home

53634e3068b26b4745b78fe30ce47f82.exe

The application 53634e3068b26b4745b78fe30ce47f82.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 55079 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Version:
2.40.10.5

MD5:
c6b13a97897ae93cc0b9af2d3e56682a

SHA-1:
104c1ceac44fe5dc6a568ff2c7c9a9144e20637d

SHA-256:
b6e7fac02aebb8545601963aa06aa7099ce2857387927611c8bc70e76dd5a006

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 9:58:02 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Meta (M)
16.1.22.21

File size:
488 KB (499,712 bytes)

Product version:
2.40.10.5

Original file name:
S2F9SI.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\wanetworkenhancer\wanetworkenhancer internet enhancer\53634e3068b26b4745b78fe30ce47f82.exe

File PE Metadata
Compilation timestamp:
1/19/2016 4:36:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:qZzQbOwtKIFPXNT3xsJ/XRjmCIKCCnT8O5Jw1B7qHifNZvV2/d76nIz/yyerf8ay:qZzQbOwtjOQA17p1

Entry address:
0x7B5BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
485.5 KB (497,152 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:55079/

Local host port:
55079

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to static.vnpt.vn  (123.30.245.113:443)

TCP (HTTP SSL):
Connects to coccoc.com  (123.30.175.11:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-sin6.facebook.com  (157.240.7.20:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sin6.facebook.com  (157.240.7.35:443)

TCP (HTTP):
Connects to hkhkg1-vip-bx-006.aaplimg.com  (17.253.85.206:80)

TCP (HTTP SSL):
Connects to edge-z-m-mini-shv-01-sin6.facebook.com  (157.240.7.36:443)

TCP (HTTP SSL):
Connects to a23-79-96-231.deploy.static.akamaitechnologies.com  (23.79.96.231:443)

TCP (HTTP):
Connects to a23-15-155-27.deploy.static.akamaitechnologies.com  (23.15.155.27:80)

TCP (HTTP):
Connects to a23-10-21-164.deploy.static.akamaitechnologies.com  (23.10.21.164:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sin6.fbcdn.net  (157.240.7.26:443)

TCP (HTTP SSL):
Connects to server-54-192-2-153.lhr5.r.cloudfront.net  (54.192.2.153:443)

TCP (HTTP SSL):
Connects to server-52-85-151-151.hkg51.r.cloudfront.net  (52.85.151.151:443)

TCP (HTTP SSL):
Connects to server-52-85-151-130.hkg51.r.cloudfront.net  (52.85.151.130:443)

TCP (HTTP SSL):
Connects to server-52-84-3-195.ord54.r.cloudfront.net  (52.84.3.195:443)

TCP (HTTP SSL):
Connects to msnbot-65-52-108-76.search.msn.com  (65.52.108.76:443)

TCP (HTTP SSL):
Connects to msnbot-207-46-194-14.search.msn.com  (207.46.194.14:443)

TCP (HTTP SSL):
Connects to host80-rangeA-akamai-aanp.cdn.thlon.isp.sky.com  (90.223.189.208:443)

TCP (HTTP SSL):
Connects to ec2-54-72-113-156.eu-west-1.compute.amazonaws.com  (54.72.113.156:443)

TCP (HTTP):
Connects to ec2-54-243-128-145.compute-1.amazonaws.com  (54.243.128.145:80)

Remove 53634e3068b26b4745b78fe30ce47f82.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.