» WajamInternetEnhancer.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (125)

WajamInternetEnhancer.exe

Wajam Internet Enhancer

Wajam Internet Technologies Inc.

The file is part of Wajam, a web browser extension that injects social search integration into various search portals such as Google. The application WajamInternetEnhancer.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 59616 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program Wajam which is a potentially unwanted software program.

File name:

Publisher:

Wajam Internet Technologies Inc.

Product:

Wajam Internet Enhancer

Version:

2.11.2.54

MD5:

e4e2a2a7790d90ec1d118260eb4220b6

SHA-1:

cbd6c68d7d335612b81cbaf4afc4bb5632a24ff2

SHA-256:

878a3386f24a47f653f7a745abcc8f8ce2b1a9ffb5a58a79d57bc5800f044960

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 6:55:42 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.WajamInternetTechnologies.V

14.6.26.12

File size:

81.5 KB (83,456 bytes)

Product version:

2.11.2.54

Original file name:

WajamInternetEnhancer.exe

File type:

Executable application (Win32 EXE)

Language:

Turkish (Turkey)

Common path:

C:\Program Files\wajam\wajam internet enhancer\wajaminternetenhancer.exe

File PE Metadata

Compilation timestamp:

6/26/2014 5:11:13 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:uGzxzzxTkwLqA/P/6b11oElb2tgTgldK4L7XTzZflcPaleqAVEltPUVrBpJR78tv:RzxxTkwLqA/P/6b11Nlb2tgTgldK4HDx

Entry address:

0x1582E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

78.5 KB (80,384 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:59616/

Local host port:

59616

Default credentials:

The file WajamInternetEnhancer.exe has been discovered within the following program.

Wajam by Wajam

Wajam is a search-enhancement product, but it does not change homepage or search. This product shows display and/or text ads into third-party websites which may alter normal web page layouts.

www.wajam.com

73% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to vip0x013.map2.ssl.hwcdn.net (209.197.3.19:443)

TCP (HTTP):

Connects to ec2-50-16-138-48.compute-1.amazonaws.com (50.16.138.48:80)

TCP (HTTP SSL):

Connects to a23-3-132-126.deploy.static.akamaitechnologies.com (23.3.132.126:443)

TCP (HTTP SSL):

Connects to a23-15-89-119.deploy.static.akamaitechnologies.com (23.15.89.119:443)

TCP (HTTP SSL):

Connects to server-52-85-77-162.lax3.r.cloudfront.net (52.85.77.162:443)

TCP (HTTP SSL):

Connects to iforgot-nwk.apple.com (17.151.2.11:443)

TCP (HTTP SSL):

Connects to a184-24-23-199.deploy.static.akamaitechnologies.com (184.24.23.199:443)

TCP (HTTP):

Connects to ec2-54-208-30-101.compute-1.amazonaws.com (54.208.30.101:80)

TCP (HTTP SSL):

Connects to ec2-54-214-30-155.us-west-2.compute.amazonaws.com (54.214.30.155:443)

TCP (HTTP):

Connects to server-54-230-87-128.lax3.r.cloudfront.net (54.230.87.128:80)

TCP (HTTP SSL):

Connects to s3-1.amazonaws.com (54.231.33.186:443)

TCP (HTTP):

Connects to event.ia4.adxpose.com (66.119.33.173:80)

TCP (HTTP):

Connects to a23-215-100-155.deploy.static.akamaitechnologies.com (23.215.100.155:80)

TCP (HTTP):

Connects to li927-122.members.linode.com (45.56.77.122:80)

TCP (HTTP):

Connects to ec2-35-163-9-66.us-west-2.compute.amazonaws.com (35.163.9.66:80)

TCP (HTTP):

Connects to vcs1.us2.msg.vip.bf1.yahoo.com (66.196.112.212:80)

TCP (HTTP SSL):

Connects to uslax1-vip-bx-003.aaplimg.com (17.253.27.203:443)

TCP (HTTP):

Connects to server-54-230-87-93.lax3.r.cloudfront.net (54.230.87.93:80)

TCP (HTTP):

Connects to server-54-230-87-166.lax3.r.cloudfront.net (54.230.87.166:80)

TCP (HTTP):

Connects to server-52-85-77-4.lax3.r.cloudfront.net (52.85.77.4:80)

Remove WajamInternetEnhancer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.