home

5543a7965442ea128a1ccb785253e6cc.exe

The application 5543a7965442ea128a1ccb785253e6cc.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Version:
2.40.2.57

MD5:
00ff33ab24259e16f024bade6ef09244

SHA-1:
3e6f627f72a3c51dfb7d2dc2e59a9050d88b47eb

SHA-256:
2dcab9731170fbf92a6d7111d95e90a719508e6b0527ad9391de73b48c6a25d0

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 5:59:49 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Meta (M)
16.2.5.15

File size:
491 KB (502,784 bytes)

Product version:
2.40.2.57

Original file name:
1F3675.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wanetworkenhancer\wanetworkenhancer internet enhancer\5543a7965442ea128a1ccb785253e6cc.exe

File PE Metadata
Compilation timestamp:
1/27/2016 4:18:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:cBLLzqr/MYqOMxLvBR2VQ+iwreiLSwtiybRs:YL/Dovy

Entry address:
0x7C18E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
488.5 KB (500,224 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:80)

TCP (HTTP):
Connects to ec2-122-248-240-117.ap-southeast-1.compute.amazonaws.com  (122.248.240.117:80)

TCP (HTTP):
Connects to a23-65-108-168.deploy.static.akamaitechnologies.com  (23.65.108.168:80)

TCP (HTTP):
Connects to https-103-53-14-128.maa.llnw.net  (103.53.14.128:80)

TCP (HTTP):
Connects to ec2-54-179-176-168.ap-southeast-1.compute.amazonaws.com  (54.179.176.168:80)

TCP (HTTP):
Connects to ec2-52-72-239-216.compute-1.amazonaws.com  (52.72.239.216:80)

TCP (HTTP):
Connects to a23-50-250-155.deploy.static.akamaitechnologies.com  (23.50.250.155:80)

TCP (HTTP):
Connects to a173-222-77-194.deploy.static.akamaitechnologies.com  (173.222.77.194:80)

TCP (HTTP):
Connects to static.ill.117.239.240.18/24.bsnl.in  (117.239.240.18:80)

TCP (HTTP):
Connects to zbshareware.com  (216.92.92.222:80)

TCP (HTTP):
Connects to static.ill.117.239.240.49/24.bsnl.in  (117.239.240.49:80)

TCP (HTTP):
Connects to static.ill.117.239.240.48/24.bsnl.in  (117.239.240.48:80)

TCP (HTTP):
Connects to static.ill.117.239.240.42/24.bsnl.in  (117.239.240.42:80)

TCP (HTTP):
Connects to static.ill.117.239.240.27/24.bsnl.in  (117.239.240.27:80)

TCP (HTTP):
Connects to static.ill.117.239.240.16/24.bsnl.in  (117.239.240.16:80)

TCP (HTTP):
Connects to server-54-230-190-96.maa3.r.cloudfront.net  (54.230.190.96:80)

TCP (HTTP):
Connects to server-54-230-190-72.maa3.r.cloudfront.net  (54.230.190.72:80)

TCP (HTTP):
Connects to server-54-230-190-223.maa3.r.cloudfront.net  (54.230.190.223:80)

TCP (HTTP):
Connects to server-54-230-190-150.maa3.r.cloudfront.net  (54.230.190.150:80)

TCP (HTTP):
Connects to server-54-230-149-209.sin2.r.cloudfront.net  (54.230.149.209:80)

Remove 5543a7965442ea128a1ccb785253e6cc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.