» WajamInternetEnhancer.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (48)

WajamInternetEnhancer.exe

Wajam Internet Enhancer

Wajam Internet Technologies Inc.

The file is part of Wajam, a web browser extension that injects social search integration into various search portals such as Google. The application WajamInternetEnhancer.exe has been detected as adware by 2 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 49696 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program Wajam which is a potentially unwanted software program.

File name:

Publisher:

Wajam Internet Technologies Inc.

Product:

Wajam Internet Enhancer

Version:

2.15.1.84

MD5:

47e90b009b308a298126b683fbe47446

SHA-1:

888605c454e448223bcaa42883063108b5bfd3b3

SHA-256:

4a5633e4e8273988f708b81a25058c6f898a94698ffd0c1d4cb814041035f6a1

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/28/2024 7:33:06 AM UTC (today)

Scan engine

Detection

Engine version

Malwarebytes

PUP.Optional.Wajam

v2014.09.09.10

Reason Heuristics

PUP.WajamInternetTechnologies.V

14.9.9.22

File size:

82.5 KB (84,480 bytes)

Product version:

2.15.1.84

Original file name:

WajamInternetEnhancer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\wajam\wajam internet enhancer\wajaminternetenhancer.exe

File PE Metadata

Compilation timestamp:

9/4/2014 10:06:40 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:92xzUxTtaIfYxA8K9vnSJvleC0o3My2qGfvib1x7MSwLRVf/CyQngVc:sxKTtaEYxVKPSJlomz8FVfS

Entry address:

0x15BFE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.7621

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

79.5 KB (81,408 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:49696/

Local host port:

49696

Default credentials:

The file WajamInternetEnhancer.exe has been discovered within the following program.

Wajam by Wajam

Wajam is a search-enhancement product, but it does not change homepage or search. This product shows display and/or text ads into third-party websites which may alter normal web page layouts.

www.wajam.com

73% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-208-30-101.compute-1.amazonaws.com (54.208.30.101:80)

TCP (HTTP):

Connects to track-eu.adform.net (86.58.179.99:80)

TCP (HTTP):

Connects to snt-re3-7c.sjc.dropbox.com (108.160.162.103:80)

TCP (HTTP SSL):

Connects to sn3302-e.1drv.com (134.170.120.200:443)

TCP (HTTP):

Connects to s3-1-w.amazonaws.com (54.231.16.73:80)

TCP (HTTP):

Connects to rtr1.l7.search.vip.ir2.yahoo.com (188.125.66.105:80)

TCP (HTTP):

Connects to rtr1.l7.search.vip.bf1.yahoo.com (66.196.86.81:80)

TCP (HTTP SSL):

Connects to msnbot-65-55-252-43.search.msn.com (65.55.252.43:443)

TCP (HTTP):

Connects to mpr1.ngd.vip.bf1.yahoo.com (98.139.225.42:80)

TCP (HTTP):

Connects to mil02s05-in-f28.1e100.net (74.125.232.156:80)

TCP (HTTP):

Connects to mil02s05-in-f25.1e100.net (74.125.232.153:80)

TCP (HTTP):

Connects to mil02s05-in-f13.1e100.net (74.125.232.141:80)

TCP (HTTP):

Connects to mil01s19-in-f25.1e100.net (173.194.116.25:80)

TCP (HTTP SSL):

Connects to lhr08s05-in-f5.1e100.net (74.125.230.133:443)

TCP (HTTP):

Connects to ip-216-93-253-165.twdx.net (216.93.253.165:80)

TCP (HTTP SSL):

Connects to fra07s32-in-f3.1e100.net (173.194.112.163:443)

TCP (HTTP SSL):

Connects to fra07s32-in-f0.1e100.net (173.194.112.160:443)

TCP (HTTP):

Connects to float.1789.bm-impbus.prod.fra1.adnexus.net (37.252.170.103:80)

TCP (HTTP):

Connects to float.1685.bm-impbus.prod.fra1.adnexus.net (37.252.170.92:80)

TCP (HTTP):

Connects to float.1480.bm-impbus.prod.ams1.adnexus.net (37.252.162.30:80)

Remove WajamInternetEnhancer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.