internetenhancer.exe

Internet Enhancer

The application internetenhancer.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 50261 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Product:
Internet Enhancer

Version:
2.23.2.15

MD5:
a20f34b2669337cf7dc8a518471d7bfa

SHA-1:
c2a787f459f175ffd71f1b7659e420febdaf4acf

SHA-256:
c57385cbfb5fa957f4c658a015f4fb912534d618b27f97a114664b787de5314e

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 4:40:51 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.MSIL.Wajam
4.0.3.1525

ESET NOD32
MSIL/Wajam.B potentially unwanted (variant)
9.11123

Malwarebytes
PUP.Optional.Wajam.A
v2015.02.05.03

File size:
76 KB (77,824 bytes)

Product version:
2.23.2.15

Copyright:
Copyright © 2014

Original file name:
WajamInternetEnhancer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wajintenhance\wajintenhance internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
2/4/2015 6:56:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:zMvkz8uP4yTEQiC75jQ1CTQ1VW/32dXvNZ+:ov+8uP4zQns1bWgXFw

Entry address:
0x1455E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
73.5 KB (75,264 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:50261/

Local host port:
50261

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-98-95.arn1.r.cloudfront.net  (54.230.98.95:80)

TCP (HTTP):
Connects to pr.pbp.vip.ir2.yahoo.com  (188.125.82.57:80)

TCP (HTTP SSL):
Connects to muc03s14-in-f4.1e100.net  (216.58.211.36:443)

TCP (HTTP):
Connects to llb55.clearspring.com  (8.37.70.22:80)

TCP (HTTP):
Connects to float.1902.bm-impbus.prod.ams1.adnexus.net  (37.252.162.156:80)

TCP (HTTP):
Connects to float.1312.bm-impbus.prod.fra1.adnexus.net  (37.252.170.61:80)

TCP (HTTP):
Connects to eg3205.cortb.pl  (176.31.234.211:80)

TCP (HTTP):
Connects to eg3201.cortb.pl  (5.39.74.91:80)

TCP (HTTP):
Connects to ec2-54-83-201-209.compute-1.amazonaws.com  (54.83.201.209:80)

TCP (HTTP):
Connects to dl12.clickmein.com  (50.7.133.50:80)

TCP (HTTP):
Connects to cdn-87-248-217-253.frf.llnw.net  (87.248.217.253:80)

TCP (HTTP SSL):
Connects to bud02s22-in-f3.1e100.net  (216.58.209.195:443)

TCP (HTTP SSL):
Connects to bud02s22-in-f14.1e100.net  (216.58.209.206:443)

TCP (HTTP SSL):
Connects to bud02s22-in-f13.1e100.net  (216.58.209.205:443)

TCP (HTTP SSL):
Connects to bud02s22-in-f10.1e100.net  (216.58.209.202:443)

TCP (HTTP SSL):
Connects to bud02s21-in-f14.1e100.net  (216.58.209.174:443)

TCP (HTTP):
Connects to arn06s07-in-f2.1e100.net  (216.58.209.98:80)

TCP (HTTP):
Connects to 93.157.211.130.bc.googleusercontent.com  (130.211.157.93:80)

TCP (HTTP):
Connects to 62-44-200-170.rev.dnaip.fi  (62.44.200.170:80)

Remove internetenhancer.exe - Powered by Reason Core Security