Win32/Waspace [Threat Name] go to Threat
Win32/Waspace.AA [Threat Variant Name]
|Detection created||May 11, 2015|
|Signature database version||11608|
Win32/Waspace.AA is a trojan that can interfere with the operation of certain applications.
When executed the trojan drops in folder %commonappdata%\DRM\RECOVERY\ the following file:
A "desktop.lnk" file is dropped in the %startup% folder.
The file is a shortcut to a malicious file.
The following Registry entries are created:
- "%malwarefilename%" = "%malwarefilepath%"
This causes the trojan to be executed on every system start.
The trojan runs the following processes:
- %malwarefolder%\wasppacer.exe -l=croko -m=10 -a=1
The following programs are terminated:
Then the trojan deletes these files.
The trojan may delete the following files:
The trojan can modify the following file:
The trojan affects the behavior of the following applications:
The trojan hides windows of running processes which contain any of the following strings in their title:
- Wasppacer [defix]