home

First Offer LTD

Publisher Information

First Offer LTD is a brand of publishers/developers run by WebPick Internet Holdings Ltd. located in Ramat Ha'Chayal Tel Aviv, Israel. The company is a primary distributor of unwanted software. First Offer LTD is a developer of WebPick Internet Holdings and publishes a number of adware web browser plugins designed to monitor web browser behavior and inject advertisements (banner, popups, text-links, etc.) in the browser by using the WebPick InstalleRex monetization delivery platform. These programs from First Offer LTD are typiclaly installed on a variety of names and misspellings and are very difficult to remove. According to WebPick, they use developers to sign their adware in order to "throw off competitors". There is one additional code signing certificate issued to this publisher.
Authority:
COMODO CA Limited

Valid from:
10/8/2013 2:00:00 AM

Valid to:
10/9/2014 1:59:59 AM

Subject:
CN=First Offer LTD, O=First Offer LTD, STREET=Habarzel 21 Tel Aviv, L=Tel aviv, S=Israel, PostalCode=69710, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
49900242461d96cb7b045be0a258338e

Scanner detections:
Detections  (86% detected)

Scan engine
Details
Detections

Reason Heuristics
Common.PUP.FirstOffer.Q, PUP.Task.FirstOffer.Q, PUP.Task.FirstOffer.O, PUP.Installer.FirstOffer.G, PUP.ResignedInterop.FirstOffer.Z, PUP.FirstOffer.O, Common.PUP.FirstOffer.N, PUP.FirstOffer.I, PUP.Installer.FirstOffer.N, PUP.FirstOffer.U, PUP.FirstOffer.L, Common.PUP.FirstOffer.BB, PUP.FirstOffer.J, PUP.Toolbar.FirstOffer.I, PUP.WebPick.FirstOffer.Bundler (M), Common.PartOf.PUP.WebPick.FirstOffer (M), PUP.WebPick.FirstOffer.Installer (M), PUP.WebPick.FirstOffer.Toolbar (M), PUP.WebPick.FirstOff.Installer (M), PUP.WebPick.FirstOff (M), Adware (M), PUP.WebPick (M)
100.00%

avast!
Win32:InstalleRex-BF [PUP]
46.00%

AVG
Generic, Onefloorap
38.00%

Dr.Web
Adware.Plugin.364, Trojan.WebPick.7388
12.00%

Trend Micro House Call
Suspicious_GEN.F47V1028, Suspicious_GEN.F47V0928
8.00%

McAfee
Artemis!A68A9B41D4C8, Artemis!747B1F38EA1F, Artemis!59F44B313606
6.00%

Avira AntiVirus
APPL/Downloader.Gen4, TR/Trash.Gen
6.00%

Baidu Antivirus
Adware.Win32.HomeTab
2.00%

Panda Antivirus
PUP/TSUploader
2.00%

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
2.00%

1 / 68      (Adware)
wdapimng.exe (Widdit by One Floor App)  (7ca294e73ae3ee9bf8a16a3b086020aa)

1 / 68      (Adware)
wdapimng.exe (Widdit by One Floor App)  (55cdc77932c9d0a0dcbc790a4f62e603)

1 / 68      (Adware)
firstoffer.exe (QuickSet)  (a0087fe0c666868fc51b3447f7bb4560)

1 / 68      (Adware)
wbrowserupdate.exe (TBUpdater)  (e9e27e6a11408ad58f404502f08c200a)

1 / 68      (Adware)
wconnectorproductivity.exe (AsyncSystemSockets)  (1d87bfc6bc2474dcb464c8742e5e32e4)

1 / 68      (Adware)
XPProcessStart.exe (XPProcessStart)  (bd6f47f4ca512bf5a95f23f76c14ef52)

1 / 68      (Adware)
pricecongress_64.dll (Simply Tech LTD by Simply Tech)  (8f9e52b968dcd87298d289806530c569)

1 / 68      (Adware)
installhelper.dll (ToolbarInnoSetupHelper)  (b38a8a6e5d3f7d948c4f2b79f35c6c52)

