internetenhancer.exe

Internet Enhancer

The application internetenhancer.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 49263 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address xx-fbcdn-shv-01-mxp1.fbcdn.net on port 443.
Product:
Internet Enhancer

Version:
2.21.2.22

MD5:
a75dc8b50a499d848b7802949c7e173e

SHA-1:
071800fed5b35c883d810bcbd86f6bacb472fba0

SHA-256:
48e2307a527a3e3a166bca862a867f752b55eeb4c9148e3ffab48cc82c06b9f5

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 2:30:32 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.534478
664

Agnitum Outpost
Riskware.Agent
7.1.1

Baidu Antivirus
Adware.Win32.WInterEnhance
4.0.3.15412

Bitdefender
Gen:Variant.Adware.Kazy.534478
1.0.20.510

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.534478
8.15.04.12.04

ESET NOD32
MSIL/Wajam.B potentially unwanted (variant)
9.11452

F-Secure
Gen:Variant.Adware.Kazy
11.2015-12-04_1

G Data
Gen:Variant.Adware.Kazy.534478
15.4.25

K7 AntiVirus
Trojan
13.202.15544

Malwarebytes
PUP.Optional.Wajam.A
v2015.04.12.04

McAfee
Artemis!A75DC8B50A49
5600.6798

MicroWorld eScan
Gen:Variant.Adware.Kazy.534478
16.0.0.306

Trend Micro House Call
TROJ_GEN.R000C0OB615
7.2.102

Trend Micro
TROJ_GEN.R000C0OB615
10.465.12

VIPRE Antivirus
Trojan.Win32.Generic
39206

File size:
81.5 KB (83,456 bytes)

Product version:
2.21.2.22

Copyright:
Copyright © 2014

Original file name:
WajamInternetEnhancer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\winterenhance\winterenhance internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
12/19/2014 10:52:39 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:6Hj7Gf8IVUDrQdF3bVS4h70uIatOvI5jdOB:6Hj7Gf8DD9C7XtWIs

Entry address:
0x15B0E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8406

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
79 KB (80,896 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49263/

Local host port:
49263

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to svenskaspel.se  (78.108.15.193:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:80)

TCP (HTTP SSL):
Connects to ec2-52-6-82-78.compute-1.amazonaws.com  (52.6.82.78:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to ec2-52-2-10-61.compute-1.amazonaws.com  (52.2.10.61:443)

TCP (HTTP):
Connects to a-0003.a-msedge.net  (204.79.197.203:80)

TCP (HTTP SSL):
Connects to wb-in-f155.1e100.net  (66.102.1.155:443)

TCP (HTTP):
Connects to tacoda-atwola-prod-mtc-b.evip.aol.com  (64.12.228.10:80)

TCP (HTTP):
Connects to server-54-192-216-42.mrs50.r.cloudfront.net  (54.192.216.42:80)

TCP (HTTP):
Connects to s80a.ddc.akamai.com  (92.122.125.80:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:80)

TCP (HTTP):
Connects to ns211294.ip-188-165-213.eu  (188.165.213.21:80)

TCP (HTTP):
Connects to msnbot-207-46-194-10.search.msn.com  (207.46.194.10:80)

TCP (HTTP):
Connects to ec2-54-247-84-124.eu-west-1.compute.amazonaws.com  (54.247.84.124:80)

TCP (HTTP):
Connects to ec2-54-221-252-20.compute-1.amazonaws.com  (54.221.252.20:80)

TCP (HTTP):

TCP (HTTP):
Connects to ec2-52-54-228-37.compute-1.amazonaws.com  (52.54.228.37:80)

TCP (HTTP):
Connects to ec2-52-50-196-247.eu-west-1.compute.amazonaws.com  (52.50.196.247:80)

TCP (HTTP):
Connects to ec2-50-16-233-191.compute-1.amazonaws.com  (50.16.233.191:80)

TCP (HTTP):
Connects to ec2-46-137-80-249.eu-west-1.compute.amazonaws.com  (46.137.80.249:80)

Remove internetenhancer.exe - Powered by Reason Core Security