internetenhancer.exe

A97UL4

The application internetenhancer.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 54244 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address dd.e7.25ae.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Product:
A97UL4

Version:
2.35.10.6

MD5:
03c384c42276e3e7ea337914afa5a504

SHA-1:
33faf0092320168222a488271cb74498a161def3

SHA-256:
62b6b823eba97169847971a9cc2045368514611439e0d1ff725fac48951357d9

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/14/2017 12:10:19 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.MSIL.Wajam
4.0.3.1596

ESET NOD32
MSIL/Wajam.C potentially unwanted (variant)
9.12198

Reason Heuristics
PUP.Wajam.Meta (M)
15.9.6.5

File size:
259.5 KB (265,728 bytes)

Product version:
2.35.10.6

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wajainterenhancer\wajainterenhancer internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
9/2/2015 2:59:53 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:QVt5hKs2cYx4AiyPgEwp8zeBKCxtYFM54iwmhR9:QbRYx4Aiy4Ew+zeKCxtYFM5xwm/9

Entry address:
0x4220E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.1275

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
257 KB (263,168 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:54244/

Local host port:
54244

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to a104-82-235-237.deploy.static.akamaitechnologies.com  (104.82.235.237:443)

TCP (HTTP):
Connects to 219.3-253-62.static.virginmediabusiness.co.uk  (62.253.3.219:80)

TCP (HTTP SSL):
Connects to a23-207-179-79.deploy.static.akamaitechnologies.com  (23.207.179.79:443)

TCP (HTTP):
Connects to userimages.imvu.com  (204.225.145.76:80)

TCP:
Connects to ip-172-24-0-118.ec2.internal  (172.24.0.118:11081)

TCP (HTTP):

TCP (HTTP SSL):
Connects to a104-82-225-160.deploy.static.akamaitechnologies.com  (104.82.225.160:443)

TCP (HTTP):
Connects to 155.3-253-62.static.virginmediabusiness.co.uk  (62.253.3.155:80)

TCP (HTTP):
Connects to 117.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net  (68.67.178.138:80)

TCP (HTTP):
Connects to proxy.imvu.com  (204.225.145.59:80)

TCP (HTTP):
Connects to a104-82-229-146.deploy.static.akamaitechnologies.com  (104.82.229.146:80)

TCP (HTTP):
Connects to a23-64-165-163.deploy.static.akamaitechnologies.com  (23.64.165.163:80)

TCP (HTTP):
Connects to a184-84-243-233.deploy.static.akamaitechnologies.com  (184.84.243.233:80)

TCP (HTTP SSL):
Connects to a104-92-81-94.deploy.static.akamaitechnologies.com  (104.92.81.94:443)

TCP (HTTP):
Connects to a104-103-185-104.deploy.static.akamaitechnologies.com  (104.103.185.104:80)

TCP (HTTP SSL):
Connects to a104-103-179-19.deploy.static.akamaitechnologies.com  (104.103.179.19:443)

TCP (HTTP SSL):
Connects to a104-103-114-93.deploy.static.akamaitechnologies.com  (104.103.114.93:443)

TCP (HTTP):
Connects to a-0003.a-msedge.net  (204.79.197.203:80)

TCP (HTTP):
Connects to 37-97-224-8.colo.transip.net  (37.97.224.8:80)

TCP (HTTP):
Connects to www.nimbuzz.com  (195.211.48.21:80)

Remove internetenhancer.exe - Powered by Reason Core Security