internetenhancer.exe

Wâjâm Internet Enhancer

Wâjâm Internet Technologies Inc.

The executable internetenhancer.exe, “Internet Enhancer” has been detected as malware by 12 anti-virus scanners.
Publisher:
Wâjâm Internet Technologies Inc.

Product:
Wâjâm Internet Enhancer

Description:
Internet Enhancer

Version:
2.13.2.35

MD5:
ac12f2b0e23ea91a59e618ca8f9383fd

SHA-1:
cbdb6eac0e286ab866a52265240fa5372d84ac54

SHA-256:
6954b185c57d1d04445f73d58c3ebf10f20fbcbf9e6a972bf249ed7af2095ef9

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
12/26/2024 3:10:24 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11936080
821

AegisLab AV Signature
Troj.MSIL.Disfa
2.1.4+

avast!
Win32:Dropper-gen [Drp]
2014.9-141106

Bitdefender
Trojan.Generic.11936080
1.0.20.1550

Emsisoft Anti-Malware
Trojan.Generic.11936080
8.14.11.06.02

F-Secure
Trojan.Generic.11936080
11.2014-06-11_5

G Data
Trojan.Generic.11936080
14.11.24

McAfee
Artemis!AC12F2B0E23E
5600.6955

MicroWorld eScan
Trojan.Generic.11936080
15.0.0.930

nProtect
Trojan.Generic.11936080
14.10.17.01

Qihoo 360 Security
Win32/Trojan.Dropper.c9f
1.0.0.1015

Trend Micro House Call
TROJ_GEN.R0C1H05J914
7.2.310

File size:
82 KB (83,968 bytes)

Product version:
2.13.2.35

Copyright:
Copyright © 2014

Original file name:
WajamInternetEnhancer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wajaie\wajaie internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
10/9/2014 10:35:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:WGV708rOFhJMp43S6IJCq0I60MQeLyrfLWsWvx:W07bCq06Wmrf0

Entry address:
0x15BDE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 68, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.7931

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
79 KB (80,896 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to rtr2a.l7.search.vip.ne1.yahoo.com  (98.138.140.76:443)

TCP (HTTP SSL):
Connects to r1.ycpi.vip.bf1.yahoo.net  (98.139.199.204:443)

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a23-193-234-144.deploy.static.akamaitechnologies.com  (23.193.234.144:80)

Remove internetenhancer.exe - Powered by Reason Core Security