home

internetenhancer.exe

DZVUAJ

The application internetenhancer.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 49362 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Product:
DZVUAJ

Version:
2.35.10.2

MD5:
69298615010d672c02d36d1fd1598238

SHA-1:
aebf8f455f6be0f2ba8930855a08ccf526b58330

SHA-256:
150bfc421a8d1eea912f922e3667f9bd2d96f732ec7957fb7d96b2d507eff8f9

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 9:02:36 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.MSIL.Wajam
4.0.3.15820

ESET NOD32
MSIL/Wajam.C potentially unwanted (variant)
9.12113

Reason Heuristics
PUP.Wajam.Meta (M)
15.8.20.22

File size:
259 KB (265,216 bytes)

Product version:
2.35.10.2

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wajainterenhancer\wajainterenhancer internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
8/17/2015 10:23:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:2lLD05Mx2CCYTYpZULJYoaGeigzforMpqjEgti+uzqM:2lgMMYTYpZULSo9eicgCqjELZzqM

Entry address:
0x421EE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 68, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.1247

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
256.5 KB (262,656 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49362/

Local host port:
49362

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to a92-122-81-150.deploy.akamaitechnologies.com  (92.122.81.150:443)

TCP (HTTP SSL):
Connects to a104-82-107-42.deploy.static.akamaitechnologies.com  (104.82.107.42:443)

TCP (HTTP):
Connects to li491-84.members.linode.com  (50.116.29.84:80)

TCP (HTTP SSL):
Connects to 206-225-84-183.dedicated.codero.net  (206.225.84.183:443)

TCP (HTTP):
Connects to https-178-79-251-0.lcy.llnw.net  (178.79.251.0:80)

TCP (HTTP):
Connects to ec2-54-154-109-8.eu-west-1.compute.amazonaws.com  (54.154.109.8:80)

TCP (HTTP SSL):
Connects to ec2-52-52-87-56.us-west-1.compute.amazonaws.com  (52.52.87.56:443)

TCP (HTTP SSL):
Connects to client.v.dropbox.com  (108.160.172.236:443)

TCP (HTTP):
Connects to a23-15-8-210.deploy.static.akamaitechnologies.com  (23.15.8.210:80)

TCP (HTTP SSL):
Connects to a-0001.a-msedge.net  (204.79.197.200:443)

TCP (HTTP):
Connects to 40.1e.2fa9.ip4.static.sl-reverse.com  (169.47.30.64:80)

TCP (HTTP SSL):
Connects to yv-in-f106.1e100.net  (74.125.21.106:443)

TCP (HTTP):
Connects to www.smilebox.com  (216.218.214.53:80)

TCP (HTTP):
Connects to server-54-192-7-206.dfw3.r.cloudfront.net  (54.192.7.206:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.65.33:80)

TCP (HTTP):
Connects to pa-in-f128.1e100.net  (74.125.25.128:80)

TCP (HTTP SSL):
Connects to lhr25s10-in-f14.1e100.net  (216.58.198.174:443)

TCP (HTTP):
Connects to lhr25s01-in-f3.1e100.net  (216.58.213.67:80)

TCP (HTTP SSL):
Connects to lax17s05-in-f206.1e100.net  (216.58.217.206:443)

TCP (HTTP SSL):
Connects to lax02s19-in-f9.1e100.net  (74.125.224.105:443)

Remove internetenhancer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.