» afirstsvc.exe
Overview
Analysis
File Details
Behaviors (1)

afirstsvc.exe

Ad First Catch

Part of an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application afirstsvc.exe by Ad First Catch has been detected as adware by 18 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “First Verify”.

File name:

afirstsvc.exe

Publisher:

Ad First Catch (signed and verified)

MD5:

73ce0416073976fa09f80654d1041a40

SHA-1:

b6264ebe8d0c5b805b53858becbc23cf77ebd13c

SHA-256:

7b5743183ec2c15589ceb0b07c5ec13693490786559a3da74183185d1de20354

Scanner detections:

18 / 68

Status:

Adware

Analysis date:

8/4/2025 3:00:35 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.174811

660

Agnitum Outpost

Trojan.AdSuproot

7.1.1

Avira AntiVirus

ADWARE/Adware.Gen7

3.6.1.96

AVG

AdSupr

2016.0.3122

Baidu Antivirus

Trojan.Win32.AdSuproot

4.0.3.1552

Bitdefender

Gen:Variant.Graftor.174811

1.0.20.525

Bkav FE

W32.RustirdosLTU.Trojan

1.3.0.6379

Emsisoft Anti-Malware

Gen:Variant.Graftor.174811

8.15.04.15.05

ESET NOD32

Win32/AdSuproot (variant)

9.11517

Fortinet FortiGate

W32/Ad_Support.C!tr

5/2/2015

F-Secure

Gen:Variant.Graftor.174811

11.2015-15-04_4

G Data

Gen:Variant.Graftor.174811

15.4.25

K7 AntiVirus

Trojan

13.203.15680

McAfee

BackDoor-FCKT!13F3E4ECED43

5600.6778

MicroWorld eScan

Gen:Variant.Graftor.174811

16.0.0.315

Panda Antivirus

Generic Suspicious

15.04.15.05

Reason Heuristics

PUP.AdPeak.AdFirstCatch

15.4.24.0

Sophos

Ad Support

4.98

File size:

98.4 KB (100,768 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\syswow64\compatibility verifier\afirstsvc.exe

Digital Signature

Signed by:

Ad First Catch

Authority:

Ad First Catch

Valid from:

4/14/2015 10:46:48 PM

Valid to:

4/13/2016 10:46:48 PM

Subject:

CN=adfirst.nl, OU=Ads, O=Ad First Catch, S=Holland, C=NL

Issuer:

E=support@firstcatchads.nl, O=Ad First Catch, L=Amsterdam, S=Holland, C=NL

Serial number:

00E592A6D69AFA75B0

File PE Metadata

Compilation timestamp:

4/15/2015 3:31:55 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

CTPH (ssdeep):

1536:bK0eSQyiA7zrodVhEInY2J0ZLGKk/P/XgjNXlBvJaKSA:bKbSQy33oPEI86ZPvcNXlBvJRSA

Entry address:

0x3EAA

Entry point:

E8, 97, 3B, 00, 00, E9, 40, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, E8, 41, 41, 00, 89, 0D, E4, 41, 41, 00, 89, 15, E0, 41, 41, 00, 89, 1D, DC, 41, 41, 00, 89, 35, D8, 41, 41, 00, 89, 3D, D4, 41, 41, 00, 66, 8C, 15, 00, 42, 41, 00, 66, 8C, 0D, F4, 41, 41, 00, 66, 8C, 1D, D0, 41, 41, 00, 66, 8C, 05, CC, 41, 41, 00, 66, 8C, 25, C8, 41, 41, 00, 66, 8C, 2D, C4, 41, 41, 00, 9C, 8F, 05, F8, 41, 41, 00, 8B, 45, 00, A3, EC, 41, 41, 00, 8B, 45, 04, A3, F0, 41, 41, 00, 8D, 45, 08, A3, FC, 41, 41, 00, 8B... 
[+]

Entropy:

5.7814

Code size:

56 KB (57,344 bytes)

Service

Display name:

First Verify

Service name:

Verifies and fixes issues

Type:

Win32OwnProcess

Remove afirstsvc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.