fc77f494f1cee22a411a20591ebe08ee.exe

The application fc77f494f1cee22a411a20591ebe08ee.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 59253 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address 125.234.50.222.hcm.viettel.vn on port 443.
Version:
2.37.2.18

MD5:
fe51db1a57761273eaa67afe6c06b548

SHA-1:
be194ee47b06e6cb61a001756d069b100161a620

SHA-256:
ea08afe78361e0caa9aaa4341caa31e6bd067b6157a1dc29a8b9627df318e8a8

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 7:23:35 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.759538
458

Arcabit
Trojan.Kazy.DB96F2
1.0.0.585

Baidu Antivirus
Adware.Win32.Wajam
4.0.3.15113

Bitdefender
Gen:Variant.Kazy.759538
1.0.20.1535

Emsisoft Anti-Malware
Gen:Variant.Kazy.759538
8.15.11.03.04

F-Secure
Gen:Variant.Kazy.759538
11.2015-03-11_3

G Data
Gen:Variant.Kazy.759538
15.11.25

MicroWorld eScan
Gen:Variant.Kazy.759538
16.0.0.921

Reason Heuristics
PUP.Wajam.Meta (M)
16.2.9.22

Rising Antivirus
PE:Malware.RDM.32!5.26[F1]
23.00.65.151001

File size:
312.5 KB (320,000 bytes)

Product version:
2.37.2.18

Original file name:
6FBTNR.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wajaintenhancer\wajaintenhancer internet enhancer\fc77f494f1cee22a411a20591ebe08ee.exe

File PE Metadata
Compilation timestamp:
9/29/2015 8:49:56 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:gC3xcW7i4Xshq7b/7q0qn8Bq6uR8xCsOR9Zz5oBG/63:gC377i/6zon8Bq6a8xCtR9bUC63

Entry address:
0x4F61E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.8955

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
310 KB (317,440 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:59253/

Local host port:
59253

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.vnpt.vn  (222.255.27.120:80)

TCP (HTTP):
Connects to stde9-32.fornex.org  (91.228.155.39:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-hkg3.facebook.com  (31.13.95.36:443)

TCP (HTTP SSL):
Connects to coccoc.com  (123.30.175.11:443)

TCP (HTTP SSL):
Connects to 125.234.55.83.hcm.viettel.vn  (125.234.55.83:443)

TCP (HTTP):
Connects to 125.234.51.16.hcm.viettel.vn  (125.234.51.16:80)

TCP (HTTP):
Connects to ec2-54-243-128-145.compute-1.amazonaws.com  (54.243.128.145:80)

TCP (HTTP SSL):
Connects to 125.235.36.98.adsl.viettel.vn  (125.235.36.98:443)

TCP (HTTP SSL):
Connects to 125.234.55.35.hcm.viettel.vn  (125.234.55.35:443)

TCP (HTTP SSL):
Connects to 125.234.52.227.hcm.viettel.vn  (125.234.52.227:443)

TCP (HTTP SSL):
Connects to 125.234.50.162.hcm.viettel.vn  (125.234.50.162:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:80)

TCP (HTTP SSL):
Connects to mc.yandex.ru  (87.250.251.119:443)

TCP (HTTP):
Connects to ec2-54-235-182-183.compute-1.amazonaws.com  (54.235.182.183:80)

TCP (HTTP):
Connects to ec2-34-199-139-174.compute-1.amazonaws.com  (34.199.139.174:80)

TCP (HTTP SSL):
Connects to d-nb.xplusone.com  (199.38.164.156:443)

TCP (HTTP):
Connects to d117155146.ppp117155.cyberway.com.sg  (203.117.155.146:80)

TCP (HTTP SSL):
Connects to 125.234.55.44.hcm.viettel.vn  (125.234.55.44:443)

TCP (HTTP SSL):
Connects to 125.234.55.246.hcm.viettel.vn  (125.234.55.246:443)

TCP (HTTP SSL):
Connects to 125.234.55.20.hcm.viettel.vn  (125.234.55.20:443)

Remove fc77f494f1cee22a411a20591ebe08ee.exe - Powered by Reason Core Security