WajamInternetEnhancer.exe

Wajam Internet Enhancer

Wajam Internet Technologies Inc.

The file is part of Wajam, a web browser extension that injects social search integration into various search portals such as Google. The application WajamInternetEnhancer.exe has been detected as adware by 2 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 63663 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Publisher:
Wajam Internet Technologies Inc.

Product:
Wajam Internet Enhancer

Version:
2.15.2.4

MD5:
0b20433c46aa133a7880edf8e63d733c

SHA-1:
5d8216cae5eee28e8b31c4ef086f04c6586aa747

SHA-256:
9f0b8d1ef5837a3944f24e42bff67d990a875784165a576bc15f14d3e0e9b16e

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/23/2024 7:53:22 AM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.Wajam
v2014.09.23.01

Reason Heuristics
PUP.WajamInternetTechnologies.V
14.9.23.13

File size:
82.5 KB (84,480 bytes)

Product version:
2.15.2.4

Copyright:
Copyright © 2014

Original file name:
WajamInternetEnhancer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wajam\wajam internet enhancer\wajaminternetenhancer.exe

File PE Metadata
Compilation timestamp:
9/16/2014 7:26:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:n2xzUxTtaIfYxA8K9vnSJvleC0o3My2qGfvibCC7MSwLdVf/7yQngVY:2xKTtaEYxVKPSJlomj85Vf7

Entry address:
0x15BFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.7618

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
79.5 KB (81,408 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:63663/

Local host port:
63663

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-236-169-21.compute-1.amazonaws.com  (54.236.169.21:80)

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to ec2-54-173-56-234.compute-1.amazonaws.com  (54.173.56.234:80)

TCP (HTTP):
Connects to snt-re4-9c.sjc.dropbox.com  (108.160.163.111:80)

TCP (HTTP):
Connects to snt-re3-10d.sjc.dropbox.com  (108.160.162.116:80)

TCP (HTTP SSL):
Connects to server-54-230-174-93.bom2.r.cloudfront.net  (54.230.174.93:443)

TCP (HTTP SSL):
Connects to sa-in-f100.1e100.net  (74.125.200.100:443)

TCP (HTTP):
Connects to redirector2.dynect.net  (216.146.46.11:80)

TCP (HTTP):
Connects to maa03s16-in-f24.1e100.net  (74.125.236.184:80)

TCP (HTTP SSL):
Connects to maa03s04-in-f9.1e100.net  (74.125.236.41:443)

TCP (HTTP SSL):
Connects to kul06s07-in-f21.1e100.net  (173.194.120.117:443)

TCP (HTTP SSL):
Connects to host50.akamai.com  (165.254.32.50:443)

TCP (HTTP):
Connects to esd-element5.digitalriver.com  (85.255.19.42:80)

TCP (HTTP SSL):
Connects to edge-star-shv-09-mia1.facebook.com  (31.13.73.129:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sin6.facebook.com  (157.240.7.35:443)

TCP (HTTP):
Connects to ec2-54-245-246-1.us-west-2.compute.amazonaws.com  (54.245.246.1:80)

TCP (HTTP):
Connects to ec2-54-197-238-106.compute-1.amazonaws.com  (54.197.238.106:80)

TCP (HTTP):
Connects to ec2-54-194-61-162.eu-west-1.compute.amazonaws.com  (54.194.61.162:80)

TCP (HTTP):
Connects to ec2-54-194-28-61.eu-west-1.compute.amazonaws.com  (54.194.28.61:80)

TCP (HTTP SSL):

Remove WajamInternetEnhancer.exe - Powered by Reason Core Security