internetenhancer.exe

Internet Enhancer

The application internetenhancer.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 51576 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Product:
Internet Enhancer

Version:
2.22.2.15

MD5:
775b43022c26e3bb6d384dc5bf3c8bb2

SHA-1:
526576b1ac2ea2a8b63791e1661457a2122c8ce2

SHA-256:
dfefc95a82eda4b505d884b0e5b61fade1980a95b0e0ca4bd79b527fdd81d01e

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 2:04:40 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/Wajam.83456.6
3.6.1.96

avast!
Win32:Dropper-gen [Drp]
150101-1

Baidu Antivirus
PUA.MSIL.Wajam
4.0.3.15117

ESET NOD32
MSIL/Wajam.A potentially unwanted application
7.0.302.0

K7 AntiVirus
Trojan
13.202.15563

Malwarebytes
PUP.Optional.Wajam.A
v2015.04.26.12

McAfee
Artemis!775B43022C26
5600.6784

NANO AntiVirus
Riskware.Win32.Wajam.dnoeyb
0.30.10.952

Norman
Troj_Generic.YDUIW
11.20150426

SUPERAntiSpyware
PUP.Wajam/Variant
9913

Trend Micro House Call
TROJ_GEN.R000C0EB315
7.2.116

Trend Micro
TROJ_GEN.R000C0EB315
10.465.26

VIPRE Antivirus
Trojan.Win32.Generic
39246

File size:
81.5 KB (83,456 bytes)

Product version:
2.22.2.15

Copyright:
Copyright © 2014

Original file name:
WajamInternetEnhancer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wajainterenhance\wajainterenhance internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
1/14/2015 4:41:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:0zRLBceg9arVrLKHP7+5X9T37Aoiy4NhsXBz7VqCrG6ZgDpSDFY7n8Ks1doDFUUf:eNearRKHDc9TLbTztts6Y741doDFUqj

Entry address:
0x15B6E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
79 KB (80,896 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:51576/

Local host port:
51576

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP SSL):
Connects to wi-in-f91.1e100.net  (173.194.67.91:443)

TCP (HTTP SSL):
Connects to wi-in-f139.1e100.net  (173.194.67.139:443)

TCP (HTTP SSL):
Connects to we-in-f95.1e100.net  (173.194.66.95:443)

TCP (HTTP):
Connects to visicom-87.nationalnet.com  (66.115.130.128:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to sjd-rf15-5b.sjc.dropbox.com  (108.160.167.42:80)

TCP (HTTP):
Connects to rtr1.l7.search.vip.ir2.yahoo.com  (188.125.66.105:80)

TCP (HTTP SSL):
Connects to r-199-59-148-85.twttr.com  (199.59.148.85:443)

TCP (HTTP SSL):
Connects to lhr14s23-in-f14.1e100.net  (216.58.210.46:443)

TCP:
Connects to ee-in-f188.1e100.net  (173.194.65.188:5228)

TCP (HTTP SSL):
Connects to ee-in-f141.1e100.net  (173.194.65.141:443)

TCP (HTTP SSL):
Connects to ee-in-f105.1e100.net  (173.194.65.105:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-sin1.facebook.com  (31.13.79.246:443)

TCP (HTTP SSL):
Connects to ec2-54-228-247-241.eu-west-1.compute.amazonaws.com  (54.228.247.241:443)

TCP:
Connects to ec2-54-228-188-133.eu-west-1.compute.amazonaws.com  (54.228.188.133:8443)

TCP (HTTP SSL):
Connects to ec2-54-195-251-107.eu-west-1.compute.amazonaws.com  (54.195.251.107:443)

TCP (HTTP SSL):
Connects to ea-in-f189.1e100.net  (74.125.136.189:443)

TCP (HTTP):
Connects to 94.31.29.192.IPYX-077437-ZYO.above.net  (94.31.29.192:80)

Remove internetenhancer.exe - Powered by Reason Core Security