internetenhancer.exe

GUV8R9

The application internetenhancer.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. While running, it connects to the Internet address rtr3.l7.search.vip.gq1.yahoo.com on port 80 using the HTTP protocol.
Product:
GUV8R9

Version:
2.33.2.33

MD5:
e2924181286eaf40cd1f915704542307

SHA-1:
d9eb7c3c0d709b676547b7c8616b068542ff7ebb

SHA-256:
41383233f86ac9ec11879595c0c9ce245bd6189822ac924a568b56356345fa45

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/29/2024 12:43:23 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Wajam
4.0.3.15719

G Data
Win32.Adware.Wajam
15.6.25

Panda Antivirus
PUP/Wajam
15.07.19.01

Reason Heuristics
PUP.Wajam.Meta (M)
15.6.22.16

File size:
281.5 KB (288,256 bytes)

Product version:
2.33.2.33

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\winterenhancer\winterenhancer internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
6/21/2015 10:56:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:KzmieoPaPX9mJK83lCITjXoUDIswFtekuFcUXaqdiYEqeSA3J3uUGsSPd6E/jv+P:KTPaPtmFjQsIdtWFh9irqeRwXsSVU

Entry address:
0x47B9E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00...
 
[+]

Entropy:
5.1394

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
279 KB (285,696 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:80)

TCP (HTTP SSL):
Connects to soagw-dmz-pc1.us.dell.com  (143.166.11.212:443)

TCP:
Connects to sc-in-f188.1e100.net  (74.125.68.188:5228)

TCP (HTTP):
Connects to rtr3.l7.search.vip.gq1.yahoo.com  (208.71.45.11:80)

TCP (HTTP SSL):
Connects to mc.yandex.ru  (87.250.250.119:443)

TCP (HTTP):
Connects to https-103-53-14-0.maa.llnw.net  (103.53.14.0:80)

TCP (HTTP SSL):
Connects to hk2sch130021246.wns.windows.com  (111.221.29.114:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-sin1.facebook.com  (31.13.79.246:443)

TCP (HTTP SSL):
Connects to ec2-52-20-120-15.compute-1.amazonaws.com  (52.20.120.15:443)

TCP (HTTP):
Connects to ec2-107-20-201-221.compute-1.amazonaws.com  (107.20.201.221:80)

TCP (HTTP SSL):
Connects to dm2301-e.1drv.com  (134.170.104.168:443)

TCP (HTTP):
Connects to cdn-111-119-17-254.bom.llnw.net  (111.119.17.254:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP SSL):
Connects to a23-57-212-172.deploy.static.akamaitechnologies.com  (23.57.212.172:443)

TCP (HTTP SSL):
Connects to a23-56-83-243.deploy.static.akamaitechnologies.com  (23.56.83.243:443)

TCP (HTTP SSL):
Connects to a23-207-150-197.deploy.static.akamaitechnologies.com  (23.207.150.197:443)

TCP (HTTP):
Connects to a23-207-145-12.deploy.static.akamaitechnologies.com  (23.207.145.12:80)

TCP (HTTP):
Connects to a23-207-144-241.deploy.static.akamaitechnologies.com  (23.207.144.241:80)

TCP (HTTP):
Connects to a23-205-218-56.deploy.static.akamaitechnologies.com  (23.205.218.56:80)

Remove internetenhancer.exe - Powered by Reason Core Security