home

ed7cf6a31e4b9a4e5984c09ab44f4de8.exe

The application ed7cf6a31e4b9a4e5984c09ab44f4de8.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 50732 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address s87e.storage.yandex.net on port 443.
Version:
2.40.2.10

MD5:
fa395dd0d557560398f7c86bbd268325

SHA-1:
dcafe8d63de7a808107af8952eb9b6b31a9ff208

SHA-256:
e312c3906f54e17a641aa5fd0f4e5adb3367b1d1cd6bb8afd9d143321e7853eb

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 1:00:06 AM UTC  (today)

Scan engine
Detection
Engine version

F-Secure
Gen:Variant.MSILPerseus.2620
5.15.21

Reason Heuristics
PUP.Wajam.Meta (M)
16.1.6.0

File size:
490.5 KB (502,272 bytes)

Product version:
2.40.2.10

Original file name:
CYFKRK.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\wanetworkenhancer\wanetworkenhancer internet enhancer\ed7cf6a31e4b9a4e5984c09ab44f4de8.exe

File PE Metadata
Compilation timestamp:
12/10/2015 2:43:22 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:Jfo+/sawHLLj8SLgmKvvoCqrg6+GyD5fVPdwHybRs:uisxjJ

Entry address:
0x7BE9E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
488 KB (499,712 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:50732/

Local host port:
50732

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to server-54-192-159-66.sin3.r.cloudfront.net  (54.192.159.66:443)

TCP (HTTP SSL):
Connects to s87e.storage.yandex.net  (5.45.249.95:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sit4.facebook.com  (31.13.78.35:443)

TCP (HTTP SSL):
Connects to downloader.disk.yandex.ru  (77.88.21.127:443)

TCP (HTTP SSL):
Connects to a60-254-131-71.deploy.akamaitechnologies.com  (60.254.131.71:443)

TCP (HTTP SSL):
Connects to a184-84-50-72.deploy.static.akamaitechnologies.com  (184.84.50.72:443)

Remove ed7cf6a31e4b9a4e5984c09ab44f4de8.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.