internetenhancer.exe

RY951N

The application internetenhancer.exe has been detected as a potentially unwanted program by 4 anti-malware scanners.
Product:
RY951N

Version:
2.35.2.70

MD5:
9fc6bb4c0007c5af353fe433924cba77

SHA-1:
247fea4023d95aa9456f105b42818aa455dc1f0c

SHA-256:
fe536b6f1c462e0b7d48499e65d434b99ab54cdf01089a2e64f4a612d46bbed4

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 10:17:08 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.MSIL.Wajam
4.0.3.15825

ESET NOD32
MSIL/Wajam.C potentially unwanted (variant)
9.12144

Reason Heuristics
PUP.Wajam.Meta (M)
15.8.25.6

Rising Antivirus
PE:Trojan.FakeIcon!1.64A5[F1]
23.00.65.15823

File size:
261.5 KB (267,776 bytes)

Product version:
2.35.2.70

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wintenhancer\wintenhancer internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
8/24/2015 9:02:09 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:1ZsAZl82nGNW21WhERnz2swQHMQm6jaWdm2:1mArFnGsIIERqswQHMQm6jaWdm2

Entry address:
0x42A6E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.1340

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
259 KB (265,216 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to xx-fbcdn-shv-01-tpe1.fbcdn.net  (31.13.87.5:80)

TCP (HTTP SSL):
Connects to host-203-133-8-52.ip.kbtelecom.net  (203.133.8.52:443)

TCP (HTTP SSL):
Connects to host-203-133-8-241.ip.kbtelecom.net  (203.133.8.241:443)

TCP (HTTP SSL):
Connects to host-203-133-8-18.ip.kbtelecom.net  (203.133.8.18:443)

TCP (HTTP):
Connects to d117155148.ppp117155.cyberway.com.sg  (203.117.155.148:80)

TCP (HTTP):
Connects to a203-133-9-99.deploy.akamaitechnologies.com  (203.133.9.99:80)

TCP (HTTP):
Connects to a203-133-9-59.deploy.akamaitechnologies.com  (203.133.9.59:80)

TCP (HTTP):
Connects to s497.c4.crucialx.net  (208.76.245.34:80)

TCP (HTTP):
Connects to lga15s47-in-f2.1e100.net  (173.194.123.34:80)

TCP (HTTP):
Connects to iad23s26-in-f25.1e100.net  (173.194.121.57:80)

TCP (HTTP):
Connects to iad23s25-in-f25.1e100.net  (173.194.121.25:80)

TCP (HTTP):
Connects to iad23s24-in-f25.1e100.net  (74.125.228.249:80)

TCP (HTTP):
Connects to ec2-54-173-158-177.compute-1.amazonaws.com  (54.173.158.177:80)

TCP (HTTP):
Connects to 174.127.83.49.static.midphase.com  (174.127.83.49:80)

Remove internetenhancer.exe - Powered by Reason Core Security