vdwfpinstaller.exe

VDWFPInstaller.exe

Superfish Inc.

The application vdwfpinstaller.exe by Superfish has been detected as adware by 19 anti-malware scanners.
Publisher:
Superfish, Inc.  (signed by Superfish Inc.)

Product:
VDWFPInstaller.exe

Description:
WFPInstaller

Version:
2.2.8.23

MD5:
792fc64f10a39329bd2f24ee03e9cefa

SHA-1:
b5d68fe790f0fd30198f7f6c19fa190f561f301e

SHA-256:
dc63d345494112fcadf19063f237b43272438473f7022f0025a2bd27c4b79b99

Scanner detections:
19 / 68

Status:
Adware

Analysis date:
12/25/2024 9:10:54 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Superfish.B
712

avast!
Win32:Adware-gen [Adw]
2014.9-150223

AVG
Superfish.4d6
2016.0.3190

Bitdefender
Adware.Superfish.B
1.0.20.270

Dr.Web
Adware.Superfish.1
9.0.1.054

Emsisoft Anti-Malware
Adware.Superfish
8.15.02.23.12

ESET NOD32
Win32/Adware.SuperFish
9.11211

Fortinet FortiGate
Riskware/SuperFish
2/23/2015

F-Secure
Adware.Superfish.B
11.2015-23-02_2

G Data
Adware.Superfish
15.2.25

IKARUS anti.virus
AdWare.SuperFish
t3scan.1.8.6.0

K7 AntiVirus
Adware
13.197.15041

Malwarebytes
PUP.Optional.SuperFish
v2015.02.23.12

MicroWorld eScan
Adware.Superfish.B
16.0.0.162

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
PUP.Installer.Superfish
15.3.1.9

Sophos
Generic PUA LF
4.98

Trend Micro House Call
ADW_SUPERFISH
7.2.54

Trend Micro
ADW_SUPERFISH
10.465.23

File size:
135.8 KB (139,096 bytes)

Product version:
2.2.8.23

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\lenovo\visualdiscovery\vdwfpinstaller.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
7/28/2013 8:00:00 PM

Valid to:
7/27/2014 7:59:59 PM

Subject:
CN=Superfish Inc., O=Superfish Inc., L=Grandville, S=Michigan, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3E32431476CFB3E1F90955B25396A6F4

File PE Metadata
Compilation timestamp:
5/12/2014 12:56:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
1536:Cx0AX72cRG6K4/cu2jIoTzDnIpS3MRu/6CTTWWmNDzMb603jwXgnRK/UvYYvgdLS:GVXPGjvnIwOH+iF/UgY4JFQ5aVvS

Entry address:
0xAB78

Entry point:
E8, 8B, 5B, 00, 00, E9, A4, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C...
 
[+]

Entropy:
6.5678

Code size:
101 KB (103,424 bytes)

Remove vdwfpinstaller.exe - Powered by Reason Core Security