036629fbd4864725737a8ba8fe7e8cd6.exe

The application 036629fbd4864725737a8ba8fe7e8cd6.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address coccoc.com on port 443.
Version:
2.40.10.8

MD5:
a64241c508d441839bd120c13f5ed4e5

SHA-1:
c0760c1810f842063277e210d5cd827233015b5c

SHA-256:
5db6876b7f4944de844dbfd7391c54781301e63921c62ed9252409b960cecc4c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
6/23/2018 3:11:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Meta (M)
16.1.22.21

File size:
488.5 KB (500,224 bytes)

Product version:
2.40.10.8

Original file name:
CP2AE6.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wanetworkenhancer\wanetworkenhancer internet enhancer\036629fbd4864725737a8ba8fe7e8cd6.exe

File PE Metadata
Compilation timestamp:
1/19/2016 10:47:53 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:s9kxbFXoEoZCRyXpotG6pTZoAZbGvME+nXybRs:sW34O

Entry address:
0x7B76E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.8058

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
486 KB (497,664 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to coccoc.com  (123.30.175.11:80)

TCP (HTTP):
Connects to 74.113.237.180.lv.iaccap.com  (74.113.237.180:80)

TCP (HTTP SSL):
Connects to vip170.ssl.hwcdn.net  (205.185.208.170:443)

TCP (HTTP):
Connects to sv-80054.bkns.vn  (103.48.80.54:80)

TCP (HTTP SSL):
Connects to static.vnpt.vn  (113.171.238.118:443)

TCP (HTTP SSL):
Connects to mc.yandex.ru  (87.250.251.119:443)

TCP (HTTP SSL):
Connects to hk2sch130021032.wns.windows.com  (111.221.29.100:443)

TCP (HTTP SSL):
Connects to ec2-52-72-157-241.compute-1.amazonaws.com  (52.72.157.241:443)

TCP (HTTP SSL):
Connects to ec2-34-192-150-200.compute-1.amazonaws.com  (34.192.150.200:443)

TCP (HTTP):
Connects to d117155148.ppp117155.cyberway.com.sg  (203.117.155.148:80)

TCP (HTTP):
Connects to a23-60-133-163.deploy.static.akamaitechnologies.com  (23.60.133.163:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-fra3.fbcdn.net  (31.13.93.7:443)

TCP (HTTP SSL):
Connects to waws-prod-bay-003.cloudapp.net  (137.117.17.70:443)

TCP (HTTP):
Connects to static.vdc.com.vn  (113.164.15.35:80)

TCP (HTTP SSL):
Connects to sinkhole-01.sinkhole.tech  (95.211.174.92:443)

TCP (HTTP SSL):
Connects to server-54-230-9-182.lhr3.r.cloudfront.net  (54.230.9.182:443)

TCP (HTTP):
Connects to server-52-85-221-180.cdg50.r.cloudfront.net  (52.85.221.180:80)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:443)

TCP (HTTP SSL):
Connects to no-dns-yet.demon.co.uk  (212.240.141.45:443)

TCP (HTTP SSL):
Connects to hwcdn.net  (69.16.175.10:443)

Remove 036629fbd4864725737a8ba8fe7e8cd6.exe - Powered by Reason Core Security