internetenhancer.exe

Internet Enhancer

The application internetenhancer.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 58257 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address server-54-230-148-94.sin2.r.cloudfront.net on port 443.
Product:
Internet Enhancer

Version:
2.21.2.32

MD5:
a44cd707d945476f8a1bc704dd7336fb

SHA-1:
9baa717577dee29f4e8f69f313810f5be6d3b83d

SHA-256:
da5d0858dbe73af817fcf51fe1fef59c3e348cca231a960aa257ba9a545dfeae

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 4:22:52 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.534478
659

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Wajam
2015.04.16

Baidu Antivirus
Adware.Win32.WaInterEnhance
4.0.3.15416

Bitdefender
Gen:Variant.Adware.Kazy.534478
1.0.20.530

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.534478
8.15.04.16.12

ESET NOD32
MSIL/Wajam.B potentially unwanted (variant)
9.11479

F-Secure
Gen:Variant.Adware.Kazy
11.2015-16-04_5

G Data
Gen:Variant.Adware.Kazy.534478
15.4.25

K7 AntiVirus
Trojan
13.202.15606

Malwarebytes
PUP.Optional.Wajam.A
v2015.04.16.12

MicroWorld eScan
Gen:Variant.Adware.Kazy.534478
16.0.0.318

Trend Micro House Call
TROJ_GEN.R0C1H09AL15
7.2.106

ViRobot
Trojan.Win32.A.Downloader.83456.GE[h]
2014.3.20.0

File size:
81.5 KB (83,456 bytes)

Product version:
2.21.2.32

Copyright:
Copyright © 2014

Original file name:
WajamInternetEnhancer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\wainterenhance\wainterenhance internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
1/6/2015 12:14:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:RDnmq7GhYx9yyWetRR6+JVMvoookH9SzdKGorQkhehqH0uG1sQVDFc4JnuxKtg5b:Rjp7GipVVrqSUHh70uI99WMg5jFnJ

Entry address:
0x15B1E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8428

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
79 KB (80,896 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:58257/

Local host port:
58257

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to crt5.bln2.herbst.de  (212.162.43.38:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to ec2-52-20-120-15.compute-1.amazonaws.com  (52.20.120.15:443)

TCP (HTTP SSL):
Connects to a104-96-35-209.deploy.static.akamaitechnologies.com  (104.96.35.209:443)

TCP (HTTP SSL):
Connects to a104-94-183-161.deploy.static.akamaitechnologies.com  (104.94.183.161:443)

TCP (HTTP):
Connects to webservices.autodesk.com  (132.188.65.68:80)

TCP (HTTP):
Connects to s3-1.amazonaws.com  (52.216.17.83:80)

TCP (HTTP):
Connects to pointa.autodesk.com  (132.188.65.21:80)

TCP (HTTP):
Connects to map2.hwcdn.net  (205.185.216.10:80)

TCP (HTTP):
Connects to ec2-54-245-85-125.us-west-2.compute.amazonaws.com  (54.245.85.125:80)

TCP (HTTP SSL):
Connects to ec2-54-225-193-189.compute-1.amazonaws.com  (54.225.193.189:443)

TCP (HTTP SSL):
Connects to ec2-52-7-213-116.compute-1.amazonaws.com  (52.7.213.116:443)

TCP (HTTP SSL):
Connects to ec2-52-6-82-78.compute-1.amazonaws.com  (52.6.82.78:443)

TCP (HTTP SSL):
Connects to ec2-52-25-239-122.us-west-2.compute.amazonaws.com  (52.25.239.122:443)

TCP (HTTP):
Connects to ec2-50-17-205-172.compute-1.amazonaws.com  (50.17.205.172:80)

TCP (HTTP):
Connects to cdn-117-121-249-253.sin.llnw.net  (117.121.249.253:80)

TCP (HTTP):
Connects to adsk-132-188-92-139.autodesk.org  (132.188.92.139:80)

TCP (HTTP):
Connects to a23-50-253-182.deploy.static.akamaitechnologies.com  (23.50.253.182:80)

TCP (HTTP):
Connects to a104-102-18-201.deploy.static.akamaitechnologies.com  (104.102.18.201:80)

TCP (HTTP SSL):
Connects to x.uimserv.net  (195.20.250.237:443)

Remove internetenhancer.exe - Powered by Reason Core Security