» VDWFP.sys
Overview
Analysis
File Details

VDWFP.sys

Superfish Inc.

The file VDWFP.sys by Superfish has been detected as adware by 19 anti-malware scanners.

File name:

VDWFP.sys

Publisher:

Superfish, Inc. (signed by Superfish Inc.)

Product:

VDWFP.sys

Description:

WFP driver

Version:

2.2.8.23

MD5:

354fd3e855e6b6a467d85b1fb0487843

SHA-1:

a756feaa8e32fae58daa5fa8983af810eafbf038

SHA-256:

11e7cebe6cb702d36a158a9ca769691b253c109ea57e71bd2aac25b1db2402d5

Scanner detections:

19 / 68

Status:

Adware

Analysis date:

5/10/2024 12:44:03 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Superfish.B

712

Avira AntiVirus

Adware/SuperFish.B.2

7.11.211.246

avast!

Win32:Adware-gen [Adw]

2014.9-150223

AVG

Superfish.4d6

2016.0.3190

Bitdefender

Adware.Superfish.B

1.0.20.270

Emsisoft Anti-Malware

Adware.Superfish

8.15.02.23.12

ESET NOD32

Win32/Adware.SuperFish

9.11212

Fortinet FortiGate

Riskware/SuperFish

2/23/2015

F-Secure

Adware.Superfish.B

11.2015-23-02_2

G Data

Adware.Superfish

15.2.25

IKARUS anti.virus

AdWare.SuperFish

t3scan.1.8.6.0

K7 AntiVirus

Adware

13.197.15042

Malwarebytes

PUP.Optional.SuperFish

v2015.02.23.12

MicroWorld eScan

Adware.Superfish.B

16.0.0.162

Qihoo 360 Security

Trojan.Generic

1.0.0.1015

Reason Heuristics

PUP.Superfish

15.3.1.9

Trend Micro House Call

ADW_SUPERFISH

7.2.54

Trend Micro

ADW_SUPERFISH

10.465.23

VIPRE Antivirus

Superfish

37762

File size:

29.3 KB (30,040 bytes)

Product version:

2.2.8.23

Original file name:

VDWFP.sys

File type:

Driver (Win32 SYS)

Language:

English (United States)

Common path:

C:\Program Files\lenovo\visualdiscovery\vdwfp.sys

Digital Signature

Signed by:

Superfish Inc.

Authority:

Thawte, Inc.

Valid from:

7/28/2013 8:00:00 PM

Valid to:

7/27/2014 7:59:59 PM

Subject:

CN=Superfish Inc., O=Superfish Inc., L=Grandville, S=Michigan, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

3E32431476CFB3E1F90955B25396A6F4

File PE Metadata

Compilation timestamp:

5/12/2014 12:56:27 PM

OS version:

6.2

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

11.0

CTPH (ssdeep):

384:1rggg5UJ4KnQpecGd1hAZCsiBrz7xtM0cUFxSyW2jnobPLjD:1rgh5JeF1hApmY05FxSyW8oTD

Entry address:

0x4BD2

Entry point:

8B, FF, 55, 8B, EC, E8, 2A, 34, 00, 00, 5D, E9, 9C, D3, FF, FF, CC, CC, CC, CC, CC, CC, 3B, 0D, 00, 60, 40, 00, 75, 03, C2, 00, 00, E9, 06, 00, 00, 00, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 51, 89, 4D, FC, 6A, 02, 59, CD, 29, CC, CC, CC, CC, CC, CC, CC, CC, B8, 01, 00, 00, 00, C2, 10, 00, 61, 00, 70, 00, 70, 00, 54, 00, 61, 00, 62, 00, 6C, 00, 65, 00, 00, 00, 69, 00, 70, 00, 54, 00, 61, 00, 62, 00, 6C, 00, 65, 00, 00, 00, 70, 00, 6F, 00, 72, 00, 74, 00, 54, 00, 61, 00, 62, 00, 6C, 00, 65, 00, 00, 00... 
[+]

Entropy:

6.5143

Code size:

18 KB (18,432 bytes)

Remove VDWFP.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.