f14ebcd220f8893b903f0758b256eee1.exe

The application f14ebcd220f8893b903f0758b256eee1.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address bam-2.nr-data.net on port 443.
Version:
2.40.2.57

MD5:
2814db49f1ff4ea5ace8154cd725d8b5

SHA-1:
3f14a77403834ec8b1199b908de7c869d3bbb817

SHA-256:
c0d3eb5f09deed1516edb764c4a3426a2cbe171e620ea2e2e2980d45bf7e619a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 1:34:00 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Meta (M)
16.2.5.15

File size:
491.5 KB (503,296 bytes)

Product version:
2.40.2.57

Original file name:
1F3675.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wanetworkenhancer\wanetworkenhancer internet enhancer\f14ebcd220f8893b903f0758b256eee1.exe

File PE Metadata
Compilation timestamp:
1/26/2016 1:18:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:fZ8tIv6v4MYqOMxLvBR2VQ+iwreiLSwt0ybRs:B86kovM

Entry address:
0x7C20E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.8079

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
489 KB (500,736 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to instagram-p3-shv-01-sin6.fbcdn.net  (157.240.7.52:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:80)

TCP (HTTP):
Connects to IP-130-73-156-104.static.fibrenoire.ca  (104.156.73.130:80)

TCP (HTTP SSL):
Connects to ec2-52-73-109-231.compute-1.amazonaws.com  (52.73.109.231:443)

TCP (HTTP):
Connects to 7d.a0.a86c.ip4.static.sl-reverse.com  (108.168.160.125:80)

TCP (HTTP):
Connects to server-54-192-147-141.sfo4.r.cloudfront.net  (54.192.147.141:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-sit4.facebook.com  (31.13.78.13:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sit4.facebook.com  (31.13.78.35:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sin6.facebook.com  (157.240.7.35:443)

TCP (HTTP):
Connects to ec2-52-202-23-77.compute-1.amazonaws.com  (52.202.23.77:80)

TCP (HTTP):
Connects to a104-93-113-63.deploy.static.akamaitechnologies.com  (104.93.113.63:80)

TCP (HTTP):
Connects to 131.subnet180-250-66.speedy.telkom.net.id  (180.250.66.131:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sit4.fbcdn.net  (31.13.78.17:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-atl3.fbcdn.net  (31.13.65.7:443)

TCP (HTTP SSL):
Connects to edge-z-1-p2-shv-01-sit4.facebook.com  (31.13.78.42:443)

TCP (HTTP):
Connects to ec2-52-204-49-223.compute-1.amazonaws.com  (52.204.49.223:80)

TCP (HTTP SSL):
Connects to bam-2.nr-data.net  (50.31.164.166:443)

TCP (HTTP):

TCP (HTTP):
Connects to a104-93-218-159.deploy.static.akamaitechnologies.com  (104.93.218.159:80)

TCP (HTTP):
Connects to a104-93-112-131.deploy.static.akamaitechnologies.com  (104.93.112.131:80)

Remove f14ebcd220f8893b903f0758b256eee1.exe - Powered by Reason Core Security