WajamInternetEnhancer.exe

Wajam Internet Enhancer

Wajam Internet Technologies Inc.

The file is part of Wajam, a web browser extension that injects social search integration into various search portals such as Google. The application WajamInternetEnhancer.exe has been detected as adware by 2 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 49696 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program Wajam which is a potentially unwanted software program.
Publisher:
Wajam Internet Technologies Inc.

Product:
Wajam Internet Enhancer

Version:
2.15.1.84

MD5:
47e90b009b308a298126b683fbe47446

SHA-1:
888605c454e448223bcaa42883063108b5bfd3b3

SHA-256:
4a5633e4e8273988f708b81a25058c6f898a94698ffd0c1d4cb814041035f6a1

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/22/2017 11:08:18 PM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.Wajam
v2014.09.09.10

Reason Heuristics
PUP.WajamInternetTechnologies.V
14.9.9.22

File size:
82.5 KB (84,480 bytes)

Product version:
2.15.1.84

Copyright:
Copyright © 2014

Original file name:
WajamInternetEnhancer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wajam\wajam internet enhancer\wajaminternetenhancer.exe

File PE Metadata
Compilation timestamp:
9/4/2014 10:06:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:92xzUxTtaIfYxA8K9vnSJvleC0o3My2qGfvib1x7MSwLRVf/CyQngVc:sxKTtaEYxVKPSJlomz8FVfS

Entry address:
0x15BFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.7621

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
79.5 KB (81,408 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:49696/

Local host port:
49696

Default credentials:
No


The file WajamInternetEnhancer.exe has been discovered within the following program.

Wajam  by Wajam
Wajam is a search-enhancement product, but it does not change homepage or search. This product shows display and/or text ads into third-party websites which may alter normal web page layouts.
www.wajam.com
73% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to track-eu.adform.net  (86.58.179.99:80)

TCP (HTTP):
Connects to snt-re3-7c.sjc.dropbox.com  (108.160.162.103:80)

TCP (HTTP SSL):
Connects to sn3302-e.1drv.com  (134.170.120.200:443)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.16.73:80)

TCP (HTTP):
Connects to rtr1.l7.search.vip.ir2.yahoo.com  (188.125.66.105:80)

TCP (HTTP):
Connects to rtr1.l7.search.vip.bf1.yahoo.com  (66.196.86.81:80)

TCP (HTTP SSL):
Connects to msnbot-65-55-252-43.search.msn.com  (65.55.252.43:443)

TCP (HTTP):
Connects to mpr1.ngd.vip.bf1.yahoo.com  (98.139.225.42:80)

TCP (HTTP):
Connects to mil02s05-in-f28.1e100.net  (74.125.232.156:80)

TCP (HTTP):
Connects to mil02s05-in-f25.1e100.net  (74.125.232.153:80)

TCP (HTTP):
Connects to mil02s05-in-f13.1e100.net  (74.125.232.141:80)

TCP (HTTP):
Connects to mil01s19-in-f25.1e100.net  (173.194.116.25:80)

TCP (HTTP SSL):
Connects to lhr08s05-in-f5.1e100.net  (74.125.230.133:443)

TCP (HTTP):
Connects to ip-216-93-253-165.twdx.net  (216.93.253.165:80)

TCP (HTTP SSL):
Connects to fra07s32-in-f3.1e100.net  (173.194.112.163:443)

TCP (HTTP SSL):
Connects to fra07s32-in-f0.1e100.net  (173.194.112.160:443)

TCP (HTTP):
Connects to float.1789.bm-impbus.prod.fra1.adnexus.net  (37.252.170.103:80)

TCP (HTTP):
Connects to float.1685.bm-impbus.prod.fra1.adnexus.net  (37.252.170.92:80)

TCP (HTTP):
Connects to float.1480.bm-impbus.prod.ams1.adnexus.net  (37.252.162.30:80)

Remove WajamInternetEnhancer.exe - Powered by Reason Core Security