home

internetenhancer.exe

OD75GM

The application internetenhancer.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 52416 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address edge-video-shv-01-gru2.fbcdn.net on port 443.
Product:
OD75GM

Version:
2.34.2.15

MD5:
8998a3d279ebc52fedf32368629bd5cf

SHA-1:
631eb29cd6b5f0e3e82be256ad35a5691fc10896

SHA-256:
40c93e076fd67053b0f588318ac5b0e03b3d257bcee176742079799f080deb3d

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
4/16/2024 1:43:16 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Wajam
4.0.3.15815

ESET NOD32
MSIL/Wajam.C potentially unwanted (variant)
9.12069

G Data
Win32.Adware.Wajam
15.8.25

Reason Heuristics
PUP.Wajam.Meta (M)
16.1.29.8

File size:
268 KB (274,432 bytes)

Product version:
2.34.2.15

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\wainterenhancer\wainterenhancer internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
7/19/2015 5:00:08 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:iHUWOvRU56dLMoGYaxELktbN9ILz8IBc/:cUWuRSIL/JaSLkt59ILz8Im

Entry address:
0x445CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 68, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
265.5 KB (271,872 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:52416/

Local host port:
52416

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-232-114-58.sa-east-1.compute.amazonaws.com  (54.232.114.58:80)

TCP (HTTP):
Connects to 4.90.c1ad.ip4.static.sl-reverse.com  (173.193.144.4:80)

TCP (HTTP):
Connects to 1f18e038.setaptr.net  (31.24.224.56:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-gru2.fbcdn.net  (31.13.85.4:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-gru2.facebook.com  (31.13.85.8:443)

TCP (HTTP):
Connects to a23-4-43-27.deploy.static.akamaitechnologies.com  (23.4.43.27:80)

TCP (HTTP):
Connects to a104-105-144-245.deploy.static.akamaitechnologies.com  (104.105.144.245:80)

TCP (HTTP):
Connects to server-54-192-55-89.jfk6.r.cloudfront.net  (54.192.55.89:80)

TCP (HTTP SSL):
Connects to edge-video-shv-01-gru2.fbcdn.net  (31.13.85.15:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-02-gru2.facebook.com  (157.240.12.35:443)

TCP (HTTP SSL):
Connects to ec2-52-73-109-231.compute-1.amazonaws.com  (52.73.109.231:443)

TCP (HTTP):
Connects to ec2-50-19-226-229.compute-1.amazonaws.com  (50.19.226.229:80)

TCP (HTTP):
Connects to bd062d11.virtua.com.br  (189.6.45.17:80)

TCP (HTTP):
Connects to a23-7-127-29.deploy.static.akamaitechnologies.com  (23.7.127.29:80)

TCP (HTTP SSL):
Connects to a23-39-133-58.deploy.static.akamaitechnologies.com  (23.39.133.58:443)

TCP (HTTP):
Connects to a23-3-244-226.deploy.static.akamaitechnologies.com  (23.3.244.226:80)

TCP (HTTP):
Connects to a23-202-68-212.deploy.static.akamaitechnologies.com  (23.202.68.212:80)

TCP (HTTP):
Connects to a23-202-43-42.deploy.static.akamaitechnologies.com  (23.202.43.42:80)

TCP (HTTP):
Connects to a23-202-39-74.deploy.static.akamaitechnologies.com  (23.202.39.74:80)

Remove internetenhancer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.