WajamInternetEnhancer.exe

Wajam Internet Enhancer

Wajam Internet Technologies Inc.

The file is part of Wajam, a web browser extension that injects social search integration into various search portals such as Google. The application WajamInternetEnhancer.exe has been detected as adware by 2 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 50002 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Publisher:
Wajam Internet Technologies Inc.

Product:
Wajam Internet Enhancer

Version:
2.15.3.3

MD5:
fa802bb726cfb088e58dd22824626d02

SHA-1:
cc0e55892f6ce9cd3202b22b0968ea4e13fabb76

SHA-256:
37cc34cc59bb6f1261ce504deda3c7650e8a99869c2472fbb5a4aea1a3b253d4

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/27/2024 12:24:00 AM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.Wajam
v2014.11.13.10

Reason Heuristics
PUP.WajamInternetTechnologies.V
14.11.13.22

File size:
82 KB (83,968 bytes)

Product version:
2.15.3.3

Copyright:
Copyright © 2014

Original file name:
WajamInternetEnhancer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wajam\wajam internet enhancer\wajaminternetenhancer.exe

File PE Metadata
Compilation timestamp:
11/12/2014 12:22:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:1+DXzGE33CZ6NNDjmijyvgGlzl+rGuo37+OgFP:1UXz9COmieth2G97E

Entry address:
0x15B4E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8139

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
79 KB (80,896 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:50002/

Local host port:
50002

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to customer.sharktech.net  (104.160.178.242:80)

TCP (HTTP):
Connects to c4.3e.559e.ip4.static.sl-reverse.com  (158.85.62.196:80)

TCP (HTTP):
Connects to 109.186.211.130.bc.googleusercontent.com  (130.211.186.109:80)

TCP (HTTP SSL):
Connects to li1607-198.members.linode.com  (139.162.123.198:443)

TCP (HTTP SSL):
Connects to imap.oldoakserial.com  (64.110.24.155:443)

TCP (HTTP):
Connects to ec2-52-54-192-54.compute-1.amazonaws.com  (52.54.192.54:80)

TCP (HTTP):
Connects to a104-108-120-165.deploy.static.akamaitechnologies.com  (104.108.120.165:80)

TCP (HTTP):
Connects to 149-210-169-43.colo.transip.net  (149.210.169.43:80)

TCP (HTTP SSL):
Connects to media-router-fp1.prod.media.vip.tp2.yahoo.com  (203.188.200.67:443)

TCP (HTTP SSL):
Connects to maa03s05-in-f8.1e100.net  (74.125.236.72:443)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to ec2-54-243-186-204.compute-1.amazonaws.com  (54.243.186.204:80)

TCP (HTTP SSL):
Connects to ec2-34-192-150-200.compute-1.amazonaws.com  (34.192.150.200:443)

TCP (HTTP):
Connects to e5-ha.ycpi.hkb.yahoo.com  (119.161.9.49:80)

TCP (HTTP SSL):
Connects to e4-ha.ycpi.hkb.yahoo.com  (119.161.9.149:443)

TCP (HTTP):
Connects to e3-ha.ycpi.hkb.yahoo.com  (119.161.9.99:80)

TCP (HTTP):
Connects to e2-ha.ycpi.hkb.yahoo.com  (119.161.8.199:80)

TCP (HTTP):
Connects to e1.ycpi.vip.tpb.yahoo.com  (124.108.101.57:80)

Remove WajamInternetEnhancer.exe - Powered by Reason Core Security