home

internetenhancer.exe

The application internetenhancer.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 59713 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Version:
2.29.2.17

MD5:
f8e25703028c731708651b45753df47c

SHA-1:
00f064d0e5cb33c2290a7078ebc80a4f1f023227

SHA-256:
e41edbae10b4ae5c50407f5b2941f4417e0b1b3fe410e28b2713b88f6b5ab695

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 5:49:07 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Wajam
4.0.3.15720

G Data
Win32.Adware.Wajam
15.7.25

Reason Heuristics
PUP.Wajam.Meta
15.5.2.21

File size:
271.5 KB (278,016 bytes)

Product version:
2.29.2.17

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wanetworkenhance\wanetworkenhance internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
4/14/2015 10:56:16 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:7Kos1U38w3T2Y4us0BK+DiogoAyFtWw2BHZl7X:7Kk25uvBKjogoAyFtl2BHZ

Entry address:
0x4529E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
269 KB (275,456 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:59713/

Local host port:
59713

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-84-174-208.gru50.r.cloudfront.net  (52.84.174.208:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.81.112:80)

TCP (HTTP):
Connects to freeroms.com  (216.108.234.132:80)

TCP (HTTP):
Connects to ec2-54-94-139-235.sa-east-1.compute.amazonaws.com  (54.94.139.235:80)

TCP (HTTP):
Connects to ec2-54-69-51-214.us-west-2.compute.amazonaws.com  (54.69.51.214:80)

TCP (HTTP):
Connects to ec2-54-207-56-218.sa-east-1.compute.amazonaws.com  (54.207.56.218:80)

TCP (HTTP):
Connects to ec2-54-153-4-77.us-west-1.compute.amazonaws.com  (54.153.4.77:80)

TCP (HTTP SSL):
Connects to ec2-52-6-82-78.compute-1.amazonaws.com  (52.6.82.78:443)

TCP (HTTP SSL):
Connects to dmppixel-shared-mtc-c.evip.aol.com  (64.12.245.38:443)

TCP (HTTP):
Connects to c-q100-u1409-214.webazilla.com  (204.155.145.214:80)

TCP (HTTP SSL):
Connects to cache.google.com  (189.89.161.42:443)

TCP (HTTP SSL):
Connects to a23-1-81-131.deploy.static.akamaitechnologies.com  (23.1.81.131:443)

TCP (HTTP):
Connects to 80.83.2ea9.ip4.static.sl-reverse.com  (169.46.131.128:80)

TCP (HTTP):
Connects to 68-65-49-106.airstreamcomm.net  (68.65.49.106:80)

TCP (HTTP):
Connects to 187-44-150-106.STATIC.itsweb.com.br  (187.44.150.106:80)

TCP (HTTP):
Connects to 187-44-150-104.STATIC.itsweb.com.br  (187.44.150.104:80)

Remove internetenhancer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.