home

wasp.exe

WaspAce wasp

WaspAce Service

The application wasp.exe by WaspAce Service has been detected as a potentially unwanted program by 2 anti-malware scanners. While running, it connects to the Internet address zero-db-02.neolabs.net on port 80 using the HTTP protocol.
Publisher:
WaspAce  (signed by WaspAce Service)

Product:
WaspAce wasp

Version:
3.12.5.0

MD5:
e93ecc5d23ca7dbec00712b735d6821b

SHA-1:
68370b0196731cacc6516e922b594fcaba7a55d0

SHA-256:
666959817a5a277b546dad23b5317758aa6262fac713a18267584b8105e86443

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 8:52:57 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.2943

Reason Heuristics
PUP.WaspAceS (M)
16.3.9.12

File size:
5.9 MB (6,184,480 bytes)

Product version:
0.0.0.0

Copyright:
WaspAce

Trademarks:
WaspAce

Original file name:
wasp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
WaspAce Service

Authority:
WaspAce Service

Valid from:
4/7/2013 7:16:42 PM

Valid to:
12/31/2039 6:59:59 PM

Subject:
CN=WaspAce Service

Issuer:
CN=WaspAce Service

Serial number:
32FD6B4F8A1DF6AC491E72D01463EE79

File PE Metadata
Compilation timestamp:
7/8/2015 12:01:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:rogHY1OUn5eczWbs+V4NBy31cuZnNIMdI/Y/lsznkztandV3Bh4N:bUnnWFVD1cuZySgY/OzjAN

Entry address:
0x51E228

Entry point:
55, 8B, EC, 83, C4, C8, 33, C0, 89, 45, D0, 89, 45, CC, 89, 45, C8, 89, 45, D8, 89, 45, D4, 89, 45, DC, B8, 1C, 87, 90, 00, E8, 54, EE, AE, FF, 33, C0, 55, 68, 52, E4, 91, 00, 64, FF, 30, 64, 89, 20, E8, 55, B5, C0, FF, E8, F8, 2D, AF, FF, E8, 87, BE, C0, FF, A3, 44, A5, 97, 00, 8D, 55, DC, A1, 44, A5, 97, 00, E8, C9, BD, C0, FF, 8B, 55, DC, B8, 48, A5, 97, 00, E8, EC, A8, AE, FF, 68, 78, 86, 90, 00, 6A, 00, 6A, 00, 6A, 06, B9, 10, 27, 00, 00, B2, 01, A1, C4, A6, 52, 00, E8, B0, C7, C0, FF, B8, B4, 85, 90...
 
[+]

Entropy:
6.5051

Developed / compiled with:
Microsoft Visual C++

Code size:
5.1 MB (5,362,176 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to static.yandex.net  (178.154.131.217:443)

TCP (HTTP):
Connects to tutitam.eu  (51.254.134.143:80)

TCP (HTTP):
Connects to zero-db-02.neolabs.net  (195.93.153.90:80)

TCP (HTTP):
Connects to s12-1.mx.webhost1.ru  (91.217.9.181:80)

TCP (HTTP SSL):
Connects to mc.yandex.ru  (87.250.250.119:443)

TCP (HTTP SSL):
Connects to kiks.yandex.ru  (213.180.204.143:443)

TCP (HTTP):
Connects to a-0001.a-msedge.net  (204.79.197.200:80)

TCP (HTTP):
Connects to host05.rax.ru  (88.212.196.105:80)

TCP (HTTP SSL):
Connects to yandex.ru  (77.88.55.70:443)

TCP (HTTP):
Connects to skm41.hostsila.org  (193.169.188.140:80)

TCP (HTTP SSL):
Connects to ec2-54-247-104-58.eu-west-1.compute.amazonaws.com  (54.247.104.58:443)

TCP (HTTP):
Connects to ec2-54-183-175-145.us-west-1.compute.amazonaws.com  (54.183.175.145:80)

TCP (HTTP SSL):
Connects to avatars.mds.yandex.net  (87.250.247.181:443)

TCP (HTTP SSL):
Connects to vrrp4-front.surfy.ru  (185.99.9.116:443)

TCP (HTTP SSL):
Connects to top-fwz1.mail.ru  (217.69.133.148:443)

TCP (HTTP SSL):
Connects to suggest.yandex.net  (87.250.251.63:443)

TCP (HTTP):
Connects to ssp2.adriver.ru  (195.209.111.7:80)

TCP (HTTP):
Connects to ssp.rambler.ru  (91.192.149.30:80)

TCP (HTTP SSL):
Connects to srv82-165-240-87.vk.com  (87.240.165.82:443)

TCP (HTTP):
Connects to smtp1.webinar.ru  (62.76.103.147:80)

Remove wasp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.