internetenhancer.exe

BV9S6E

The application internetenhancer.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 52607 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Product:
BV9S6E

Version:
2.35.2.26

MD5:
f1356d342fa18114da6754e83c963786

SHA-1:
efa3634b9c003466423070536269fe17dd695a02

SHA-256:
88d75dd637ca8d8e5f7077cec2958f88ae91eabffffc35ac63b951a76e980843

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/2/2024 7:28:39 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Meta (M)
15.8.13.14

File size:
265.5 KB (271,872 bytes)

Product version:
2.35.2.26

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wajinterenhancer\wajinterenhancer internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
8/12/2015 11:24:15 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:BySpG0DbWGbwxdueP1brGp/jqR39b3XmTkpiDJvhWBG:BySplzdeP1HGp/WR39b3WIiDJvh8G

Entry address:
0x43AFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.1369

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
263 KB (269,312 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:52607/

Local host port:
52607

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a104-105-29-226.deploy.static.akamaitechnologies.com  (104.105.29.226:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sin6.facebook.com  (157.240.7.35:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to edge-star-shv-01-sin6.facebook.com  (157.240.7.20:443)

TCP (HTTP):
Connects to customer.sharktech.net  (104.160.178.242:80)

TCP (HTTP):
Connects to 74.113.237.180.lv.iaccap.com  (74.113.237.180:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:80)

TCP (HTTP):
Connects to ec2-23-21-57-51.compute-1.amazonaws.com  (23.21.57.51:80)

TCP (HTTP):
Connects to b-app04-02.boldchat.com  (66.150.108.57:80)

TCP (HTTP SSL):
Connects to text-lb.ulsfo.wikimedia.org  (198.35.26.96:443)

TCP (HTTP):
Connects to haproxy9.ca.servers.visadd.com  (142.4.193.32:80)

TCP (HTTP):
Connects to ec2-54-210-36-181.compute-1.amazonaws.com  (54.210.36.181:80)

TCP (HTTP SSL):
Connects to ec2-52-72-157-241.compute-1.amazonaws.com  (52.72.157.241:443)

TCP (HTTP):
Connects to ec2-52-71-31-137.compute-1.amazonaws.com  (52.71.31.137:80)

TCP (HTTP SSL):
Connects to ec2-52-6-82-78.compute-1.amazonaws.com  (52.6.82.78:443)

TCP (HTTP):
Connects to ec2-52-206-182-223.compute-1.amazonaws.com  (52.206.182.223:80)

TCP (HTTP SSL):
Connects to ec2-52-20-120-15.compute-1.amazonaws.com  (52.20.120.15:443)

TCP (HTTP):

TCP (HTTP):
Connects to ec2-23-21-135-55.compute-1.amazonaws.com  (23.21.135.55:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sin6.fbcdn.net  (157.240.7.26:443)

Remove internetenhancer.exe - Powered by Reason Core Security