internetenhancer.exe

A6AEGB

The application internetenhancer.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 62105 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address 61-91-161-183.static.asianet.co.th on port 443.
Product:
A6AEGB

Version:
2.34.2.43

MD5:
da653c4d0ac538f41d48ead6442f9a98

SHA-1:
264dbae298812972b1f934093a5b3ebcb9e37816

SHA-256:
397b8d4a093da302e08bc54fb5dea24c09932fc5c69e0b42086d55c946557f53

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 1:13:41 PM UTC  (today)

Scan engine
Detection
Engine version

G Data
Win32.Adware.Wajam
15.8.25

Reason Heuristics
PUP.Wajam.Meta (M)
16.1.29.8

File size:
260 KB (266,240 bytes)

Product version:
2.34.2.43

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wainterenhancer\wainterenhancer internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
8/4/2015 5:07:31 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:Y0fSjL/5R54Cwn912xB6VLs38fgHVwdFOhOajNdx7kLH5LtnJaIdbrAIbGpjQHPO:pSn5RaCw94qRUGrOFzxwfrbrZzHP774

Entry address:
0x4246E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
257.5 KB (263,680 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:62105/

Local host port:
62105

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to coccoc.com  (123.30.175.56:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:80)

TCP (HTTP):
Connects to game.zing.vn  (49.213.68.38:80)

TCP (HTTP):
Connects to 7d.a0.a86c.ip4.static.sl-reverse.com  (108.168.160.125:80)

TCP (HTTP):
Connects to ec2-54-235-86-71.compute-1.amazonaws.com  (54.235.86.71:80)

TCP (HTTP SSL):
Connects to ec2-52-73-109-231.compute-1.amazonaws.com  (52.73.109.231:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.tw1.yahoo.com  (27.123.200.67:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.gq1.yahoo.com  (208.71.45.11:80)

TCP (HTTP):
Connects to ec2-54-221-252-20.compute-1.amazonaws.com  (54.221.252.20:80)

TCP (HTTP SSL):
Connects to ec2-34-192-150-200.compute-1.amazonaws.com  (34.192.150.200:443)

TCP (HTTP SSL):
Connects to TIG-Net17-209.trueintergateway.com  (27.123.17.209:443)

TCP (HTTP SSL):
Connects to static.vnpt.vn  (123.30.210.149:443)

TCP (HTTP):
Connects to server-54-192-75-108.hkg50.r.cloudfront.net  (54.192.75.108:80)

TCP (HTTP):
Connects to server-52-85-83-14.lax1.r.cloudfront.net  (52.85.83.14:80)

TCP (HTTP):
Connects to server-52-85-83-118.lax1.r.cloudfront.net  (52.85.83.118:80)

TCP (HTTP):
Connects to ptr.vng.vn  (49.213.68.34:80)

TCP (HTTP):
Connects to mess5.wizzlabs.com  (176.31.106.195:80)

TCP (HTTP):
Connects to id.zing.vn  (118.102.1.142:80)

TCP (HTTP):
Connects to fw3.wel.nbg  (159.203.188.92:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-kut2.facebook.com  (157.240.10.35:443)

Remove internetenhancer.exe - Powered by Reason Core Security