e78a0761e745d9ee1221eabbd1de957d.exe

The application e78a0761e745d9ee1221eabbd1de957d.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 52687 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address server-54-230-150-192.sin2.r.cloudfront.net on port 80 using the HTTP protocol.
Version:
2.39.2.63

MD5:
5f8e27d28549feed00a00d46dc1acfcf

SHA-1:
9b59e179de4cc0b1993218a4d1d7c2eb4ba0e35d

SHA-256:
34df6d57df612301c5d51c9d569e9ee6ceb12a24de32a9e7e3999e0d48b128e1

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 6:07:19 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.MSILPerseus.2620
429

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.Wajam.Meta (M)
16.2.9.21

File size:
488.5 KB (500,224 bytes)

Product version:
2.39.2.63

Original file name:
HAGF6C.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\wnetenhancer\wnetenhancer internet enhancer\e78a0761e745d9ee1221eabbd1de957d.exe

File PE Metadata
Compilation timestamp:
12/2/2015 1:57:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:ugRQOkh5r7LaXYkTSMZsy2J7O5RfSLNNc1+ybRs:ugSxu3Ut

Entry address:
0x7B6CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.8053

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
486 KB (497,664 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:52687/

Local host port:
52687

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip184.ip-217-182-14.eu  (217.182.14.184:80)

TCP (HTTP):
Connects to ec2-54-235-182-183.compute-1.amazonaws.com  (54.235.182.183:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:443)

TCP (HTTP):
Connects to server-54-230-150-64.sin2.r.cloudfront.net  (54.230.150.64:80)

TCP (HTTP):
Connects to server-54-230-150-174.sin2.r.cloudfront.net  (54.230.150.174:80)

TCP (HTTP SSL):
Connects to n29-05-11.opera.com  (185.26.182.79:443)

TCP (HTTP SSL):
Connects to mc.yandex.ru  (93.158.134.119:443)

TCP (HTTP):
Connects to a23-212-103-172.deploy.static.akamaitechnologies.com  (23.212.103.172:80)

TCP (HTTP SSL):
Connects to a23-15-97-32.deploy.static.akamaitechnologies.com  (23.15.97.32:443)

TCP (HTTP SSL):
Connects to a23-15-109-69.deploy.static.akamaitechnologies.com  (23.15.109.69:443)

TCP (HTTP):
Connects to 1f18e038.setaptr.net  (31.24.224.56:80)

TCP (HTTP SSL):
Connects to 150.bm-nginx-loadbalancer.mgmt.sin1.adnexus.net  (103.243.221.112:443)

TCP (HTTP SSL):
Connects to t2-ha.ycpi.sgb.yahoo.com  (119.161.10.198:443)

TCP (HTTP):
Connects to server-54-230-150-192.sin2.r.cloudfront.net  (54.230.150.192:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.113.251:80)

TCP (HTTP):
Connects to freeroms.com  (216.108.234.132:80)

TCP (HTTP):
Connects to ec2-54-221-203-180.compute-1.amazonaws.com  (54.221.203.180:80)

TCP (HTTP):
Connects to ec2-54-217-251-74.eu-west-1.compute.amazonaws.com  (54.217.251.74:80)

TCP (HTTP SSL):
Connects to ec2-52-72-157-241.compute-1.amazonaws.com  (52.72.157.241:443)

Remove e78a0761e745d9ee1221eabbd1de957d.exe - Powered by Reason Core Security