home

internetenhancer.exe

The application internetenhancer.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 53592 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address pr-bh.pbp.vip.gq1.yahoo.com on port 80 using the HTTP protocol.
Version:
2.30.2.13

MD5:
89c89550d1eb3fb3782e09ff14c18ab7

SHA-1:
b8292a9badaf95e9a6a109bfa850604f86dd9fc0

SHA-256:
d1a791b3ff4320c32c5932dffb03f5e81d3d0080ec5e9c6b945d964e42da39a5

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 2:25:05 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Wajam
4.0.3.1549

Reason Heuristics
PUP.Wajam.Meta
15.5.2.21

File size:
82 KB (83,968 bytes)

Product version:
2.30.2.13

Original file name:
WajamInternetEnhancer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wanetenhance\wanetenhance internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
4/1/2015 7:38:04 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:+H27HyTQSIJd+riaFsIzqQHNH5HUUJI/PqBj5KsvHziBiFGq:+H27H+pmaF9lNIQj5vzpF

Entry address:
0x15CFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
79.5 KB (81,408 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:53592/

Local host port:
53592

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ec2-52-73-109-231.compute-1.amazonaws.com  (52.73.109.231:443)

TCP (HTTP):
Connects to a23-45-228-148.deploy.static.akamaitechnologies.com  (23.45.228.148:80)

TCP (HTTP SSL):
Connects to a23-200-218-81.deploy.static.akamaitechnologies.com  (23.200.218.81:443)

TCP (HTTP SSL):
Connects to server-52-84-24-160.sea32.r.cloudfront.net  (52.84.24.160:443)

TCP (HTTP SSL):
Connects to s3-sa-east-1.amazonaws.com  (52.92.72.10:443)

TCP (HTTP SSL):
Connects to s3-ap-southeast-2.amazonaws.com  (52.95.132.5:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sof1.facebook.com  (157.240.9.35:443)

TCP (HTTP):
Connects to ec2-54-89-42-207.compute-1.amazonaws.com  (54.89.42.207:80)

TCP (HTTP SSL):
Connects to ec2-52-206-203-23.compute-1.amazonaws.com  (52.206.203.23:443)

TCP (HTTP SSL):
Connects to ec2-52-20-120-15.compute-1.amazonaws.com  (52.20.120.15:443)

TCP (HTTP SSL):
Connects to a-0001.a-msedge.net  (204.79.197.200:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:80)

TCP (HTTP):
Connects to ec2-107-23-224-186.compute-1.amazonaws.com  (107.23.224.186:80)

TCP (HTTP):
Connects to tg1-den.search.spotxchange.com  (198.54.12.96:80)

TCP:
Connects to surfernetworkonline.com  (209.222.145.140:8001)

TCP (HTTP):
Connects to server-52-84-24-69.sea32.r.cloudfront.net  (52.84.24.69:80)

TCP (HTTP):
Connects to server-52-84-24-35.sea32.r.cloudfront.net  (52.84.24.35:80)

TCP (HTTP):
Connects to server-52-84-24-32.sea32.r.cloudfront.net  (52.84.24.32:80)

TCP (HTTP):
Connects to server-52-84-24-215.sea32.r.cloudfront.net  (52.84.24.215:80)

TCP (HTTP SSL):
Connects to server-52-84-22-144.sea32.r.cloudfront.net  (52.84.22.144:443)

Remove internetenhancer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.