WajamInternetEnhancer.exe

Wajam Internet Enhancer

Wajam Internet Technologies Inc.

The file is part of Wajam, a web browser extension that injects social search integration into various search portals such as Google. The application WajamInternetEnhancer.exe has been detected as adware by 10 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 50382 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Publisher:
Wajam Internet Technologies Inc.

Product:
Wajam Internet Enhancer

Version:
2.15.2.5

MD5:
2471c5d39d1c605a687969e7339afdbf

SHA-1:
f631228478a13dc9d17eddded540f3c9cf25f98b

SHA-256:
d1b3ef47fc9554b1c420622ef0940dbc4caafcf2e0e31230795c469e79955c68

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
11/22/2024 9:50:52 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.OMF
838

Avira AntiVirus
TR/Trash.Gen
7.11.30.172

Bitdefender
Adware.Agent.OMF
1.0.20.1460

Emsisoft Anti-Malware
Adware.Agent.OMF
8.14.10.19.01

F-Secure
Adware.Agent.OMF
11.2014-19-10_1

G Data
Adware.Agent.OMF
14.10.24

MicroWorld eScan
Adware.Agent.OMF
15.0.0.876

nProtect
Adware.Agent.OMF
14.10.19.01

Reason Heuristics
PUP.WajamInternetTechnologies.V
14.10.19.13

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10290

File size:
82.5 KB (84,480 bytes)

Product version:
2.15.2.5

Copyright:
Copyright © 2014

Original file name:
WajamInternetEnhancer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wajam\wajam internet enhancer\wajaminternetenhancer.exe

File PE Metadata
Compilation timestamp:
9/25/2014 8:23:08 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:l2xzUxTtaIfYxA8K9vnSJvleC0o3My2qGfvibCz7MSwL1Vf/RyQngVF:ExKTtaEYxVKPSJlome8hVfY

Entry address:
0x15BFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
79.5 KB (81,408 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:50382/

Local host port:
50382

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www1.avira.com  (62.146.210.52:80)

TCP (HTTP SSL):
Connects to qh-in-f95.1e100.net  (74.125.22.95:443)

TCP (HTTP SSL):
Connects to qg-in-f191.1e100.net  (74.125.29.191:443)

TCP (HTTP):
Connects to ord08s06-in-f19.1e100.net  (74.125.225.51:80)

TCP (HTTP):
Connects to me-vip4.ielo.smile.fr  (195.54.62.112:80)

TCP (HTTP):
Connects to lga15s47-in-f8.1e100.net  (173.194.123.40:80)

TCP (HTTP):
Connects to lga15s47-in-f31.1e100.net  (173.194.123.63:80)

TCP (HTTP):
Connects to lga15s45-in-f7.1e100.net  (74.125.226.167:80)

TCP (HTTP SSL):
Connects to lga15s45-in-f6.1e100.net  (74.125.226.166:443)

TCP (HTTP):
Connects to lga15s45-in-f2.1e100.net  (74.125.226.162:80)

TCP (HTTP):
Connects to lga15s45-in-f14.1e100.net  (74.125.226.174:80)

TCP (HTTP):
Connects to lga15s45-in-f12.1e100.net  (74.125.226.172:80)

TCP (HTTP):
Connects to lga15s45-in-f11.1e100.net  (74.125.226.171:80)

TCP (HTTP):
Connects to lga15s45-in-f10.1e100.net  (74.125.226.170:80)

TCP (HTTP):
Connects to lga15s45-in-f0.1e100.net  (74.125.226.160:80)

TCP (HTTP):
Connects to lga15s43-in-f6.1e100.net  (74.125.226.38:80)

TCP (HTTP):
Connects to lga15s43-in-f11.1e100.net  (74.125.226.43:80)

TCP (HTTP):
Connects to jeanmarcmorandini.com  (46.105.36.20:80)

TCP (HTTP):
Connects to gpaas10.dc0.gandi.net  (217.70.180.150:80)

TCP (HTTP):
Connects to cldmon.rbx2.vdc.bitdefender.net  (37.59.67.146:80)

Remove WajamInternetEnhancer.exe - Powered by Reason Core Security