home

wajam_64.exe

The application wajam_64.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Wajam Web Enhancer”. While running, it connects to the Internet address e3-1230v2.bl-ash0.1.1.2.5.a4.securedservers.com on port 80 using the HTTP protocol.
Version:
1.49.11.12

MD5:
73f1db39cc310cc31a2b3902ad9aa4d5

SHA-1:
42ac3baa5d63aec464e387ae0d446735c1e525a5

SHA-256:
e9c2d7dd041215628f26d01281d78616f4b5274b564a3527b4fb0bec23d36b3d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/11/2025 10:11:51 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Meta (M)
15.7.27.23

File size:
1.9 MB (2,039,808 bytes)

Product version:
1.49.11.12

Copyright:
Copyright (C) 2014

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\wajawebenhancer\wajam_64.exe

File PE Metadata
Compilation timestamp:
7/16/2015 10:00:04 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:wW6waRcy6rtkbTireTGRmrMFeXmX1KH2thsdTKm:74rIFn

Entry address:
0xD4AC4

Entry point:
48, 83, EC, 28, E8, FB, 05, 02, 00, 48, 83, C4, 28, E9, 36, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 18, 48, 89, 4C, 24, 08, 55, 56, 57, 41, 54, 41, 55, 41, 56, 41, 57, 48, 83, EC, 20, 41, 8B, E9, 45, 8B, F0, 4C, 8B, FA, 48, 85, D2, 74, 03, 48, 89, 0A, 48, 85, C9, 75, 17, E8, 50, E1, FF, FF, C7, 00, 16, 00, 00, 00, E8, 85, F3, 00, 00, 33, C0, E9, 8D, 01, 00, 00, 45, 85, C0, 74, 09, 41, 8D, 40, FE, 83, F8, 22, 77, DB, 0F, B7, 31, 33, FF, 48, 8D, 59, 02, 44, 8D, 6F, 08, EB, 07, 0F, B7, 33, 48, 83, C3, 02, 41, 8B...
 
[+]

Entropy:
6.2058

Code size:
1.3 MB (1,342,464 bytes)

Service
Display name:
Wajam Web Enhancer

Description:
Enhances experience when browsing the web.

Type:
Win32OwnProcess

Depends on:
RPCSS


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to e3-1230v2.bl-ash0.1.1.2.5.a4.securedservers.com  (131.153.5.194:80)

Remove wajam_64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.