home

46e008dcbf4dc17cefce392a554d7408.exe

The application 46e008dcbf4dc17cefce392a554d7408.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 49334 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address server-54-230-197-82.lhr50.r.cloudfront.net on port 80 using the HTTP protocol.
Version:
2.37.12.1

MD5:
158ca04ab3e1dfa4e03bf47a602450b4

SHA-1:
731eae77c823d28c75fb4f7ce52152a427de4d86

SHA-256:
1e99fe832964f6ab20161d167bd1b3ca48cedfd33668cd12a842adf47946be8b

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 8:53:18 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.759538
447

Arcabit
Trojan.Kazy.DB96F2
1.0.0.585

Baidu Antivirus
Adware.Win32.Wajam
4.0.3.151115

Bitdefender
Gen:Variant.Kazy.759538
1.0.20.1595

Emsisoft Anti-Malware
Gen:Variant.Kazy.759538
8.15.11.15.05

F-Secure
Gen:Variant.Kazy.759538
11.2015-15-11_1

G Data
Gen:Variant.Kazy.759538
15.11.25

McAfee
Artemis!158CA04AB3E1
5600.6581

MicroWorld eScan
Gen:Variant.Kazy.759538
16.0.0.957

Reason Heuristics
PUP.Wajam.Meta (M)
16.2.9.21

Rising Antivirus
PE:Trojan.FakeIcon!1.64A5[F1]
23.00.65.151011

File size:
310.5 KB (317,952 bytes)

Product version:
2.37.12.1

Original file name:
BQMQA5.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wnetenhancer\wnetenhancer internet enhancer\46e008dcbf4dc17cefce392a554d7408.exe

File PE Metadata
Compilation timestamp:
10/7/2015 7:35:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:NQi0slefdkO9i65mHqaxiFNclXOa/1Dc5vx8htBuR94e:Nnlefdlr5mKaxiFNclXTC5vx8htBcF

Entry address:
0x4EE7E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
308 KB (315,392 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49334/

Local host port:
49334

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to edge-star-shv-01-hkg3.facebook.com  (31.13.95.8:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-hkg3.facebook.com  (31.13.95.36:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:80)

TCP (HTTP SSL):
Connects to 125.235.17.141.adsl.viettel.vn  (125.235.17.141:443)

TCP (HTTP):
Connects to coccoc.com  (123.30.175.29:80)

TCP (HTTP SSL):
Connects to 125.235.30.231.adsl.viettel.vn  (125.235.30.231:443)

TCP (HTTP SSL):
Connects to mc.yandex.ru  (213.180.193.119:443)

TCP (HTTP):
Connects to ip-50-63-202-45.ip.secureserver.net  (50.63.202.45:80)

TCP (HTTP):
Connects to 125.235.4.59.adsl.viettel.vn  (125.235.4.59:80)

TCP (HTTP SSL):
Connects to 125.235.36.55.adsl.viettel.vn  (125.235.36.55:443)

TCP (HTTP SSL):
Connects to 125.235.36.30.adsl.viettel.vn  (125.235.36.30:443)

TCP (HTTP):
Connects to 125.235.36.153.adsl.viettel.vn  (125.235.36.153:80)

TCP (HTTP SSL):
Connects to 125.235.36.109.adsl.viettel.vn  (125.235.36.109:443)

TCP (HTTP SSL):
Connects to 125.235.30.237.adsl.viettel.vn  (125.235.30.237:443)

TCP (HTTP SSL):
Connects to 125.235.17.89.adsl.viettel.vn  (125.235.17.89:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-hkg3.fbcdn.net  (31.13.95.12:443)

TCP (HTTP):
Connects to server-54-230-197-82.lhr50.r.cloudfront.net  (54.230.197.82:80)

TCP (HTTP SSL):
Connects to server-54-192-75-48.hkg50.r.cloudfront.net  (54.192.75.48:443)

TCP (HTTP SSL):
Connects to server-54-192-75-126.hkg50.r.cloudfront.net  (54.192.75.126:443)

TCP (HTTP):
Connects to server-52-84-203-44.tpe50.r.cloudfront.net  (52.84.203.44:80)

Remove 46e008dcbf4dc17cefce392a554d7408.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.