internetenhancer.exe

O6CQ00

The application internetenhancer.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 50252 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address 31-216-147-147.ip.dclux.com on port 80 using the HTTP protocol.
Product:
O6CQ00

Version:
2.31.2.10

MD5:
b7301ae728c91ed69c58df29fc942d2e

SHA-1:
036c54cd6d087b92fda847e56e3b4b4a9acd6fe4

SHA-256:
c42b00ee52130195423d503eba98dbc43be708eef67e26f4c83ba1d57f07ccfe

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
12/17/2018 9:22:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.1243927
621

Baidu Antivirus
Adware.Win32.Wajam
4.0.3.15525

Bitdefender
Adware.Generic.1243927
1.0.20.725

Emsisoft Anti-Malware
Adware.Generic.1243927
8.15.05.25.07

F-Secure
Adware.Generic.1243927
11.2015-25-05_2

G Data
Adware.Generic.1243927
15.5.25

MicroWorld eScan
Adware.Generic.1243927
16.0.0.435

Reason Heuristics
PUP.Wajam.Meta
15.5.2.21

Rising Antivirus
PE:Trojan.FakeIcon!1.64A5
23.00.65.15501

Trend Micro House Call
TROJ_GEN.R047H09EH15
7.2.145

File size:
270.5 KB (276,992 bytes)

Product version:
2.31.2.10

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wajwebenhance\wajwebenhance internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
5/1/2015 10:27:20 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:wL3YJkJf+jsSiOY7xNBFTmA3Cl79VFhrKVxh:2oJkF+juNhFTmASN9VFhrKVxh

Entry address:
0x44E3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.1302

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
268 KB (274,432 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:50252/

Local host port:
50252

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-41-133-163.deploy.static.akamaitechnologies.com  (23.41.133.163:80)

TCP (HTTP SSL):
Connects to text-lb.ulsfo.wikimedia.org  (198.35.26.96:443)

TCP (HTTP SSL):
Connects to server-54-192-214-198.tpe50.r.cloudfront.net  (54.192.214.198:443)

TCP (HTTP SSL):
Connects to 158.226.204.221.adsl-pool.sx.cn  (221.204.226.158:443)

TCP (HTTP):
Connects to xmpp270n003.karere.mega.nz  (31.216.147.161:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.tw1.yahoo.com  (27.123.200.67:80)

TCP (HTTP):
Connects to d117155148.ppp117155.cyberway.com.sg  (203.117.155.148:80)

TCP (HTTP SSL):
Connects to a104-116-19-116.deploy.static.akamaitechnologies.com  (104.116.19.116:443)

TCP (HTTP):
Connects to 31-216-147-139.ip.dclux.com  (31.216.147.139:80)

TCP (HTTP SSL):
Connects to lu2.api.mega.nz  (31.216.147.133:443)

TCP (HTTP SSL):
Connects to ghs-vip-any-c789.ghs-ssl.googlehosted.com  (72.14.248.27:443)

TCP (HTTP SSL):
Connects to lu1.api.mega.nz  (31.216.147.132:443)

TCP (HTTP):
Connects to d117155147.ppp117155.cyberway.com.sg  (203.117.155.147:80)

TCP (HTTP):
Connects to d117155146.ppp117155.cyberway.com.sg  (203.117.155.146:80)

TCP (HTTP SSL):
Connects to www.sft-pre.com  (46.28.209.62:443)

TCP (HTTP):
Connects to server-54-230-59-245.gru1.r.cloudfront.net  (54.230.59.245:80)

TCP (HTTP SSL):
Connects to server-54-230-58-188.gru1.r.cloudfront.net  (54.230.58.188:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-tpe1.facebook.com  (31.13.87.36:443)

TCP (HTTP):
Connects to ec2-54-86-239-189.compute-1.amazonaws.com  (54.86.239.189:80)

Remove internetenhancer.exe - Powered by Reason Core Security