wajaminternetenhancerapp.exe

Wajam Internet Enhancer

Wajam Internet Technologies Inc.

The file is part of Wajam, a web browser extension that injects social search integration into various search portals such as Google. The application wajaminternetenhancerapp.exe has been detected as adware by 2 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 56675 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address 32-127-232-198.static.unitasglobal.net on port 80 using the HTTP protocol.
Publisher:
Wajam Internet Technologies Inc.

Product:
Wajam Internet Enhancer

Version:
2.18.1.8

MD5:
004bca3ac55d01a5cbe55cfea3194d6f

SHA-1:
9fd40eb7af8d035b1dc929a8bf01bea3cfd71fb7

SHA-256:
33d0280fc86bc996f0bacd8946a57798a55a313ecb2f06052b31a19acd63e9a9

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/27/2024 1:53:20 AM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.Wajam
v2014.11.24.09

Reason Heuristics
PUP.WajamInternetTechnologies.Y
14.11.24.21

File size:
81 KB (82,944 bytes)

Product version:
2.18.1.8

Copyright:
Copyright © 2014

Original file name:
WajamInternetEnhancer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wajam\wajam internet enhancer\wajaminternetenhancerapp.exe

File PE Metadata
Compilation timestamp:
11/17/2014 3:19:31 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:dor/UK5xiI6XM3r9vbzLSInMIqYAA83n2ugI0usKKx:doIKXiI6Sp4LAzI3sK8

Entry address:
0x1577E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8162

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
78 KB (79,872 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:56675/

Local host port:
56675

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):

TCP (HTTP):
Connects to yts.l7.search.vip.sg3.yahoo.com  (106.10.170.144:80)

TCP:
Connects to wa-in-f188.1e100.net  (64.233.184.188:5228)

TCP (HTTP):
Connects to static.134.85.40.188.clients.your-server.de  (188.40.85.134:80)

TCP (HTTP SSL):
Connects to s3-1-w.amazonaws.com  (52.216.225.16:443)

TCP (HTTP):
Connects to s03.gcdn.eu  (144.76.108.10:80)

TCP (HTTP):
Connects to reserved-101.euroclick.com  (193.149.47.101:80)

TCP (HTTP SSL):
Connects to msnbot-65-55-252-43.search.msn.com  (65.55.252.43:443)

TCP (HTTP SSL):
Connects to li261-158.members.linode.com  (173.255.251.158:443)

TCP (HTTP):
Connects to ham02s12-in-f31.1e100.net  (173.194.113.191:80)

TCP (HTTP):
Connects to ham02s12-in-f23.1e100.net  (173.194.113.183:80)

TCP (HTTP):
Connects to ham02s12-in-f0.1e100.net  (173.194.113.160:80)

TCP (HTTP):
Connects to ham02s11-in-f4.1e100.net  (173.194.113.132:80)

TCP (HTTP):
Connects to ham02s11-in-f28.1e100.net  (173.194.113.156:80)

TCP (HTTP SSL):
Connects to gadget-updates.opera.com  (91.203.99.22:443)

TCP (HTTP SSL):
Connects to ee-in-f155.1e100.net  (173.194.65.155:443)

TCP (HTTP):
Connects to ec2-54-247-66-217.eu-west-1.compute.amazonaws.com  (54.247.66.217:80)

TCP (HTTP):
Connects to ec2-54-225-144-160.compute-1.amazonaws.com  (54.225.144.160:80)

TCP (HTTP):
Connects to ec2-54-204-2-194.compute-1.amazonaws.com  (54.204.2.194:80)

Remove wajaminternetenhancerapp.exe - Powered by Reason Core Security