internetenhancer.exe

BZAM0W

The application internetenhancer.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 51670 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address coccoc.com on port 443.
Product:
BZAM0W

Version:
2.35.2.49

MD5:
3bd45b1538899897e46356d72e24a071

SHA-1:
a5a12e2f5a1c2ae9b24b45b95af269665a609c1b

SHA-256:
1890b9a539cb43bf2a324121ced809202adf3cdf7d6cff353f0bd57efbc169fb

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 12:47:12 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Meta (M)
15.8.21.9

File size:
260 KB (266,240 bytes)

Product version:
2.35.2.49

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wajainterenhancer\wajainterenhancer internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
8/19/2015 8:18:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:A6wLqy/hWcWb1mY/iD+Z7pgNfKeUc+W8k7scECWWY3vK1DmX:NwLqy/gT5/BZ7pgNFUG8k7Xr6K1DmX

Entry address:
0x4248E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.1347

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
257.5 KB (263,680 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:51670/

Local host port:
51670

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to twweb7.gocyberlink.com  (203.73.25.207:80)

TCP (HTTP):
Connects to static.vnpt.vn  (123.30.180.150:80)

TCP (HTTP SSL):
Connects to coccoc.com  (123.30.175.56:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sin6.facebook.com  (157.240.7.35:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-sit4.facebook.com  (31.13.78.13:443)

TCP (HTTP):
Connects to US2DL4  (72.52.91.44:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sit4.facebook.com  (31.13.78.35:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sin6.fbcdn.net  (157.240.7.26:443)

TCP (HTTP SSL):
Connects to WIN-MGIB0IP4L15  (123.31.47.32:443)

TCP (HTTP SSL):
Connects to mc.yandex.ru  (87.250.251.119:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-02-lax3.fbcdn.net  (157.240.11.22:443)

TCP (HTTP SSL):
Connects to server-52-85-151-71.hkg51.r.cloudfront.net  (52.85.151.71:443)

TCP (HTTP SSL):
Connects to server-52-85-151-145.hkg51.r.cloudfront.net  (52.85.151.145:443)

TCP (HTTP):
Connects to mess0.wizzlabs.com  (176.31.115.114:80)

TCP (HTTP SSL):
Connects to ec2-52-3-78-95.compute-1.amazonaws.com  (52.3.78.95:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sit4.fbcdn.net  (31.13.78.17:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:80)

TCP (HTTP):
Connects to mess4.wizzlabs.com  (94.23.44.92:80)

TCP (HTTP):
Connects to mess2.wizzlabs.com  (176.31.107.87:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-sin6.facebook.com  (157.240.7.20:443)

Remove internetenhancer.exe - Powered by Reason Core Security