home

internetenhancer.exe

Internet Enhancer

The application internetenhancer.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 49320 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address https-178-79-227-1.vie.llnw.net on port 80 using the HTTP protocol.
Product:
Internet Enhancer

Version:
2.23.2.8

MD5:
ed802d82a29143e616f8ea6e2a601b79

SHA-1:
8461b6555277c4f62a054c898d857db59710a8a1

SHA-256:
e6aa050cf903e1e832224fb2795949a1c5030fbfe4050ebe8b1ed91721b654cf

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 6:41:57 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Meta
15.5.2.21

File size:
76 KB (77,824 bytes)

Product version:
2.23.2.8

Copyright:
Copyright © 2014

Original file name:
WajamInternetEnhancer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\waintenhance\waintenhance internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
1/27/2015 9:13:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:pMvkz8uPAJb0AQcJ6WiIy3n6pVL/32uX72ZW:uv+8uPAKAlFZL3Xqw

Entry address:
0x1455E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8179

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
73.5 KB (75,264 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49320/

Local host port:
49320

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to a23-7-197-25.deploy.static.akamaitechnologies.com  (23.7.197.25:443)

TCP (HTTP):
Connects to a104-96-91-32.deploy.static.akamaitechnologies.com  (104.96.91.32:80)

TCP (HTTP):
Connects to a23-42-27-27.deploy.static.akamaitechnologies.com  (23.42.27.27:80)

TCP (HTTP):
Connects to s0.weberhofer.at  (136.243.124.16:80)

TCP (HTTP):
Connects to a104-108-46-209.deploy.static.akamaitechnologies.com  (104.108.46.209:80)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:443)

TCP (HTTP SSL):
Connects to ec2-52-7-213-116.compute-1.amazonaws.com  (52.7.213.116:443)

TCP (HTTP):
Connects to a23-7-195-66.deploy.static.akamaitechnologies.com  (23.7.195.66:80)

TCP (HTTP):
Connects to a23-6-124-7.deploy.static.akamaitechnologies.com  (23.6.124.7:80)

TCP (HTTP SSL):
Connects to a23-198-21-99.deploy.static.akamaitechnologies.com  (23.198.21.99:443)

TCP (HTTP):
Connects to a104-96-90-234.deploy.static.akamaitechnologies.com  (104.96.90.234:80)

TCP (HTTP):
Connects to a104-96-90-226.deploy.static.akamaitechnologies.com  (104.96.90.226:80)

TCP (HTTP SSL):
Connects to e1.ycpi.vip.deb.yahoo.com  (87.248.118.22:443)

TCP (HTTP SSL):
Connects to a104-96-132-237.deploy.static.akamaitechnologies.com  (104.96.132.237:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-frt3.fbcdn.net  (31.13.92.14:443)

TCP (HTTP SSL):
Connects to upload-lb.esams.wikimedia.org  (91.198.174.208:443)

TCP (HTTP):
Connects to server-54-230-95-54.fra2.r.cloudfront.net  (54.230.95.54:80)

TCP (HTTP):
Connects to server-52-85-184-208.fra2.r.cloudfront.net  (52.85.184.208:80)

TCP (HTTP SSL):
Connects to mla5.datesmsgs.net  (83.136.83.230:443)

TCP (HTTP):
Connects to https-178-79-227-1.vie.llnw.net  (178.79.227.1:80)

Remove internetenhancer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.