» wajaminternetenhancerapp.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (89)

wajaminternetenhancerapp.exe

Internet Enhancer

The application wajaminternetenhancerapp.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 51756 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program Wajam which is a potentially unwanted software program. While running, it connects to the Internet address server-54-192-150-14.sin2.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

Product:

Internet Enhancer

Version:

2.19.2.6

MD5:

2342a1543a75a21f65a3f2942dd4044f

SHA-1:

384430d0db71722482486fae57b179f2a27e29cc

SHA-256:

63c6bbbbde3ac628dda6f7cdc8192fa52bfe444667e1db2a5bb56c2e3997426d

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/25/2024 3:44:36 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Wajam.Meta

15.6.15.10

File size:

81 KB (82,944 bytes)

Product version:

2.19.2.6

Original file name:

WajamInternetEnhancer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\wajam\wajam internet enhancer\wajaminternetenhancerapp.exe

File PE Metadata

Compilation timestamp:

12/2/2014 9:56:26 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:mp/+g+sxaQQ85+3pfTefSWazmxuhbZKe:pnqt5kf/WazR3

Entry address:

0x1592E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

78.5 KB (80,384 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:51756/

Local host port:

51756

Default credentials:

The file wajaminternetenhancerapp.exe has been discovered within the following program.

Wajam by Wajam

Wajam is a search-enhancement product, but it does not change homepage or search. This product shows display and/or text ads into third-party websites which may alter normal web page layouts.

www.wajam.com

73% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-sin6.facebook.com (157.240.7.35:443)

TCP (HTTP SSL):

Connects to edge-z-m-mini-shv-01-sin6.facebook.com (157.240.7.36:443)

TCP (HTTP SSL):

Connects to ec2-34-199-132-228.compute-1.amazonaws.com (34.199.132.228:443)

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-01-sin6.fbcdn.net (157.240.7.26:443)

TCP (HTTP SSL):

Connects to edge-star-shv-01-sin6.facebook.com (157.240.7.20:443)

TCP (HTTP SSL):

Connects to ec2-52-72-157-241.compute-1.amazonaws.com (52.72.157.241:443)

TCP (HTTP SSL):

Connects to a-0001.a-msedge.net (204.79.197.200:443)

TCP (HTTP):

Connects to ocsp.comodoca.com (178.255.83.1:80)

TCP (HTTP SSL):

Connects to edge-video-shv-01-sin6.fbcdn.net (157.240.7.21:443)

TCP (HTTP):

Connects to a23-15-155-27.deploy.static.akamaitechnologies.com (23.15.155.27:80)

TCP (HTTP SSL):

Connects to svx-tsel-208-68-bns-tbs.telkomsel.com (202.3.208.68:443)

TCP (HTTP):

Connects to server-52-85-77-193.lax3.r.cloudfront.net (52.85.77.193:80)

TCP (HTTP):

Connects to ip184.ip-217-182-14.eu (217.182.14.184:80)

TCP (HTTP):

Connects to hwcdn.net (69.16.175.10:80)

TCP (HTTP):

Connects to haproxy9.ca.servers.visadd.com (142.4.193.32:80)

TCP (HTTP SSL):

Connects to ec2-107-22-241-244.compute-1.amazonaws.com (107.22.241.244:443)

TCP (HTTP):

Connects to e1.ttms.eu (46.105.156.67:80)

TCP (HTTP):

Connects to 80.75.c0ad.ip4.static.sl-reverse.com (173.192.117.128:80)

TCP (HTTP):

Connects to 131.subnet180-250-66.speedy.telkom.net.id (180.250.66.131:80)

TCP (HTTP):

Connects to server-54-230-150-95.sin2.r.cloudfront.net (54.230.150.95:80)

Remove wajaminternetenhancerapp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.