home

wdapimng_64.exe

Widdit

First Offer LTD

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application wdapimng_64.exe, “wdapimng Application” by First Offer has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
One Floor App Ltd.  (signed by First Offer LTD)

Product:
Widdit

Description:
wdapimng Application

Version:
7.0.0.1

MD5:
a7b273ecc43aa95b323052ccd2e547cd

SHA-1:
c2829d1855c83ca7c0b1b1b89a807a6b5344cca2

SHA-256:
016bb1052c85380afce950de20e93959fe2d1504072e5c2a8eb3794e7977de08

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/1/2024 4:58:09 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebPick (M)
16.10.24.19

File size:
226 KB (231,472 bytes)

Product version:
7.0.0.1

Copyright:
(C) 2014 One Floor App Ltd.

Trademarks:
Widdit(TM) is either a trademark or registered trademark of One Floor App Ltd Company.

Original file name:
wdapimng.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\pricecongress\ie\wdapimng_64.exe

Digital Signature
Signed by:
First Offer LTD

Authority:
COMODO CA Limited

Valid from:
12/3/2014 1:00:00 AM

Valid to:
12/3/2017 12:59:59 AM

Subject:
CN=First Offer LTD, O=First Offer LTD, STREET=Habarzel 21, L=Tel aviv, S=Israel, PostalCode=69710, C=IL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4A3C8068106AF46772F0E970DB0B000D

File PE Metadata
Compilation timestamp:
10/19/2014 5:04:36 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:/uJlviWPx+GRERRR0241OCFJKq2F09B7nn3bzXgvcO:4lzDmH4YCQ09VnHQL

Entry address:
0x13DE8

Entry point:
48, 83, EC, 28, E8, BF, 43, 00, 00, 48, 83, C4, 28, E9, 1A, FE, FF, FF, CC, CC, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, 31, 16, 02, 00, FF, 15, 5B, 23, 01, 00, 4C, 8B, 1D, 1C, 17, 02, 00, 4C, 89, 5C, 24, 58, 45, 33, C0, 48, 8D, 54, 24, 60, 48, 8B, 4C, 24, 58, E8, 09, 7E, 00, 00, 48, 89, 44, 24, 50, 48, 83, 7C, 24, 50, 00, 74, 41, 48, C7, 44, 24, 38, 00, 00, 00, 00, 48, 8D, 44, 24, 48, 48, 89, 44, 24, 30, 48, 8D, 44, 24, 40, 48, 89, 44, 24, 28, 48, 8D, 05, DC, 15, 02, 00, 48, 89, 44, 24...
 
[+]

Code size:
141 KB (144,384 bytes)

Remove wdapimng_64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.