» internetenhancer.exe
Overview
Analysis
File Details
Network (20)

internetenhancer.exe

H2LGKZ

The application internetenhancer.exe has been detected as a potentially unwanted program by 11 anti-malware scanners.

File name:

Product:

H2LGKZ

Version:

2.34.2.13

MD5:

029b64e4a5b0c0f765a853f25e1c1466

SHA-1:

e3a6f71bf00e84b4eb9b39c6456e530471a3c080

SHA-256:

76ebd042b6148b2a7a276a1dc234638db4aaa1ec09cd15aa6515c36b80055a85

Scanner detections:

11 / 68

Status:

Potentially unwanted

Analysis date:

4/4/2025 5:32:56 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Barys.16731

555

Arcabit

Trojan.Barys.D415B

1.0.0.425

Baidu Antivirus

Adware.Win32.Wajam

4.0.3.15730

Bitdefender

Gen:Variant.Barys.16731

1.0.20.1055

Emsisoft Anti-Malware

Gen:Variant.Barys.16731

8.15.07.30.03

F-Secure

Gen:Variant.Barys.16731

11.2015-30-07_5

G Data

Gen:Variant.Barys.16731

15.7.25

McAfee

Artemis!029B64E4A5B0

5600.6689

MicroWorld eScan

Gen:Variant.Barys.16731

16.0.0.633

Qihoo 360 Security

Win32/Trojan.f5c

1.0.0.1015

Reason Heuristics

PUP.Wajam.Meta (M)

16.1.29.8

File size:

268.5 KB (274,944 bytes)

Product version:

2.34.2.13

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\wainterenhancer\wainterenhancer internet enhancer\internetenhancer.exe

File PE Metadata

Compilation timestamp:

7/17/2015 9:56:58 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:taGVAZ9OEFSBwOaK45JkZ78cWEFtg1iPX:t9VAZYwOaK45OZ7RoA

Entry address:

0x4470E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.1452

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

266 KB (272,384 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to advanced575.inmotionhosting.com (66.117.15.144:80)

TCP (HTTP):

Connects to li491-84.members.linode.com (50.116.29.84:80)

TCP (HTTP SSL):

Connects to ec2-54-85-33-70.compute-1.amazonaws.com (54.85.33.70:443)

TCP (HTTP):

Connects to server-52-84-162-220.txl51.r.cloudfront.net (52.84.162.220:80)

TCP (HTTP):

Connects to s3.eu-central-1.amazonaws.com (54.231.192.49:80)

TCP (HTTP SSL):

Connects to https-178-79-242-211.fra.llnw.net (178.79.242.211:443)

TCP (HTTP SSL):

Connects to ec2-54-68-163-195.us-west-2.compute.amazonaws.com (54.68.163.195:443)

TCP (HTTP SSL):

Connects to ec2-52-38-152-98.us-west-2.compute.amazonaws.com (52.38.152.98:443)

TCP (HTTP SSL):

Connects to ec2-52-36-25-41.us-west-2.compute.amazonaws.com (52.36.25.41:443)

TCP (HTTP):

Connects to ec2-50-112-122-210.us-west-2.compute.amazonaws.com (50.112.122.210:80)

TCP (HTTP):

Connects to e2.ycpi.vip.deb.yahoo.com (87.248.118.23:80)

TCP (HTTP):

Connects to a104-81-52-80.deploy.static.akamaitechnologies.com (104.81.52.80:80)

TCP (HTTP):

Connects to a104-81-38-101.deploy.static.akamaitechnologies.com (104.81.38.101:80)

TCP (HTTP):

Connects to a104-125-66-81.deploy.static.akamaitechnologies.com (104.125.66.81:80)

TCP (HTTP SSL):

Connects to a104-124-133-20.deploy.static.akamaitechnologies.com (104.124.133.20:443)

TCP (HTTP):

Connects to a104-102-47-52.deploy.static.akamaitechnologies.com (104.102.47.52:80)

TCP (HTTP):

Connects to a104-102-42-110.deploy.static.akamaitechnologies.com (104.102.42.110:80)

TCP (HTTP SSL):

Connects to ieonlinews.microsoft.com (131.253.34.240:443)

TCP (HTTP SSL):

Connects to bn3p-cor001.api.p001.1drv.com (104.44.88.103:443)

Remove internetenhancer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.