home

internetenhancer.exe

CAUVM9

The application internetenhancer.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 50750 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address 131.subnet180-250-66.speedy.telkom.net.id on port 80 using the HTTP protocol.
Product:
CAUVM9

Version:
2.34.2.9

MD5:
ff433375868f7073663cace39860f3b4

SHA-1:
dfe4510227a170ac7b6b9d35c80739b7f936be39

SHA-256:
3f1243d7aab028c410712510afd55d241b59241eb0898a8624e5f0a017df2d25

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/20/2024 3:13:32 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Wajam
4.0.3.1583

G Data
Win32.Adware.Wajam
15.8.25

Reason Heuristics
PUP.Wajam.Meta (M)
15.7.11.18

File size:
269 KB (275,456 bytes)

Product version:
2.34.2.9

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\winterenhancer\winterenhancer internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
7/9/2015 1:49:01 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:zNG5z0znnnnnuuukSkxlYtdBp+foYRm1xEzjh9UnV:zNG9Snnnnnuuu5OStdEoYkxEzjh96V

Entry address:
0x4494E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.1407

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
266.5 KB (272,896 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:50750/

Local host port:
50750

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-37-37-163.deploy.static.akamaitechnologies.com  (23.37.37.163:80)

TCP (HTTP SSL):
Connects to dub405-m.hotmail.com  (157.56.194.8:443)

TCP (HTTP):
Connects to ec2-107-23-224-186.compute-1.amazonaws.com  (107.23.224.186:80)

TCP (HTTP):
Connects to a23-55-155-27.deploy.static.akamaitechnologies.com  (23.55.155.27:80)

TCP (HTTP):
Connects to a104-94-55-49.deploy.static.akamaitechnologies.com  (104.94.55.49:80)

TCP (HTTP SSL):
Connects to sn2-cor002.api.p001.1drv.com  (40.77.225.8:443)

TCP (HTTP SSL):
Connects to ec2-52-20-120-15.compute-1.amazonaws.com  (52.20.120.15:443)

TCP (HTTP SSL):
Connects to bn2b-cor002.api.p001.1drv.com  (131.253.14.227:443)

TCP (HTTP SSL):
Connects to a23-35-112-60.deploy.static.akamaitechnologies.com  (23.35.112.60:443)

TCP (HTTP):
Connects to www.linternaute.com  (195.248.250.109:80)

TCP:
Connects to web-eu-1.agar.io  (37.187.163.240:1506)

TCP (HTTP):
Connects to server-54-240-184-73.ams50.r.cloudfront.net  (54.240.184.73:80)

TCP (HTTP SSL):
Connects to server-54-239-168-16.fra50.r.cloudfront.net  (54.239.168.16:443)

TCP (HTTP):
Connects to server-54-230-129-206.ams50.r.cloudfront.net  (54.230.129.206:80)

TCP (HTTP):
Connects to server-54-192-129-249.ams50.r.cloudfront.net  (54.192.129.249:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.49.138:80)

TCP (HTTP):
Connects to response.spilgames.com  (212.72.60.178:80)

TCP (HTTP SSL):
Connects to par21s06-in-f227.1e100.net  (216.58.204.227:443)

TCP (HTTP SSL):
Connects to par21s06-in-f14.1e100.net  (216.58.204.238:443)

TCP (HTTP SSL):
Connects to par21s06-in-f1.1e100.net  (216.58.204.225:443)

Remove internetenhancer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.