internetenhancer.exe

Y50AW9

The application internetenhancer.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address cache.google.com on port 443.
Product:
Y50AW9

Version:
2.34.2.52

MD5:
9fca7b2ecf1243595cabcb2e74b5a907

SHA-1:
13d0a36691bd6a24a9d6453d3627cf806939d7ad

SHA-256:
c288ef46b1d5367a1e96716f5bbe5c25fbe1d07d9d70e63af5d97075b0e5621e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 11:25:57 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Meta (M)
16.1.29.8

File size:
260.5 KB (266,752 bytes)

Product version:
2.34.2.52

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wainterenhancer\wainterenhancer internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
8/7/2015 7:25:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:Tw+OuzdHZc5IBne+91OqvOzJBBelxNgpIYi63dr5C292PnZrI1D6+C496C8rJxgI:HDh5cCjXOzp46IYjd029krIj8rJxs

Entry address:
0x427DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 68, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.1340

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
258 KB (264,192 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to a104-92-198-216.deploy.static.akamaitechnologies.com  (104.92.198.216:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to a104-92-211-48.deploy.static.akamaitechnologies.com  (104.92.211.48:443)

TCP (HTTP SSL):
Connects to adobe.com.ssl.d1.sc.omtrdc.net  (63.140.32.55:443)

TCP (HTTP):
Connects to a104-92-217-242.deploy.static.akamaitechnologies.com  (104.92.217.242:80)

TCP (HTTP SSL):
Connects to a104-92-217-161.deploy.static.akamaitechnologies.com  (104.92.217.161:443)

TCP (HTTP):
Connects to ec2-52-5-19-74.compute-1.amazonaws.com  (52.5.19.74:80)

TCP (HTTP SSL):
Connects to a104-92-198-59.deploy.static.akamaitechnologies.com  (104.92.198.59:443)

TCP (HTTP):
Connects to www964.sakura.ne.jp  (219.94.128.204:80)

TCP (HTTP):
Connects to vip080.ssl.hwcdn.net  (205.185.208.80:80)

TCP (HTTP SSL):
Connects to msnbot-157-55-109-226.search.msn.com  (157.55.109.226:443)

TCP (HTTP):
Connects to ec2-54-236-167-46.compute-1.amazonaws.com  (54.236.167.46:80)

TCP (HTTP):
Connects to cdn-69-164-46-253.mde.llnw.net  (69.164.46.253:80)

TCP (HTTP SSL):
Connects to cache.google.com  (181.48.254.15:443)

TCP (HTTP SSL):
Connects to a23-37-80-60.deploy.static.akamaitechnologies.com  (23.37.80.60:443)

TCP (HTTP):
Connects to spdc.pbp.vip.bf1.yahoo.com  (98.139.225.35:80)

TCP (HTTP SSL):
Connects to server-54-239-172-37.atl50.r.cloudfront.net  (54.239.172.37:443)

TCP (HTTP SSL):
Connects to server-54-192-83-159.mia50.r.cloudfront.net  (54.192.83.159:443)

TCP (HTTP SSL):
Connects to server-54-192-159-179.sin3.r.cloudfront.net  (54.192.159.179:443)

TCP (HTTP):
Connects to ip-50-63-202-45.ip.secureserver.net  (50.63.202.45:80)

Remove internetenhancer.exe - Powered by Reason Core Security