f4c3fccbbbaefc2a542ade6b2a5be091.exe

The application f4c3fccbbbaefc2a542ade6b2a5be091.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 51358 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Version:
2.37.2.22

MD5:
c611816559bd38c78b9a96be1df89093

SHA-1:
4fbf2cf60a689c91e8f6b4c1951b885b9851fb81

SHA-256:
11d2ab1a5394b6877906327ed7f1bea5d1f970db2aec6dd9379b5db549cec473

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
11/25/2024 3:53:52 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.759591
456

Arcabit
Trojan.Kazy.DB9727
1.0.0.585

Baidu Antivirus
Adware.Win32.Wajam
4.0.3.15116

Bitdefender
Gen:Variant.Kazy.759591
1.0.20.1550

Emsisoft Anti-Malware
Gen:Variant.Kazy.759591
8.15.11.06.07

F-Secure
Gen:Variant.Kazy.759538
11.2015-06-11_6

G Data
Gen:Variant.Kazy.759591
15.11.25

MicroWorld eScan
Gen:Variant.Kazy.759591
16.0.0.930

Reason Heuristics
PUP.Wajam.Meta (M)
16.2.9.22

Rising Antivirus
PE:Malware.RDM.32!5.26[F1]
23.00.65.151004

Zillya! Antivirus
Adware.AdGazelle.Win32.1271
2.0.0.2484

File size:
310 KB (317,440 bytes)

Product version:
2.37.2.22

Original file name:
MLCN54.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wajaintenhancer\wajaintenhancer internet enhancer\f4c3fccbbbaefc2a542ade6b2a5be091.exe

File PE Metadata
Compilation timestamp:
10/5/2015 9:25:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:HhplnqAfKB4Kt94XP77say96hm1WPcGkT9KQy0FDGOjRn0Us+97It:BplnC44c7W96hmKc7Xy8qO1/97It

Entry address:
0x4EC7E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.9067

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
307.5 KB (314,880 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:51358/

Local host port:
51358

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to vip154.ssl.hwcdn.net  (205.185.208.154:80)

TCP (HTTP):
Connects to v-5-226-d2816-169.webazilla.com  (78.140.181.169:80)

TCP (HTTP SSL):
Connects to t5-ha.ycpi.sgb.yahoo.com  (119.161.11.11:443)

TCP (HTTP):
Connects to server-54-230-150-56.sin2.r.cloudfront.net  (54.230.150.56:80)

TCP (HTTP):
Connects to server-54-230-150-232.sin2.r.cloudfront.net  (54.230.150.232:80)

TCP (HTTP):
Connects to server-54-230-141-130.sfo5.r.cloudfront.net  (54.230.141.130:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.115.59:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:80)

TCP (HTTP):
Connects to map2.hwcdn.net  (205.185.216.10:80)

TCP (HTTP):
Connects to ip-184-168-221-33.ip.secureserver.net  (184.168.221.33:80)

TCP (HTTP):
Connects to ec2-54-225-136-136.compute-1.amazonaws.com  (54.225.136.136:80)

TCP (HTTP SSL):
Connects to ec2-54-214-11-203.us-west-2.compute.amazonaws.com  (54.214.11.203:443)

TCP (HTTP):
Connects to ec2-52-72-2-237.compute-1.amazonaws.com  (52.72.2.237:80)

TCP (HTTP SSL):
Connects to ec2-52-43-91-163.us-west-2.compute.amazonaws.com  (52.43.91.163:443)

TCP (HTTP):
Connects to ec2-23-23-73-245.compute-1.amazonaws.com  (23.23.73.245:80)

TCP (HTTP):
Connects to ec2-107-20-235-208.compute-1.amazonaws.com  (107.20.235.208:80)

TCP (HTTP):
Connects to dd.e7.25ae.ip4.static.sl-reverse.com  (174.37.231.221:80)

TCP (HTTP):
Connects to cdn-117-121-249-254.sin.llnw.net  (117.121.249.254:80)

TCP (HTTP):
Connects to a23-212-113-245.deploy.static.akamaitechnologies.com  (23.212.113.245:80)

TCP (HTTP):

Remove f4c3fccbbbaefc2a542ade6b2a5be091.exe - Powered by Reason Core Security