home

internetenhancer.exe

KB73HA

The application internetenhancer.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 49224 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Product:
KB73HA

Version:
2.35.11.5

MD5:
3cb0084ede2c2419add0a96bbb5a31db

SHA-1:
2527e13b0b396c62b4b464623ebc34b04e888a35

SHA-256:
c86246f4ed4447866822fcc0011fe6e4238637f99acbe573176a5135fc72f5db

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 6:00:41 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Wajam.A.856
8.3.2.2

Baidu Antivirus
PUA.MSIL.Wajam
4.0.3.15914

ESET NOD32
MSIL/Wajam.C potentially unwanted (variant)
9.12234

K7 AntiVirus
Adware
13.210.17180

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Wajam.Meta (M)
15.9.14.12

File size:
260 KB (266,240 bytes)

Product version:
2.35.11.5

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wajainterenhancer\wajainterenhancer internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
9/2/2015 5:21:10 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:H2/8BK9pYhyEpYvMCDfaYPMQdr253lm38GcNQdOM:H2/8BRhyEWEqfaYPMQA3lm38GcW0M

Entry address:
0x425CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 68, 00...
 
[+]

Entropy:
5.1338

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
257.5 KB (263,680 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49224/

Local host port:
49224

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to a-0001.a-msedge.net  (204.79.197.200:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:80)

TCP (HTTP):
Connects to ec2-50-17-224-168.compute-1.amazonaws.com  (50.17.224.168:80)

TCP (HTTP):
Connects to a23-15-155-27.deploy.static.akamaitechnologies.com  (23.15.155.27:80)

TCP (HTTP):
Connects to ec2-52-17-158-153.eu-west-1.compute.amazonaws.com  (52.17.158.153:80)

TCP (HTTP):
Connects to web1-3.anonymox.net  (176.9.251.13:80)

TCP (HTTP SSL):
Connects to vip0x007.map2.ssl.hwcdn.net  (209.197.3.7:443)

TCP (HTTP):
Connects to server-52-84-246-187.sfo20.r.cloudfront.net  (52.84.246.187:80)

TCP (HTTP):
Connects to server.goodteachersunion.org  (162.144.199.142:80)

TCP (HTTP SSL):
Connects to lb-212-222.above.com  (103.224.212.222:443)

TCP (HTTP):
Connects to lb1.forsetup.com  (108.163.213.235:80)

TCP (HTTP):
Connects to ec2-54-87-109-55.compute-1.amazonaws.com  (54.87.109.55:80)

TCP (HTTP):
Connects to ec2-54-72-47-163.eu-west-1.compute.amazonaws.com  (54.72.47.163:80)

TCP (HTTP):
Connects to ec2-54-225-199-91.compute-1.amazonaws.com  (54.225.199.91:80)

TCP (HTTP SSL):
Connects to ec2-54-225-148-173.compute-1.amazonaws.com  (54.225.148.173:443)

TCP (HTTP):
Connects to ec2-54-221-254-214.compute-1.amazonaws.com  (54.221.254.214:80)

TCP (HTTP):
Connects to ec2-54-191-59-48.us-west-2.compute.amazonaws.com  (54.191.59.48:80)

TCP (HTTP):
Connects to ec2-54-186-117-168.us-west-2.compute.amazonaws.com  (54.186.117.168:80)

TCP (HTTP SSL):
Connects to ec2-54-148-44-136.us-west-2.compute.amazonaws.com  (54.148.44.136:443)

TCP (HTTP SSL):
Connects to ec2-52-4-144-94.compute-1.amazonaws.com  (52.4.144.94:443)

Remove internetenhancer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.