internetenhancer.exe

N4ICOW

The application internetenhancer.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 1683 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Product:
N4ICOW

Version:
2.35.2.85

MD5:
93d0df694566aa2821ae267d7de3caf7

SHA-1:
3dd5dff6b86c5aa26b42011bb6ebc3ab3471b6b5

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/6/2024 12:27:25 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.MSIL.Wajam
4.0.3.15831

ESET NOD32
MSIL/Wajam.C potentially unwanted (variant)
9.12175

IKARUS anti.virus
PUA.MSIL.Wajam
t3scan.1.9.5.0

Reason Heuristics
PUP.Wajam.Meta (M)
15.8.31.6

File size:
261 KB (267,264 bytes)

Product version:
2.35.2.85

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wintenhancer\wintenhancer internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
8/31/2015 12:36:18 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:JmS3qo7AVMuR/pvk2eXLdVRJzc9K5+iTt4Dwy+DtQE16uZnOHxw4tIQr7eKS/j+K:JmWAVVGxVXzc9mrvSHxDtdnEj+G

Entry address:
0x4289E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.1373

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
258.5 KB (264,704 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:1683/

Local host port:
1683

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-eze1.facebook.com  (31.13.94.19:443)

TCP (HTTP):
Connects to ec2-54-72-47-163.eu-west-1.compute.amazonaws.com  (54.72.47.163:80)

TCP (HTTP SSL):
Connects to dub408-m.hotmail.com  (157.55.6.71:443)

TCP (HTTP SSL):
Connects to a23-3-252-154.deploy.static.akamaitechnologies.com  (23.3.252.154:443)

TCP (HTTP SSL):
Connects to upload-lb.eqiad.wikimedia.org  (208.80.154.240:443)

TCP (HTTP SSL):
Connects to text-lb.eqiad.wikimedia.org  (208.80.154.224:443)

TCP (HTTP):
Connects to server-54-192-227-96.gig50.r.cloudfront.net  (54.192.227.96:80)

TCP (HTTP):
Connects to ec2-54-243-128-145.compute-1.amazonaws.com  (54.243.128.145:80)

TCP (HTTP):
Connects to ec2-54-235-95-208.compute-1.amazonaws.com  (54.235.95.208:80)

TCP (HTTP SSL):
Connects to ec2-52-8-25-23.us-west-1.compute.amazonaws.com  (52.8.25.23:443)

TCP (HTTP):
Connects to ec2-52-209-20-4.eu-west-1.compute.amazonaws.com  (52.209.20.4:80)

TCP (HTTP):
Connects to ec2-107-22-221-32.compute-1.amazonaws.com  (107.22.221.32:80)

TCP (HTTP):
Connects to ec2-107-20-217-71.compute-1.amazonaws.com  (107.20.217.71:80)

TCP (HTTP):
Connects to ec2-107-20-201-221.compute-1.amazonaws.com  (107.20.201.221:80)

TCP (HTTP SSL):
Connects to bl3301-g.1drv.com  (134.170.107.96:443)

TCP (HTTP SSL):
Connects to a-0001.a-msedge.net  (204.79.197.200:443)

TCP (HTTP SSL):
Connects to 11-ha.ycs.ara.yahoo.com  (190.94.178.170:443)

TCP (HTTP SSL):
Connects to server-54-230-83-227.mia50.r.cloudfront.net  (54.230.83.227:443)

TCP (HTTP SSL):
Connects to msnbot-157-55-109-224.search.msn.com  (157.55.109.224:443)

Remove internetenhancer.exe - Powered by Reason Core Security