home

internetenhancer.exe

Internet Enhancer

The application internetenhancer.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. While running, it connects to the Internet address akamai-089.120.cache.videotron.ca on port 80 using the HTTP protocol.
Product:
Internet Enhancer

Version:
2.21.2.25

MD5:
0999f354b06f6937987ef16f1cf653bb

SHA-1:
7e89a1504c28b5a5f68e2063d402acb0693e4183

SHA-256:
ab915735be930634b580e2bd07c4bbef53707ed17ad6301fa6e2339df26913d7

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
4/16/2024 8:19:01 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.534478
661

Agnitum Outpost
Riskware.Agent
7.1.1

Baidu Antivirus
Adware.Win32.WInterEnhance
4.0.3.1514

Bitdefender
Gen:Variant.Adware.Kazy.534478
1.0.20.525

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.534478
8.15.04.15.11

ESET NOD32
MSIL/Wajam.B potentially unwanted (variant)
9.11468

F-Secure
Gen:Variant.Adware.Kazy
11.2015-15-04_4

G Data
Gen:Variant.Adware.Kazy.534478
15.4.25

Malwarebytes
PUP.Optional.Wajam.A
v2015.04.15.11

MicroWorld eScan
Gen:Variant.Adware.Kazy.534478
16.0.0.315

File size:
81.5 KB (83,456 bytes)

Product version:
2.21.2.25

Copyright:
Copyright © 2014

Original file name:
WajamInternetEnhancer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\winterenhance\winterenhance internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
12/19/2014 5:58:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:NHj7Gf8AVUDrQdF3bVS9h70uI79O2I5jdO6:NHj7Gf8bD9D7+9DI/

Entry address:
0x15B0E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
79 KB (80,896 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to snt405-m.hotmail.com  (65.55.68.120:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-yyz1.facebook.com  (31.13.80.36:443)

TCP (HTTP):
Connects to a96-7-207-187.deploy.akamaitechnologies.com  (96.7.207.187:80)

TCP (HTTP):
Connects to akamai-138.120.cache.videotron.ca  (24.200.120.138:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-bru2.facebook.com  (179.60.195.7:443)

TCP (HTTP):
Connects to ec2-54-235-95-208.compute-1.amazonaws.com  (54.235.95.208:80)

TCP (HTTP SSL):
Connects to bay407-m.hotmail.com  (65.54.225.168:443)

TCP (HTTP SSL):
Connects to instagram-p3-shv-01-bru2.fbcdn.net  (179.60.195.52:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-yyz1.facebook.com  (31.13.80.8:443)

TCP (HTTP):
Connects to ec2-50-16-213-172.compute-1.amazonaws.com  (50.16.213.172:80)

TCP (HTTP):
Connects to a23-50-75-27.deploy.static.akamaitechnologies.com  (23.50.75.27:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-yyz1.fbcdn.net  (31.13.80.12:443)

TCP (HTTP SSL):
Connects to server-52-84-86-141.yul62.r.cloudfront.net  (52.84.86.141:443)

TCP (HTTP):
Connects to monusco-www00.evolix.net  (31.170.8.108:80)

TCP (HTTP SSL):
Connects to jn-in-f94.1e100.net  (209.85.234.94:443)

TCP (HTTP SSL):
Connects to edge-video-shv-01-yyz1.fbcdn.net  (31.13.80.9:443)

TCP (HTTP):
Connects to ec2-54-243-92-140.compute-1.amazonaws.com  (54.243.92.140:80)

TCP (HTTP):
Connects to ec2-54-243-128-145.compute-1.amazonaws.com  (54.243.128.145:80)

TCP (HTTP):
Connects to ec2-54-235-182-183.compute-1.amazonaws.com  (54.235.182.183:80)

Remove internetenhancer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.