home

0da27065a62811841014985a6061372a.exe

The application 0da27065a62811841014985a6061372a.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address by3301-e.1drv.com on port 443.
Version:
2.39.2.6

MD5:
af3b4c168bb5826f2b14c8d713ff01a4

SHA-1:
f1b0cac231e9d1c59642116306cb4c3e712e218c

SHA-256:
7060cc1c7c007424b496633cd44a3516c77d7a5dc89f52f22b46786137c4ddca

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/27/2024 4:12:42 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Meta (M)
16.2.9.21

File size:
559 KB (572,416 bytes)

Product version:
2.39.2.6

Original file name:
8LEJFL.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wnetenhancer\wnetenhancer internet enhancer\0da27065a62811841014985a6061372a.exe

File PE Metadata
Compilation timestamp:
10/28/2015 7:08:29 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:U3rpcz0H3kbJJs0z1hOwlhBlR5Zqb+xcwOUybRs:U3rpc/X1zPSI

Entry address:
0x8D13E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.8388

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
556.5 KB (569,856 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to coccoc.com  (123.30.175.11:443)

TCP (HTTP SSL):
Connects to ec2-52-73-109-231.compute-1.amazonaws.com  (52.73.109.231:443)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.82.82:80)

TCP (HTTP):
Connects to a23-66-153-141.deploy.static.akamaitechnologies.com  (23.66.153.141:80)

TCP (HTTP):
Connects to 94.31.29.54.IPYX-077437-ZYO.above.net  (94.31.29.54:80)

TCP (HTTP):
Connects to 113-125-232-198.static.unitasglobal.net  (198.232.125.113:80)

TCP (HTTP):
Connects to ec2-52-72-239-216.compute-1.amazonaws.com  (52.72.239.216:80)

TCP (HTTP):
Connects to ec2-23-23-73-238.compute-1.amazonaws.com  (23.23.73.238:80)

TCP (HTTP):
Connects to ec2-23-23-248-231.compute-1.amazonaws.com  (23.23.248.231:80)

TCP (HTTP):
Connects to ec2-184-73-223-201.compute-1.amazonaws.com  (184.73.223.201:80)

TCP (HTTP SSL):
Connects to 206-225-84-180.dedicated.codero.net  (206.225.84.180:443)

TCP (HTTP):
Connects to ec2-54-244-112-195.us-west-2.compute.amazonaws.com  (54.244.112.195:80)

TCP (HTTP SSL):
Connects to ec2-52-6-82-78.compute-1.amazonaws.com  (52.6.82.78:443)

TCP (HTTP):
Connects to ec2-50-17-181-149.compute-1.amazonaws.com  (50.17.181.149:80)

TCP (HTTP SSL):
Connects to by3301-e.1drv.com  (134.170.108.72:443)

TCP (HTTP SSL):
Connects to waws-prod-sg1-005.cloudapp.net  (23.101.27.182:443)

TCP (HTTP):
Connects to server-54-182-2-66.hkg51.r.cloudfront.net  (54.182.2.66:80)

TCP (HTTP):
Connects to server-54-182-2-30.hkg51.r.cloudfront.net  (54.182.2.30:80)

TCP (HTTP SSL):
Connects to msnbot-157-55-109-232.search.msn.com  (157.55.109.232:443)

TCP (HTTP):
Connects to ec2-54-89-42-207.compute-1.amazonaws.com  (54.89.42.207:80)

Remove 0da27065a62811841014985a6061372a.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.