WajamInternetEnhancer.exe

The file WajamInternetEnhancer.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. While running, it connects to the Internet address bay407-m.hotmail.com on port 443.
Version:
2.26.2.16

MD5:
d2d8442a92e68e14dbfa18b96ff0325f

SHA-1:
5f29c647839855e52b1971c822b201242f1761ec

SHA-256:
6508646aed616b059cb10c5fae1e27941d13aeda7902a029fc76a46fc5288973

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 10:55:21 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.558958
702

Baidu Antivirus
PUA.MSIL.Wajam
4.0.3.1535

Bitdefender
Gen:Variant.Kazy.558958
1.0.20.320

Emsisoft Anti-Malware
Gen:Variant.Kazy.558958
8.15.03.05.08

ESET NOD32
MSIL/Wajam.B potentially unwanted (variant)
9.11236

F-Secure
Gen:Variant.Kazy.558958
11.2015-05-03_5

G Data
Gen:Variant.Kazy.558958
15.3.25

MicroWorld eScan
Gen:Variant.Kazy.558958
16.0.0.192

Trend Micro House Call
TROJ_GEN.R0C1H09BQ15
7.2.64

File size:
76 KB (77,824 bytes)

Product version:
2.26.2.16

Original file name:
WajamInternetEnhancer.exe

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\nodd3fd.tmp

File PE Metadata
Compilation timestamp:
2/25/2015 7:31:50 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:Qx7wMwYMrxM+LXo0+7am6H8hQLTUmUtlEn3Ta1y:6wYMrhL40iNh4hOOj2y

Entry address:
0x1459E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00...
 
[+]

Entropy:
5.8141

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
73.5 KB (75,264 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to bay407-m.hotmail.com  (65.54.225.168:443)

TCP (HTTP):
Connects to https-178-79-242-0.fra.llnw.net  (178.79.242.0:80)

TCP (HTTP SSL):
Connects to www-bs.gmx.net  (82.165.229.46:443)

TCP (HTTP SSL):
Connects to snt405-m.hotmail.com  (65.55.68.120:443)

TCP (HTTP SSL):
Connects to wa.ui-portal.de  (213.165.65.172:443)

TCP (HTTP SSL):
Connects to pixelbox.uimserv.net  (195.20.250.231:443)

TCP (HTTP):
Connects to https-178-79-242-128.fra.llnw.net  (178.79.242.128:80)

TCP (HTTP SSL):
Connects to ec2-34-192-150-200.compute-1.amazonaws.com  (34.192.150.200:443)

TCP (HTTP SSL):
Connects to de3.ioam.de  (91.215.103.65:443)

TCP (HTTP SSL):
Connects to ad11.adfarm1.adition.com  (85.114.159.112:443)

TCP (HTTP SSL):
Connects to a104-125-19-57.deploy.static.akamaitechnologies.com  (104.125.19.57:443)

Remove WajamInternetEnhancer.exe - Powered by Reason Core Security