internetenhancer.exe

DBYYOE

The application internetenhancer.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 51124 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address 096239.telemar.net.br on port 443.
Product:
DBYYOE

Version:
2.31.2.12

MD5:
ad3b3a8523118fb0537854fc740551dd

SHA-1:
d250420a1ccd467bcf8ab6654162c7d5c4ba5d5d

SHA-256:
b3f9f74f267b687a00bfcace0d8bca6525b961589f8edbe9f64624481c8461a3

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 9:40:22 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.1248433
614

Baidu Antivirus
Adware.Win32.WajaWebEnhance
4.0.3.1561

Bitdefender
Adware.Generic.1248433
1.0.20.760

Dr.Web
Adware.Searcher.2854
9.0.1.0152

Emsisoft Anti-Malware
Adware.Generic.1248433
8.15.06.01.09

F-Secure
Adware.Generic.1248433
11.2015-01-06_2

G Data
Win32.Adware.Wajam
15.5.25

MicroWorld eScan
Adware.Generic.1248433
16.0.0.456

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.PUP.Wajam
15.5.13.5

Rising Antivirus
PE:Trojan.FakeIcon!1.64A5
23.00.65.15511

Trend Micro House Call
TROJ_GEN.R047H09ER15
7.2.152

File size:
268.5 KB (274,944 bytes)

Product version:
2.31.2.12

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\wajawebenhance\wajawebenhance internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
5/6/2015 9:34:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:ilgAP8wDEucuVqI4ERHEm2WBp2iLuzWe3A/TzGZSPwN0lzk0hd+7IEAQZs8d3x1J:ilgAjExIpRHR2HYwO1kZRh+F+0BZ

Entry address:
0x4471E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
266 KB (272,384 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:51124/

Local host port:
51124

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-gru2.fbcdn.net  (31.13.85.4:443)

TCP (HTTP):
Connects to server-52-84-179-45.gru50.r.cloudfront.net  (52.84.179.45:80)

TCP (HTTP SSL):
Connects to server-52-84-179-178.gru50.r.cloudfront.net  (52.84.179.178:443)

TCP (HTTP):
Connects to server-52-84-179-100.gru50.r.cloudfront.net  (52.84.179.100:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-gru2.facebook.com  (31.13.85.36:443)

TCP (HTTP):
Connects to ec2-52-5-19-74.compute-1.amazonaws.com  (52.5.19.74:80)

TCP (HTTP):
Connects to ec2-52-201-128-113.compute-1.amazonaws.com  (52.201.128.113:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to 096239.telemar.net.br  (200.165.96.239:443)

TCP (HTTP):

TCP (HTTP):
Connects to a23-45-214-163.deploy.static.akamaitechnologies.com  (23.45.214.163:80)

Remove internetenhancer.exe - Powered by Reason Core Security