WajamInternetEnhancer.exe

Wajam Internet Enhancer

Wajam Internet Technologies Inc.

The file is part of Wajam, a web browser extension that injects social search integration into various search portals such as Google. The application WajamInternetEnhancer.exe has been detected as adware by 11 anti-malware scanners.
Publisher:
Wajam Internet Technologies Inc.

Product:
Wajam Internet Enhancer

Version:
2.15.2.5

MD5:
ffbb97b42f4196263928bc22afea628c

SHA-1:
2b04cb0cc205cb6853bcc34a1a8c53abf73853f2

SHA-256:
d56bad8d7cc4d92df0c0ea4a9f724c99cec91601f3bde22f0a33965ef0bf7573

Scanner detections:
11 / 68

Status:
Adware

Analysis date:
11/20/2017 8:45:31 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.OMF
788

Avira AntiVirus
TR/Trash.Gen
7.11.30.172

Bitdefender
Adware.Agent.OMF
1.0.20.1710

Emsisoft Anti-Malware
Adware.Agent.OMF
8.14.12.08.07

F-Secure
Adware.Agent.OMF
11.2014-08-12_2

G Data
Adware.Agent.OMF
14.12.24

Malwarebytes
PUP.Optional.Wajam
v2014.09.27.07

MicroWorld eScan
Adware.Agent.OMF
15.0.0.1026

nProtect
Adware.Agent.OMF
14.10.19.01

Reason Heuristics
PUP.WajamInternetTechnologies.V
14.9.27.7

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10189

File size:
82.5 KB (84,480 bytes)

Product version:
2.15.2.5

Copyright:
Copyright © 2014

Original file name:
WajamInternetEnhancer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wajam\wajam internet enhancer\wajaminternetenhancer.exe

File PE Metadata
Compilation timestamp:
9/25/2014 2:23:08 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:l2xzUxTtaIfYxA8K9vnSJvleC0o3My2qGfvibCz7MSwL1Vf/RyQngVF:ExKTtaEYxVKPSJlome8hVfY

Entry address:
0x15BFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
79.5 KB (81,408 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:80)

TCP (HTTP SSL):
Connects to ec2-23-23-112-220.compute-1.amazonaws.com  (23.23.112.220:443)

TCP (HTTP SSL):
Connects to ec2-52-6-82-78.compute-1.amazonaws.com  (52.6.82.78:443)

TCP (HTTP):
Connects to ec2-54-246-181-97.eu-west-1.compute.amazonaws.com  (54.246.181.97:80)

TCP (HTTP):
Connects to ec2-50-19-113-170.compute-1.amazonaws.com  (50.19.113.170:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (52.216.17.18:80)

TCP (HTTP):

TCP (HTTP):
Connects to server-52-84-126-32.iad16.r.cloudfront.net  (52.84.126.32:80)

TCP (HTTP SSL):
Connects to ec2-52-72-157-241.compute-1.amazonaws.com  (52.72.157.241:443)

TCP (HTTP SSL):
Connects to a72-246-97-32.deploy.akamaitechnologies.com  (72.246.97.32:443)

TCP (HTTP):
Connects to a7.8c.adb8.ip4.static.sl-reverse.com  (184.173.140.167:80)

TCP (HTTP):
Connects to a2.8c.adb8.ip4.static.sl-reverse.com  (184.173.140.162:80)

TCP (HTTP SSL):
Connects to w04.ttms.eu  (46.105.156.76:443)

TCP (HTTP SSL):
Connects to w01.ttms.eu  (46.105.156.71:443)

TCP (HTTP SSL):
Connects to server-54-230-51-200.jfk5.r.cloudfront.net  (54.230.51.200:443)

TCP (HTTP):
Connects to ec2-52-50-196-247.eu-west-1.compute.amazonaws.com  (52.50.196.247:80)

TCP (HTTP):
Connects to ec2-52-30-226-196.eu-west-1.compute.amazonaws.com  (52.30.226.196:80)

TCP (HTTP):
Connects to ec2-52-207-48-5.compute-1.amazonaws.com  (52.207.48.5:80)

TCP (HTTP):
Connects to server-54-230-51-53.jfk5.r.cloudfront.net  (54.230.51.53:80)

TCP (HTTP):
Connects to server-54-230-163-79.jax1.r.cloudfront.net  (54.230.163.79:80)

Remove WajamInternetEnhancer.exe - Powered by Reason Core Security