internetenhancer.exe

Internet Enhancer

The application internetenhancer.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 49446 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Product:
Internet Enhancer

Version:
2.21.2.26

MD5:
630a776b401c82597a7b77ba40374eb4

SHA-1:
3b66867abd4c46515f70462f509529daebb25a62

SHA-256:
6925fc29db54284b8938c8ce7df92266b9661e621d9cc74400c89ede645f8fd6

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 11:49:42 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.534478
681

Baidu Antivirus
PUA.Win32.WInterEnhance
4.0.3.15325

Bitdefender
Gen:Variant.Adware.Kazy.534478
1.0.20.420

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.534478
8.15.03.25.10

ESET NOD32
MSIL/Wajam (variant)
9.11068

F-Secure
Gen:Variant.Adware.Kazy.534478
11.2015-25-03_4

G Data
Gen:Variant.Adware.Kazy.534478
15.3.24

MicroWorld eScan
Gen:Variant.Adware.Kazy.534478
16.0.0.252

File size:
81.5 KB (83,456 bytes)

Product version:
2.21.2.26

Copyright:
Copyright © 2014

Original file name:
WajamInternetEnhancer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\winterenhance\winterenhance internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
12/23/2014 9:01:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:kDnmq7GhYx9yyWetRy6+JVMvoCokH9HzW3K5ltQ8hehqH0uG1sQVDkc2Jnu9vtgS:kjp7GipOVBqHSa5bh70uI8PCVg5jFOn

Entry address:
0x15B1E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8424

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
79 KB (80,896 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49446/

Local host port:
49446

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to haproxy4.ca.servers.visadd.com  (198.50.227.236:80)

TCP (HTTP):
Connects to ec2-54-243-161-87.compute-1.amazonaws.com  (54.243.161.87:80)

TCP (HTTP):
Connects to a2-16-216-187.deploy.akamaitechnologies.com  (2.16.216.187:80)

TCP (HTTP):
Connects to li491-84.members.linode.com  (50.116.29.84:80)

TCP (HTTP):
Connects to ec2-52-86-81-116.compute-1.amazonaws.com  (52.86.81.116:80)

TCP (HTTP):
Connects to ec2-23-23-99-139.compute-1.amazonaws.com  (23.23.99.139:80)

TCP (HTTP):
Connects to a-0001.a-msedge.net  (204.79.197.200:80)

TCP (HTTP):
Connects to a0.f0.2bd0.ip4.static.sl-reverse.com  (208.43.240.160:80)

TCP (HTTP):
Connects to dd.e7.25ae.ip4.static.sl-reverse.com  (174.37.231.221:80)

TCP (HTTP):
Connects to w01.ttms.eu  (46.105.156.71:80)

TCP (HTTP):
Connects to vps.suckbangblow.com  (45.33.93.210:80)

TCP (HTTP):
Connects to tag-direct.ams.contextweb.com  (74.214.194.86:80)

TCP (HTTP):
Connects to server-54-230-37-19.jfk1.r.cloudfront.net  (54.230.37.19:80)

TCP (HTTP):
Connects to server-54-192-14-43.ams1.r.cloudfront.net  (54.192.14.43:80)

TCP (HTTP):
Connects to server-54-192-14-209.ams1.r.cloudfront.net  (54.192.14.209:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:80)

TCP (HTTP):
Connects to q1.qdatasales.com  (45.55.34.223:80)

TCP (HTTP):
Connects to host.theseoffers.work  (209.188.86.75:80)

TCP (HTTP):
Connects to ec2-54-82-69-42.compute-1.amazonaws.com  (54.82.69.42:80)

TCP (HTTP):
Connects to ec2-54-209-170-3.compute-1.amazonaws.com  (54.209.170.3:80)

Remove internetenhancer.exe - Powered by Reason Core Security