internetenhancer.exe

Internet Enhancer

The application internetenhancer.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 49605 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address web5.alexiadns.com on port 80 using the HTTP protocol.
Product:
Internet Enhancer

Version:
2.21.2.21

MD5:
7ef2f56dadd52582c12ad6644b33057e

SHA-1:
10c7a77c039878c7f3a97cbe3edcd8d704fc89a1

SHA-256:
ca70cd5c0f3909198a0bfad8efebafeb07bfa3155eea841495cc78958a237b12

Scanner detections:
13 / 68

Status:
Potentially unwanted

Analysis date:
12/13/2017 9:48:40 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Wajam
2015.04.22

Baidu Antivirus
Adware.Win32.WInterEnhance
4.0.3.15114

ESET NOD32
MSIL/Wajam.B potentially unwanted (variant)
9.11511

K7 AntiVirus
Trojan
13.203.15666

K7 Gateway Antivirus
Trojan
13.203.15666

Malwarebytes
PUP.Optional.Wajam.A
v2015.04.22.10

McAfee
Artemis!7EF2F56DADD5
5600.6787

NANO AntiVirus
Trojan.Win32.Wajam.dnqdba
0.30.20.1219

Norman
Troj_Generic.ZWAWU
11.20150422

Trend Micro House Call
PUA_Wajam
7.2.112

Trend Micro
PUA_Wajam
10.465.22

VIPRE Antivirus
Trojan.Win32.Generic
39560

File size:
81.5 KB (83,456 bytes)

Product version:
2.21.2.21

Copyright:
Copyright © 2014

Original file name:
WajamInternetEnhancer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\winterenhance\winterenhance internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
12/19/2014 11:50:56 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:iDnmq7GhYx9yyWetRq6+JVMvoCokH9HzW3K5lkQ8hehqH0uG1sQVDmctJnu9Qtgb:ijp7GipmVBqHSa56h70uIO4Cmg5jFOO

Entry address:
0x15B1E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8426

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
79 KB (80,896 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49605/

Local host port:
49605

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mail4.internetbrasil.net  (186.209.225.56:80)

TCP (HTTP SSL):
Connects to 221.17.211.130.bc.googleusercontent.com  (130.211.17.221:443)

TCP (HTTP):
Connects to ec2-184-73-223-201.compute-1.amazonaws.com  (184.73.223.201:80)

TCP (HTTP):
Connects to a104-124-227-184.deploy.static.akamaitechnologies.com  (104.124.227.184:80)

TCP (HTTP SSL):
Connects to 125.235.17.114.adsl.viettel.vn  (125.235.17.114:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.gq1.yahoo.com  (208.71.45.11:80)

TCP (HTTP):
Connects to cdn-203-77-188-254.hkg.llnw.net  (203.77.188.254:80)

TCP (HTTP):
Connects to 97.47.37a9.ip4.static.sl-reverse.com  (169.55.71.151:80)

TCP (HTTP):
Connects to ec2-54-235-95-208.compute-1.amazonaws.com  (54.235.95.208:80)

TCP (HTTP SSL):
Connects to ec2-50-16-245-17.compute-1.amazonaws.com  (50.16.245.17:443)

TCP (HTTP SSL):
Connects to dm2301-skpfe.onedrive.live.com  (134.170.104.157:443)

TCP (HTTP):
Connects to a2.8c.adb8.ip4.static.sl-reverse.com  (184.173.140.162:80)

TCP (HTTP):
Connects to 85.4e.2bd0.ip4.static.sl-reverse.com  (208.43.78.133:80)

TCP (HTTP SSL):
Connects to 125.235.36.44.adsl.viettel.vn  (125.235.36.44:443)

TCP (HTTP):
Connects to web5.alexiadns.com  (69.28.58.5:80)

TCP (HTTP SSL):
Connects to ec2-54-83-194-64.compute-1.amazonaws.com  (54.83.194.64:443)

TCP (HTTP):
Connects to ec2-52-5-19-74.compute-1.amazonaws.com  (52.5.19.74:80)

TCP (HTTP SSL):
Connects to 125.235.17.93.adsl.viettel.vn  (125.235.17.93:443)

TCP (HTTP SSL):
Connects to 125.235.17.152.adsl.viettel.vn  (125.235.17.152:443)

TCP (HTTP):
Connects to static.69.40.243.136.clients.your-server.de  (136.243.40.69:80)

Remove internetenhancer.exe - Powered by Reason Core Security