home

3d47c94a4e2f6186895abd2607e46031.exe

The application 3d47c94a4e2f6186895abd2607e46031.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 57283 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address 61-91-16-77.static.asianet.co.th on port 443.
Version:
2.40.2.43

MD5:
a8cc63a4f7e3094568464e62f50cccf0

SHA-1:
f503de656111682258e351022c17b63e498743aa

SHA-256:
49eb56e9f81b8ba9a3ae08d479df4fbdbd8f002980249f0434019cd0c8e6b447

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 11:24:21 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Meta (M)
16.1.21.15

File size:
492.5 KB (504,320 bytes)

Product version:
2.40.2.43

Original file name:
PEFIPH.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wanetworkenhancer\wanetworkenhancer internet enhancer\3d47c94a4e2f6186895abd2607e46031.exe

File PE Metadata
Compilation timestamp:
1/14/2016 6:19:08 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:CJaWUGzGads2usi60fvwJ2ievotAGmQ8aDn7UbzybRs:CJaWjxfxeAXa

Entry address:
0x7C6CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
490 KB (501,760 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:57283/

Local host port:
57283

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to 61-91-17-82.static.asianet.co.th  (61.91.17.82:443)

TCP (HTTP SSL):
Connects to TIG-Net17-46.trueintergateway.com  (27.123.17.46:443)

TCP (HTTP):
Connects to ec2-54-235-182-183.compute-1.amazonaws.com  (54.235.182.183:80)

TCP (HTTP SSL):
Connects to TIG-Net18-145.trueintergateway.com  (27.123.18.145:443)

TCP (HTTP SSL):
Connects to TIG-Net17-99.trueintergateway.com  (27.123.17.99:443)

TCP (HTTP SSL):
Connects to TIG-Net17-112.trueintergateway.com  (27.123.17.112:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:80)

TCP (HTTP):
Connects to ip184.ip-217-182-14.eu  (217.182.14.184:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-kut2.facebook.com  (157.240.10.35:443)

TCP (HTTP):
Connects to ec2-54-243-128-145.compute-1.amazonaws.com  (54.243.128.145:80)

TCP (HTTP SSL):
Connects to ec2-34-192-150-200.compute-1.amazonaws.com  (34.192.150.200:443)

TCP (HTTP):
Connects to d117155148.ppp117155.cyberway.com.sg  (203.117.155.148:80)

TCP (HTTP SSL):
Connects to 61-91-161-204.static.asianet.co.th  (61.91.161.204:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sin6.fbcdn.net  (157.240.7.26:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-kut2.fbcdn.net  (157.240.10.23:443)

TCP (HTTP):
Connects to unknown.telstraglobal.net  (210.176.156.45:80)

TCP (HTTP):
Connects to um-21.btrll.com  (162.208.22.39:80)

TCP (HTTP):
Connects to tp00-hk2.everesttech.net  (66.117.25.36:80)

TCP (HTTP SSL):
Connects to TIG-Net17-88.trueintergateway.com  (27.123.17.88:443)

TCP (HTTP SSL):
Connects to t3-ha.ycpi.sgb.yahoo.com  (119.161.11.99:443)

Remove 3d47c94a4e2f6186895abd2607e46031.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.