» internetenhancer.exe
Overview
Analysis
File Details
Network (6)

internetenhancer.exe

Wâjâm Internet Enhancer

Wâjâm Internet Technologies Inc.

The executable internetenhancer.exe, “Internet Enhancer” has been detected as malware by 12 anti-virus scanners.

File name:

Publisher:

Wâjâm Internet Technologies Inc.

Product:

Wâjâm Internet Enhancer

Description:

Internet Enhancer

Version:

2.13.2.35

MD5:

ac12f2b0e23ea91a59e618ca8f9383fd

SHA-1:

cbdb6eac0e286ab866a52265240fa5372d84ac54

SHA-256:

6954b185c57d1d04445f73d58c3ebf10f20fbcbf9e6a972bf249ed7af2095ef9

Scanner detections:

12 / 68

Status:

Malware

Analysis date:

11/15/2024 6:55:03 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11936080

821

AegisLab AV Signature

Troj.MSIL.Disfa

2.1.4+

avast!

Win32:Dropper-gen [Drp]

2014.9-141106

Bitdefender

Trojan.Generic.11936080

1.0.20.1550

Emsisoft Anti-Malware

Trojan.Generic.11936080

8.14.11.06.02

F-Secure

Trojan.Generic.11936080

11.2014-06-11_5

G Data

Trojan.Generic.11936080

14.11.24

McAfee

Artemis!AC12F2B0E23E

5600.6955

MicroWorld eScan

Trojan.Generic.11936080

15.0.0.930

nProtect

Trojan.Generic.11936080

14.10.17.01

Qihoo 360 Security

Win32/Trojan.Dropper.c9f

1.0.0.1015

Trend Micro House Call

TROJ_GEN.R0C1H05J914

7.2.310

File size:

82 KB (83,968 bytes)

Product version:

2.13.2.35

Original file name:

WajamInternetEnhancer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\wajaie\wajaie internet enhancer\internetenhancer.exe

File PE Metadata

Compilation timestamp:

10/9/2014 10:35:32 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:WGV708rOFhJMp43S6IJCq0I60MQeLyrfLWsWvx:W07bCq06Wmrf0

Entry address:

0x15BDE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 68, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.7931

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

79 KB (80,896 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to rtr2a.l7.search.vip.ne1.yahoo.com (98.138.140.76:443)

TCP (HTTP SSL):

Connects to r1.ycpi.vip.bf1.yahoo.net (98.139.199.204:443)

TCP (HTTP):

Connects to ec2-54-208-30-101.compute-1.amazonaws.com (54.208.30.101:80)

TCP (HTTP):

Connects to a23-74-9-91.deploy.static.akamaitechnologies.com (23.74.9.91:80)

TCP (HTTP):

Connects to a23-61-75-27.deploy.static.akamaitechnologies.com (23.61.75.27:80)

TCP (HTTP):

Connects to a23-193-234-144.deploy.static.akamaitechnologies.com (23.193.234.144:80)

Remove internetenhancer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.