KB (502,784 bytes)

Product version:
2.40.2.27

Original file name:
AFC44F.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wanetworkenhancer\wanetworkenhancer internet enhancer\de5cd11af4aed77ab50d0b638e5664fb.exe

File PE Metadata
Compilation timestamp:
1/3/2016 9:22:25 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:mcm3xxPuTq01Cc66r8SrJOVWWzIZ/tGVO4ulKKdariybRs:9+xxKglCV/

Entry address:
0x7C0BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.8005

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
488.5 KB (500,224 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:61595/

Local host port:
61595

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to a23-12-154-146.deploy.static.akamaitechnologies.com  (23.12.154.146:443)

TCP (HTTP SSL):
Connects to a23-12-172-168.deploy.static.akamaitechnologies.com  (23.12.172.168:443)

TCP (HTTP):

TCP (HTTP):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:80)

TCP (HTTP SSL):
Connects to a23-12-150-130.deploy.static.akamaitechnologies.com  (23.12.150.130:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to a23-222-27-60.deploy.static.akamaitechnologies.com  (23.222.27.60:443)

TCP (HTTP):
Connects to ec2-23-21-139-158.compute-1.amazonaws.com  (23.21.139.158:80)

TCP (HTTP):
Connects to cdn-203-77-188-254.hkg.llnw.net  (203.77.188.254:80)

TCP (HTTP):

TCP (HTTP):
Connects to ec2-54-243-238-196.compute-1.amazonaws.com  (54.243.238.196:80)

TCP (HTTP):
Connects to ec2-54-225-194-96.compute-1.amazonaws.com  (54.225.194.96:80)

TCP (HTTP):
Connects to ec2-23-23-129-47.compute-1.amazonaws.com  (23.23.129.47:80)

TCP (HTTP):
Connects to vip0x024.map2.ssl.hwcdn.net  (209.197.3.36:80)

TCP (HTTP SSL):
Connects to server-52-84-174-228.gru50.r.cloudfront.net  (52.84.174.228:443)

TCP (HTTP SSL):
Connects to server-52-84-174-217.gru50.r.cloudfront.net  (52.84.174.217:443)

TCP (HTTP):
Connects to ec2-107-20-162-204.compute-1.amazonaws.com  (107.20.162.204:80)

TCP (HTTP SSL):
Connects to a23-37-71-203.deploy.static.akamaitechnologies.com  (23.37.71.203:443)

TCP (HTTP):
Connects to server-54-192-209-34.mnl50.r.cloudfront.net  (54.192.209.34:80)

TCP (HTTP):
Connects to server-54-192-209-30.mnl50.r.cloudfront.net  (54.192.209.30:80)

Remove de5cd11af4aed77ab50d0b638e5664fb.exe - Powered by Reason Core Security