home

internetenhancer.exe

Internet Enhancer

The application internetenhancer.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 52538 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Product:
Internet Enhancer

Version:
2.21.2.27

MD5:
2c5858f92491eae537db71f66e6f9fa1

SHA-1:
f9fddf2dc6b22630bdab59617f9363fad75500e9

SHA-256:
16bed8d49cf6ee52ad13aa4f48f5ee7e6dbf81ba325c3a427bc4f186c682001d

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 12:38:51 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.534478
664

Agnitum Outpost
Riskware.Agent
7.1.1

Baidu Antivirus
Adware.Win32.Wajam
4.0.3.15412

Bitdefender
Gen:Variant.Adware.Kazy.534478
1.0.20.510

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.534478
8.15.04.12.07

ESET NOD32
MSIL/Wajam.B potentially unwanted (variant)
9.11451

F-Secure
Gen:Variant.Adware.Kazy
11.2015-12-04_1

G Data
Gen:Variant.Adware.Kazy.534478
15.4.25

Malwarebytes
PUP.Optional.Wajam.A
v2015.04.12.07

McAfee
Artemis!2C5858F92491
5600.6798

MicroWorld eScan
Gen:Variant.Adware.Kazy.534478
16.0.0.306

Sophos
Generic PUA PJ
4.98

Trend Micro House Call
TROJ_GEN.R0C1H09AG15
7.2.102

VIPRE Antivirus
Trojan.Win32.Generic
39206

File size:
81.5 KB (83,456 bytes)

Product version:
2.21.2.27

Copyright:
Copyright © 2014

Original file name:
WajamInternetEnhancer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wainterenhance\wainterenhance internet enhancer\internetenhancer.exe

File PE Metadata
Compilation timestamp:
12/30/2014 10:15:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:ODnmq7GhYx9yyWetRP6+JVMvoookH9SzdKGoKQkhehqH0uG1sQVDJcEJnuxotg5f:Ojp7GipLVrqSUqh70uIBBWeg5jFnh

Entry address:
0x15B1E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8429

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
79 KB (80,896 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:52538/

Local host port:
52538

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:80)

TCP (HTTP):
Connects to ns1.ibspark.com  (54.72.130.67:80)

TCP (HTTP SSL):
Connects to server-54-230-150-65.sin2.r.cloudfront.net  (54.230.150.65:443)

TCP (HTTP SSL):
Connects to server-54-230-150-39.sin2.r.cloudfront.net  (54.230.150.39:443)

TCP (HTTP SSL):
Connects to ec2-52-72-157-241.compute-1.amazonaws.com  (52.72.157.241:443)

TCP (HTTP):
Connects to a23-50-252-134.deploy.static.akamaitechnologies.com  (23.50.252.134:80)

TCP (HTTP SSL):
Connects to server-54-230-150-163.sin2.r.cloudfront.net  (54.230.150.163:443)

TCP (HTTP):
Connects to server-52-85-83-70.lax1.r.cloudfront.net  (52.85.83.70:80)

TCP (HTTP):
Connects to server-52-85-83-16.lax1.r.cloudfront.net  (52.85.83.16:80)

TCP (HTTP SSL):
Connects to server-54-230-150-201.sin2.r.cloudfront.net  (54.230.150.201:443)

TCP (HTTP SSL):
Connects to ec2-34-192-150-200.compute-1.amazonaws.com  (34.192.150.200:443)

TCP (HTTP SSL):
Connects to server-54-230-150-157.sin2.r.cloudfront.net  (54.230.150.157:443)

Remove internetenhancer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.