home

wdapimng_64.exe

Widdit

First Offer LTD

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application wdapimng_64.exe, “wdapimng Application” by First Offer has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
One Floor App Ltd.  (signed by First Offer LTD)

Product:
Widdit

Description:
wdapimng Application

Version:
7.0.0.1

MD5:
226a2ea266f676cb955a3e9c2df215b9

SHA-1:
f0db7d321c39aff04ac6982399271b83d2e3ae3e

SHA-256:
df83716c4c5e112246249d6c6dd49e77a9d5b5624a2d1ef924a3295429454900

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/1/2024 9:18:04 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebPick.FirstOff (M)
16.6.13.14

File size:
226 KB (231,472 bytes)

Product version:
7.0.0.1

Copyright:
(C) 2014 One Floor App Ltd.

Trademarks:
Widdit(TM) is either a trademark or registered trademark of One Floor App Ltd Company.

Original file name:
wdapimng.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\pricecongress\ie\wdapimng_64.exe

Digital Signature
Signed by:
First Offer LTD

Authority:
COMODO CA Limited

Valid from:
12/3/2014 1:00:00 AM

Valid to:
12/3/2017 12:59:59 AM

Subject:
CN=First Offer LTD, O=First Offer LTD, STREET=Habarzel 21, L=Tel aviv, S=Israel, PostalCode=69710, C=IL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4A3C8068106AF46772F0E970DB0B000D

File PE Metadata
Compilation timestamp:
10/19/2014 5:04:36 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:suJlviWPx+GRERRR0241OCFJKq2F09B7nn3bzXgvcu:ZlzDmH4YCQ09VnHQL

Entry address:
0x13DE8

Entry point:
48, 83, EC, 28, E8, BF, 43, 00, 00, 48, 83, C4, 28, E9, 1A, FE, FF, FF, CC, CC, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, 31, 16, 02, 00, FF, 15, 5B, 23, 01, 00, 4C, 8B, 1D, 1C, 17, 02, 00, 4C, 89, 5C, 24, 58, 45, 33, C0, 48, 8D, 54, 24, 60, 48, 8B, 4C, 24, 58, E8, 09, 7E, 00, 00, 48, 89, 44, 24, 50, 48, 83, 7C, 24, 50, 00, 74, 41, 48, C7, 44, 24, 38, 00, 00, 00, 00, 48, 8D, 44, 24, 48, 48, 89, 44, 24, 30, 48, 8D, 44, 24, 40, 48, 89, 44, 24, 28, 48, 8D, 05, DC, 15, 02, 00, 48, 89, 44, 24...
 
[+]

Code size:
141 KB (144,384 bytes)

Remove wdapimng_64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.