internetenhancer.exe

Internet Enhancer

The application internetenhancer.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 49611 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address blu402-m.hotmail.com on port 443.
Product:
Internet Enhancer

Version:
2.21.2.23

MD5:
015733963b8f09a178c05da9c50d466b

SHA-1:
824bd5977d876f2427641bfe55cc247ff6b5896d

SHA-256:
a32406b1fb3f1800d0392b013c4558096f7ed2ee01bfa8c9f5f218bfdabcc0a0

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
12/13/2019 1:23:47 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.534478
662

Agnitum Outpost
Riskware.Agent
7.1.1

Baidu Antivirus
Adware.Win32.WInterEnhance
4.0.3.15413

Bitdefender
Gen:Variant.Adware.Kazy.534478
1.0.20.515

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.534478
8.15.04.13.03

ESET NOD32
MSIL/Wajam.B potentially unwanted (variant)
9.11451

F-Secure
Gen:Variant.Adware.Kazy
11.2015-13-04_2

G Data
Gen:Variant.Adware.Kazy.534478
15.4.25

K7 AntiVirus
Trojan
13.202.15544

Malwarebytes
PUP.Optional.Wajam.A
v2015.04.13.03

MicroWorld eScan
Gen:Variant.Adware.Kazy.534478
16.0.0.309

Trend Micro House Call
TROJ_GEN.R0C1H09AF15
7.2.103

File size:
81.5 KB (83,456 bytes)

Product version:
2.21.2.23

Copyright:
Copyright © 2014

Original file name:
WajamInternetEnhancer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\winterenhance\winterenhance internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
12/19/2014 11:54:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:6Hj7Gf85VUDrQdF3bVSzh70uIfJO4I5jdO8:6Hj7Gf84D9172JtIx

Entry address:
0x15B0E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8410

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
79 KB (80,896 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49611/

Local host port:
49611

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:80)

TCP (HTTP SSL):
Connects to adobe.com.ssl.d1.sc.omtrdc.net  (63.140.40.98:443)

TCP (HTTP SSL):
Connects to 94.31.0.244.IPYX-076665-ZYO.above.net  (94.31.0.244:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-gru2.facebook.com  (31.13.85.36:443)

TCP (HTTP SSL):
Connects to a23-36-76-163.deploy.static.akamaitechnologies.com  (23.36.76.163:443)

TCP (HTTP SSL):
Connects to a-0001.a-msedge.net  (204.79.197.200:443)

TCP (HTTP):
Connects to map2.hwcdn.net  (205.185.216.10:80)

TCP (HTTP):
Connects to cdn-87-248-207-254.arn.llnw.net  (87.248.207.254:80)

TCP (HTTP SSL):
Connects to bn2b-cor001.api.p001.1drv.com  (131.253.14.231:443)

TCP (HTTP SSL):
Connects to bn2ap002.device.ra.live.com  (40.77.228.74:443)

TCP (HTTP):
Connects to a92-123-226-224.deploy.akamaitechnologies.com  (92.123.226.224:80)

TCP (HTTP SSL):
Connects to a104-94-17-220.deploy.static.akamaitechnologies.com  (104.94.17.220:443)

TCP (HTTP SSL):
Connects to a104-93-254-92.deploy.static.akamaitechnologies.com  (104.93.254.92:443)

TCP (HTTP SSL):
Connects to a104-93-251-69.deploy.static.akamaitechnologies.com  (104.93.251.69:443)

TCP (HTTP SSL):
Connects to a-0011.a-msedge.net  (204.79.197.213:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-02-gru2.fbcdn.net  (157.240.12.16:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-gru2.fbcdn.net  (31.13.85.4:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:80)

TCP (HTTP):
Connects to NY1WV3561  (204.145.82.26:80)

TCP (HTTP SSL):
Connects to msnbot-207-46-194-29.search.msn.com  (207.46.194.29:443)

Remove internetenhancer.exe - Powered by Reason Core Security