home

e2e7fd8e8f58544352b274d0fe864c92.exe

The application e2e7fd8e8f58544352b274d0fe864c92.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 52062 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address host-66-96-226-204.myrepublic.co.id on port 443.
Version:
2.40.2.53

MD5:
5e86b01ab557eb41ffc45d0c518c9209

SHA-1:
ec3f95f8a4e65c44164e01629a469ae9caecc83e

SHA-256:
17873c5749742d4a4ac0b1c22ea43967180bfa74d30dc6df98a8f414c0d66faa

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 9:53:34 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Meta (M)
16.1.29.15

File size:
491 KB (502,784 bytes)

Product version:
2.40.2.53

Original file name:
ZR9O80.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wanetworkenhancer\wanetworkenhancer internet enhancer\e2e7fd8e8f58544352b274d0fe864c92.exe

File PE Metadata
Compilation timestamp:
1/26/2016 2:24:39 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:7xIOOXZ0trrys/9QkScT/uzPZc8ZBa7vxJ0qis7v+g2ygyzybRs:7xNV1clZEr7

Entry address:
0x7C0AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.7987

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
488.5 KB (500,224 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:52062/

Local host port:
52062

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to u18749051.onlinehome-server.com  (74.208.224.110:80)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:443)

TCP (HTTP SSL):
Connects to host-66-96-226-204.myrepublic.co.id  (66.96.226.204:443)

TCP (HTTP SSL):
Connects to a104-93-113-147.deploy.static.akamaitechnologies.com  (104.93.113.147:443)

TCP (HTTP SSL):
Connects to host-66-96-226-206.myrepublic.co.id  (66.96.226.206:443)

TCP (HTTP SSL):
Connects to ec2-52-26-255-14.us-west-2.compute.amazonaws.com  (52.26.255.14:443)

TCP (HTTP SSL):
Connects to a104-93-208-152.deploy.static.akamaitechnologies.com  (104.93.208.152:443)

TCP (HTTP SSL):
Connects to ec2-54-225-137-90.compute-1.amazonaws.com  (54.225.137.90:443)

TCP (HTTP):
Connects to ec2-54-221-252-20.compute-1.amazonaws.com  (54.221.252.20:80)

TCP (HTTP SSL):
Connects to ec2-52-6-82-78.compute-1.amazonaws.com  (52.6.82.78:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sit4.fbcdn.net  (31.13.78.17:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sin6.fbcdn.net  (157.240.7.26:443)

TCP:
Connects to static.30.98.243.136.clients.your-server.de  (136.243.98.30:1935)

TCP (HTTP SSL):
Connects to server-54-192-48-160.jfk5.r.cloudfront.net  (54.192.48.160:443)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.40.91:80)

TCP (HTTP):
Connects to just61.justhost.com  (173.254.28.61:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-sin6.facebook.com  (157.240.7.20:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sit4.facebook.com  (31.13.78.35:443)

TCP (HTTP SSL):
Connects to ec2-54-254-96-127.ap-southeast-1.compute.amazonaws.com  (54.254.96.127:443)

TCP (HTTP):
Connects to ec2-54-179-185-47.ap-southeast-1.compute.amazonaws.com  (54.179.185.47:80)

Remove e2e7fd8e8f58544352b274d0fe864c92.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.