home

947313cb3a5d771494b9fa02fbcddba5.exe

The application 947313cb3a5d771494b9fa02fbcddba5.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 61635 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address customer.sharktech.net on port 80 using the HTTP protocol.
Version:
2.36.2.42

MD5:
d20f322bfe54356ee315d6b87bd74bb0

SHA-1:
bf2e50148561d8b2e4936e776f0fa2d3f0ab52d2

SHA-256:
a9cb5772a802e64db292555e94d45441187f9f9654e1261aa974e94d6949f21c

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 2:58:43 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Wajam
4.0.3.151017

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.1264

Reason Heuristics
PUP.Win.Reputation
15.12.9.21

Rising Antivirus
PE:Malware.RDM.32!5.26[F1]
23.00.65.151015

File size:
370 KB (378,880 bytes)

Product version:
2.36.2.42

Original file name:
182GC9.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\waintenhancer\waintenhancer internet enhancer\947313cb3a5d771494b9fa02fbcddba5.exe

File PE Metadata
Compilation timestamp:
9/11/2015 4:07:07 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:0jgZhm63PRd6Lm8Q4vYN/GMR1ASCn9oyTUBlJ7vgphmOMuiIP+wmt7B6blIO668Y:0jgZJ5//4vYxZ1DCn9FTUBHgphmO3i8V

Entry address:
0x5DD2E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.9086

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
367.5 KB (376,320 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:61635/

Local host port:
61635

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-59-139-27.deploy.static.akamaitechnologies.com  (23.59.139.27:80)

TCP (HTTP):
Connects to customer.sharktech.net  (104.160.178.242:80)

TCP (HTTP):
Connects to s3-ap-southeast-1-w.amazonaws.com  (52.219.32.28:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:80)

TCP (HTTP):
Connects to ip-184-168-221-96.ip.secureserver.net  (184.168.221.96:80)

TCP (HTTP):
Connects to ec2-54-255-133-240.ap-southeast-1.compute.amazonaws.com  (54.255.133.240:80)

TCP (HTTP):
Connects to ec2-54-169-165-185.ap-southeast-1.compute.amazonaws.com  (54.169.165.185:80)

TCP (HTTP SSL):
Connects to ec2-52-20-120-15.compute-1.amazonaws.com  (52.20.120.15:443)

TCP (HTTP):
Connects to a23-59-133-163.deploy.static.akamaitechnologies.com  (23.59.133.163:80)

TCP (HTTP):
Connects to a23-0-139-243.deploy.static.akamaitechnologies.com  (23.0.139.243:80)

TCP (HTTP):
Connects to ec2-54-235-95-208.compute-1.amazonaws.com  (54.235.95.208:80)

TCP (HTTP):
Connects to ec2-54-82-69-42.compute-1.amazonaws.com  (54.82.69.42:80)

TCP (HTTP):
Connects to ec2-50-17-205-172.compute-1.amazonaws.com  (50.17.205.172:80)

TCP (HTTP SSL):
Connects to a104-94-207-179.deploy.static.akamaitechnologies.com  (104.94.207.179:443)

TCP (HTTP):
Connects to 23-111-130-156.static.hvvc.us  (23.111.130.156:80)

TCP (HTTP):
Connects to static-ip-50-30-36-23.inaddr.ip-pool.com  (50.30.36.23:80)

TCP (HTTP):
Connects to static-ip-209-126-122-139.inaddr.ip-pool.com  (209.126.122.139:80)

TCP (HTTP):
Connects to static-ip-173-224-123-97.inaddr.ip-pool.com  (173.224.123.97:80)

TCP (HTTP):
Connects to server-54-230-59-157.gru1.r.cloudfront.net  (54.230.59.157:80)

Remove 947313cb3a5d771494b9fa02fbcddba5.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.