1 / 68      (Adware)
unins000.exe  (4e5bead8b077edae89da733f482fc4c6)

1 / 68      (Adware)
ToolbarUninstall.exe (ToolbarUninstall)  (36a4b0ace31e502051a74e1ce6febdd3)

1 / 68      (Adware)
TBUpdater.dll (Widdit by One Floor App)  (1d7c74445a262850b47af7466a876c7f)

1 / 68      (Adware)
TaskSchedulerCreator.exe (TaskSchedulerCreator by Simplygen)  (d0be75d4fe0be86cac27b11f6d5d2fc6)

1 / 68      (Adware)
SQLite.Designer.dll (System.Data.SQLite by http://system.data.sqlite.org/)  (b5f3080763fb61de702316b6989b9193)

1 / 68      (inconclusive)
Microsoft.Win32.TaskScheduler.dll (TaskService by CodePlex Community)  (759ff29389cc13fba9e5756ca03fecb9)

1 / 68      (inconclusive)
Interop.IWshRuntimeLibrary.dll (Assembly imported from type library 'IWshRuntimeLibrary'.)  (abe3349c2814d5b94f67bd74a369ab0c)

1 / 68      (Adware)
Launcher.exe (Toolbar_Exe_Launcher_Form)  (844a315aaaae80a9720ed25ae81b383a)

1 / 68      (Adware)
pricecongress.dll (Simply Tech LTD by Simply Tech)  (306f970d182cbe1db896d60adf1264af)

1 / 68      (Adware)
wbrowserupdater.exe (TBUpdater)  (a461031f7e0aabd4db8f21e8f06056ca)

1 / 68      (Adware)
wbrowserproductivity.exe (AsyncSystemSockets)  (8ad39145994d7f5b9c1543c6f539782d)

1 / 68      (Adware)
toolbaruninstall.exe (ToolbarUninstall)  (07d53827ba05acafd17d370f7b0b17ec)

1 / 68      (Adware)
taskschedulercreator.exe (TaskSchedulerCreator by Simplygen)  (b50137bf5c51dffe4907bd0b69f14a91)

1 / 68      (Adware)
installhelper.dll (ToolbarInnoSetupHelper)  (60943c010b2baddb0848b05e3e43a299)

1 / 68      (Adware)
XPProcessStart.exe (XPProcessStart)  (1688a4af978f1e89dcc9faf6fe8e0102)

7 / 68      (Adware)
InstallHelper.dll (ToolbarInnoSetupHelper)  (94eebe6ec52a748fcfcb08841addc603)

1 / 68      (Adware)
cinshlpr.dll (Widdit by One Floor App)  (a07d672bf1be0aa314fd43831a05f43c)

1 / 68      (inconclusive)
System.Data.SQLite.dll (System.Data.SQLite by http://system.data.sqlite.org/)  (75bee5a7b46b39e9373c54cf84af2287)

1 / 68      (inconclusive)
SQLite.Interop.dll (System.Data.SQLite by Robert Simpson, et al)  (4c8f287d1f60d1236c5f5e80c93a1af0)

1 / 68      (Adware)
tbua93b.exe (PriceCongress by SimplyTech)  (3e54d400925526d15afe9db13b532a3c)

5 / 68      (Adware)
wconnectorproductivity.exe (AsyncSystemSockets)  (59f44b3136068e3afc7e842d8d47417e)

4 / 68      (Adware)
wbrowserupdate.exe (TBUpdater)  (ec41f0b6eac093bce50b544d3b0efb10)

 
Latest 30 of 73 files

The following certificate is also signed by First Offer LTD.

4A3C8068106AF46772F0E970DB0B000D  (Dec 03, 2014 to Dec 03, 2017)

The following publishers (by Authenticode signature organization name) are related.

One Floor App

Ivan Kostin

WEB PICK - INTERNET HOLDINGS LTD

Artur Kozak

Daniel Hareuveni

* Note, the details and description above are based on the code signing digital signature issued to First Offer LTD by COMODO CA Limited on October 08, 2013 with the serial number '49900242461d96cb7b045be0a258338e'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.