home

ac12d981261a3bebe9f11548bad7bd92.exe

The application ac12d981261a3bebe9f11548bad7bd92.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 49761 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address haproxy8.ca.servers.visadd.com on port 80 using the HTTP protocol.
Version:
2.39.2.9

MD5:
a1f060082292b6738fdeeffb8e6c2af0

SHA-1:
a19327a23a78578fba59c4d73555af414e6c2336

SHA-256:
1de15fe03809bdb96c535dec7dfd7419ce9d054a72e7be3a4bf987c3524fbbb0

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 11:47:50 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.765280
419

Baidu Antivirus
Adware.Win32.Wajam
4.0.3.151213

Reason Heuristics
PUP.Wajam.Meta (M)
16.2.9.21

Rising Antivirus
PE:Trojan.FakeIcon!1.64A5 [F]
23.00.65.151103

File size:
558.5 KB (571,904 bytes)

Product version:
2.39.2.9

Original file name:
7O1WM9.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wnetenhancer\wnetenhancer internet enhancer\ac12d981261a3bebe9f11548bad7bd92.exe

File PE Metadata
Compilation timestamp:
11/4/2015 1:19:24 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:4XWTv9wsqArReoJ/+jx6fIgXvf9uPQ/Kdm1fkcDk/zqBdGdqybRs:4Xu7lud12

Entry address:
0x8CF7E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.8359

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
556 KB (569,344 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49761/

Local host port:
49761

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-225-181-9.compute-1.amazonaws.com  (54.225.181.9:80)

TCP (HTTP):
Connects to 151.bm-nginx-loadbalancer.mgmt.sin1.adnexus.net  (103.243.221.87:80)

TCP (HTTP):
Connects to static.vnpt.vn  (113.171.233.63:80)

TCP (HTTP):
Connects to haproxy8.ca.servers.visadd.com  (198.50.141.128:80)

TCP (HTTP):
Connects to s3-1.amazonaws.com  (54.231.82.68:80)

TCP (HTTP):
Connects to ec2-54-243-163-248.compute-1.amazonaws.com  (54.243.163.248:80)

TCP (HTTP):
Connects to ec2-54-210-36-181.compute-1.amazonaws.com  (54.210.36.181:80)

TCP (HTTP):
Connects to ec2-54-169-197-139.ap-southeast-1.compute.amazonaws.com  (54.169.197.139:80)

TCP (HTTP):
Connects to 92b91b35.rdns.100tb.com  (146.185.27.53:80)

TCP (HTTP):
Connects to 80.75.c0ad.ip4.static.sl-reverse.com  (173.192.117.128:80)

TCP (HTTP):
Connects to 219.bm-nginx-loadbalancer.mgmt.sin1.adnexus.net  (103.243.221.108:80)

TCP (HTTP):
Connects to 174.127.102.227.static.midphase.com  (174.127.102.227:80)

TCP (HTTP):
Connects to server-54-182-4-73.hkg51.r.cloudfront.net  (54.182.4.73:80)

TCP (HTTP):
Connects to server-52-84-246-250.sfo20.r.cloudfront.net  (52.84.246.250:80)

TCP (HTTP):
Connects to server-52-84-246-245.sfo20.r.cloudfront.net  (52.84.246.245:80)

TCP (HTTP):
Connects to sea-175.lo4d.com  (174.127.95.175:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:80)

TCP (HTTP):
Connects to mpr1.ngd.vip.sg3.yahoo.com  (106.10.198.33:80)

TCP (HTTP):
Connects to iuscmdistc1201-ge-6-0.msft.net  (207.46.129.137:80)

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (199.58.87.155:80)

Remove ac12d981261a3bebe9f11548bad7bd92.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.