SAWFP64.sys

SAWFP64.sys

ADPEAK, INC.

Part of an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The file SAWFP64.sys by ADPEAK, INC has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a Windows 64-bit kernel mode device driver named “SAWFP”. This file is typically installed with the program suprasavings by Opiniads which is a potentially unwanted software program.
Publisher:
SecureAssist  (signed by ADPEAK, INC.)

Product:
SAWFP64.sys

Description:
WFP driver

Version:
2.2.8.13

MD5:
0de593914f0268fb2b4de7b9c7b33057

SHA-1:
069e12a17fa2c0287a810c45e8c757819c73a1da

SHA-256:
8463094633fab20b49863437f5163ed2ad2cd8f1ba9965f0f1c6545d8cb5294f

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 8:02:26 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ADPEAKINC.K
14.8.7.17

File size:
40.8 KB (41,768 bytes)

Product version:
2.2.8.13

Copyright:
SecureAssist (c) 2011

Original file name:
SAWFP64.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\sawfp64.sys

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
2/12/2014 1:00:00 AM

Valid to:
2/19/2015 1:00:00 PM

Subject:
CN="ADPEAK, INC.", O="ADPEAK, INC.", L=Sarasota, S=Florida, C=US, PostalCode=34233, STREET="5342 CLARK ROAD #137", SERIALNUMBER=5016610, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization

Issuer:
CN=DigiCert EV Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0A6E05774A7EF05B65E3577F6A37AEDC

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
768:woMQHvksVgskFyI00HMkxD2UR9J4nqPoTPCbx7NKgimyS6:7/PpKtHxfGbCFN8s6

Entry point:
48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, DA, 48, 8B, F9, E8, F3, 54, 00, 00, 48, 8B, D3, 48, 8B, CF, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, E9, 3E, C7, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, B9, 25, 00, 00, 75, 12, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 03, C2, 00, 00, 48, C1, C9, 10, E9, 08, 00, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, B9, 02, 00, 00, 00, CD, 29, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3158

Driver
Display name:
SAWFP

Type:
Kernel device driver (KernelDriver)

Group:
networkprovider

Depends on:
BFE


The file SAWFP64.sys has been discovered within the following program.

suprasavings  by Opiniads
Injects advertising in the user's web browser and is included in download bundles from distributors such as Apps Installer SL. From the installer: "After installing SupraSavings, you may receive ads as you browse the web that are identified as SupraSavings advertisements.
84% remove it
 
Powered by Should I Remove It?

Remove SAWFP64.sys - Powered by Reason Core Security