» internetenhancer.exe
Overview
Analysis
File Details
Network (26)

internetenhancer.exe

GUV8R9

The application internetenhancer.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. While running, it connects to the Internet address rtr3.l7.search.vip.gq1.yahoo.com on port 80 using the HTTP protocol.

File name:

Product:

GUV8R9

Version:

2.33.2.33

MD5:

e2924181286eaf40cd1f915704542307

SHA-1:

d9eb7c3c0d709b676547b7c8616b068542ff7ebb

SHA-256:

41383233f86ac9ec11879595c0c9ce245bd6189822ac924a568b56356345fa45

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 1:58:22 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.Wajam

4.0.3.15719

G Data

Win32.Adware.Wajam

15.6.25

Panda Antivirus

PUP/Wajam

15.07.19.01

Reason Heuristics

PUP.Wajam.Meta (M)

15.6.22.16

File size:

281.5 KB (288,256 bytes)

Product version:

2.33.2.33

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\winterenhancer\winterenhancer internet enhancer\internetenhancer.exe

File PE Metadata

Compilation timestamp:

6/21/2015 10:56:27 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:KzmieoPaPX9mJK83lCITjXoUDIswFtekuFcUXaqdiYEqeSA3J3uUGsSPd6E/jv+P:KTPaPtmFjQsIdtWFh9irqeRwXsSVU

Entry address:

0x47B9E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00... 
[+]

Entropy:

5.1394

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

279 KB (285,696 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to rtr3.l7.search.vip.ir2.yahoo.com (217.12.15.96:80)

TCP (HTTP SSL):

Connects to soagw-dmz-pc1.us.dell.com (143.166.11.212:443)

TCP:

Connects to sc-in-f188.1e100.net (74.125.68.188:5228)

TCP (HTTP):

Connects to rtr3.l7.search.vip.gq1.yahoo.com (208.71.45.11:80)

TCP (HTTP SSL):

Connects to mc.yandex.ru (87.250.250.119:443)

TCP (HTTP):

Connects to https-103-53-14-0.maa.llnw.net (103.53.14.0:80)

TCP (HTTP SSL):

Connects to hk2sch130021246.wns.windows.com (111.221.29.114:443)

TCP (HTTP SSL):

Connects to edge-star-shv-01-sin1.facebook.com (31.13.79.246:443)

TCP (HTTP SSL):

Connects to ec2-52-20-120-15.compute-1.amazonaws.com (52.20.120.15:443)

TCP (HTTP):

Connects to ec2-107-20-201-221.compute-1.amazonaws.com (107.20.201.221:80)

TCP (HTTP SSL):

Connects to dm2301-e.1drv.com (134.170.104.168:443)

TCP (HTTP):

Connects to cdn-111-119-17-254.bom.llnw.net (111.119.17.254:80)

TCP (HTTP):

Connects to a23-58-48-54.deploy.static.akamaitechnologies.com (23.58.48.54:80)

TCP (HTTP):

Connects to a23-57-219-27.deploy.static.akamaitechnologies.com (23.57.219.27:80)

TCP (HTTP SSL):

Connects to a23-57-212-172.deploy.static.akamaitechnologies.com (23.57.212.172:443)

TCP (HTTP SSL):

Connects to a23-56-83-243.deploy.static.akamaitechnologies.com (23.56.83.243:443)

TCP (HTTP SSL):

Connects to a23-207-150-197.deploy.static.akamaitechnologies.com (23.207.150.197:443)

TCP (HTTP):

Connects to a23-207-145-12.deploy.static.akamaitechnologies.com (23.207.145.12:80)

TCP (HTTP):

Connects to a23-207-144-241.deploy.static.akamaitechnologies.com (23.207.144.241:80)

TCP (HTTP):

Connects to a23-205-218-56.deploy.static.akamaitechnologies.com (23.205.218.56:80)

Remove internetenhancer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.