» waveserver.exe
Overview
Analysis
File Details
Behaviors (1)

waveserver.exe

Wave Server Enterprise 2015 Web Protection

Wave Corporate Sistemas LTDA

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ENVIRONMENT’.

File name:

waveserver.exe

Publisher:

Wave Corporate Software Ltda. (signed by Wave Corporate Sistemas LTDA)

Product:

Wave Server Enterprise™ 2015 ® Web Protection

Description:

Wave Server Enterprise™ 2015

Version:

6.00.0004

MD5:

71bb109a379293e0b61f4875dcf85628

SHA-1:

771bb0504f9cde8baf5af85db2e5fb0b56dad546

SHA-256:

fe9d30b4f4d4d252d8f035deeec6963e69ebf61b16a76760c845b4958e504f08

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/24/2024 1:37:50 PM UTC (today)

Scan engine

Detection

Engine version

Rising Antivirus

PE:Malware.MHeart!1.65B7

23.00.65.141105

File size:

5.1 MB (5,389,568 bytes)

Product version:

6.00.0004

Wave Server Enterprise™ 2015 ,Wave Intelligence2010® e Wis Client® são marcas Registradas da Wave Corporate Software S/A

Trademarks:

Wave Server Enterprise™ 2015, Wave Intelligence2015® e Wis Client® são marcas Registradas da Wave Corporate Software S/A

Original file name:

waveserver.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

Wave Corporate Sistemas LTDA

Authority:

COMODO CA Limited

Valid from:

5/15/2014 9:00:00 PM

Valid to:

5/16/2015 8:59:59 PM

Subject:

CN=Wave Corporate Sistemas LTDA, O=Wave Corporate Sistemas LTDA, STREET="Rua Waltrudes Correa, 297", L=São Paulo, S=São Paulo, PostalCode=05122070, C=BR

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

5CF9AD4E9073852DEFA5388B9A06D3DD

File PE Metadata

Compilation timestamp:

7/22/2014 10:25:36 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:ol45K45W45U45N45q45A45G45d45L45u45C45H45Z45o45Nl45N452XO45/Qp45j:SyQrqiaBKCPMMqBCV5CVlABckqc4CX

Entry address:

0xB170

Entry point:

68, 2C, BA, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 68, 00, 00, 00, 48, 00, 00, 00, 82, F7, 88, 4C, 9E, 68, E5, 4B, A0, D7, F3, 07, 7D, 53, 92, B1, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 57, 61, 76, 65, 53, 65, 72, 76, 65, 72, 45, 6E, 74, 65, 72, 70, 72, 69, 73, 65, 00, 00, 00, 00, 57, 61, 76, 65, 20, 53, 65, 72, 76, 65, 72, 20, 45, 6E, 74, 65, 72, 70, 72, 69, 73, 65, 99, 20, 20, 32, 30, 31, 35, 00, 00, 00, 00, 00, 00, 00, 01, 00, 05, 00, 2C, 82, 42, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

5.1 MB (5,341,184 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

ENVIRONMENT

Command:

C:\wave server enterprise\waveserver.exe

Scan waveserver.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.