Threat Database Adware WAPageViewer Ads

WAPageViewer Ads

By GoldSparrow in Adware

Threat Scorecard

Popularity Rank: 8,345
Threat Level: 20 % (Normal)
Infected Computers: 8,259
First Seen: September 18, 2015
Last Seen: April 18, 2026
OS(es) Affected: Windows

The WAPageViewer program may be promoted to you as an advanced EPUB, MOBI and PDF file viewer, but it is adware that might redirect you to phishing pages and slow down your PC. Security investigators report that the WAPageViewer adware may add a scheduled task in Windows named VSProtect to ensure its operations when you log on. Additionally, the WAPageViewer adware may change your DNS and proxy settings to reroute your Internet traffic through the servers of advertisers. The WAPageViewer adware might show pop-up and pop-under windows to promote third-party software like OfferMosquito and PlusHD. As stated above, the WAPageViewer adware may appear as VSProtect and attach a plug-in to your Internet browsers. The WAPageViewer name is just a front for the Visual Protect Service that would work in your Windows background and may block the native ads on Amazon, Best Buy and eBay. Computer users should note that the adware-powered Visual Protect Service process may utilize Web storage data, session cookies and read your Internet browsing history to facilitate the display of related marketing content. The WAPageViewer adware could be found in the Program Files directory and may have a separate auto-recovery module installed in the hidden AppData folder to make its manual removal difficult for users. The assistance of a reputable anti-spyware solution can purge the WAPageViewer adware and its associated files securely.

Analysis Report

General information

Family Name: Adware.DealPly.AAI
Signature status: No Signature

Known Samples

MD5: 51333bd7eeeea7534294e8e6aea12e73
SHA1: 0fc09675cc93efbaff9c3f9bfeece803a0074d3b
File Size: 2.16 MB, 2159104 bytes
MD5: ae2662e1eafa59f46cc57049f88b4347
SHA1: 2fa54f78f6b244f24b986e80fe4e7ce6657cccb9
File Size: 2.00 MB, 2000384 bytes
MD5: 6b0d164368012e3ac1babc2b05d1a0cb
SHA1: 2e88d33300a3ca251398a7fa01c321e15f92ca51
SHA256: FFE1046A9F0348DCC6683C3C55B7B92296DC92DBC5443516F20AC1D1C7EF3C30
File Size: 2.16 MB, 2163712 bytes
MD5: 7a25c685e80b28dbdd74c12ffe4e6cdc
SHA1: 3537963759d8967fb319a1aee857c7d427ddc718
SHA256: D856F5761F6E79BD12347D11050D112A56ACFD3F150C9E3616EB232DD1237E31
File Size: 2.15 MB, 2153984 bytes
MD5: e4d9a26b2b744c2c32d007e6fb1d2901
SHA1: ddb55fb8072027611cbf42746d6e5def45a3bb0d
SHA256: 7A57F26F62C119455BC5A6363BB9370110C0F8AE4B5AB1D94BD0B3706BCEA274
File Size: 2.15 MB, 2152960 bytes
Show More
MD5: af749fdb4c364d4bb49b5f3a305d4003
SHA1: 5cebaa444fc694b08a556977c06b4b7f33dd9b93
SHA256: 6F86976BB10A71F7D57D41CDB487A80E125102F56048C1DFC36D3069A9F44005
File Size: 2.15 MB, 2151424 bytes
MD5: 7536d0f41dd93f20240a6844cd32bcb2
SHA1: fb1d65fa8ae060649f972ca0bb1292aa97230c93
SHA256: 347F2857ECCBCD47F9E046760219B2109165864A301B0D897C548C3DF9475542
File Size: 1.96 MB, 1961984 bytes
MD5: f0522afc7d593dbca7bb3aa5f067cd42
SHA1: 81bfe248041534d39fd342515a79ef1d2970d21b
SHA256: 891FF844CDA7DE036A25398FFC69996204A355B65683AB5662E3194AAE5611BC
File Size: 1.98 MB, 1976832 bytes
MD5: a2251a447d0be5894b31919c9afb0b7f
SHA1: f5094aa6f8f20eb27115f6277876dd20681361f4
SHA256: CCEC0B7D66F04571213B1FECA56ED8F1D7ACA46D68B632A8D3908DA43AEFBFC6
File Size: 2.15 MB, 2152448 bytes
MD5: 8bec2dccf638ba4e452f3c76930e1000
SHA1: 231906b4d26ebffd1d9b0c286776ac85d4a4a06e
SHA256: 0DF1B40F57E926F2FE95C233AE62ADCF44CFE41428A1B5D95B03C789C5D39590
File Size: 1.96 MB, 1963520 bytes
MD5: 1cf72d192a8f6e014720b72b4c93aab2
SHA1: b195f14f3659d59d868cefdfe33359b488c3bde2
SHA256: 1BC1CE5E63D9FB42006CB8A2D6C0B05A8489CD61922CC51DBA40E02066AAF249
File Size: 1.99 MB, 1988608 bytes
MD5: c57bbfce54a8fb33dbacfcc4da8c878a
SHA1: 9b754b195a8802fbdd99836cb508c2c6d61d97f9
SHA256: 7E9998250620B762105BB5850BA2BAFB0EB23231FCD90D02BD48F1215CCECCBD
File Size: 2.13 MB, 2125312 bytes
MD5: 55b3c3084cd67b579ff244b46d9224b2
SHA1: ff2e7b48d0ff21cb724eb88cfc619301a1af6801
SHA256: 06FBBC2C343FDCCE0AA6C6708D04F21C4710600699EB1D880E620C3B5158C1F8
File Size: 1.98 MB, 1981440 bytes
MD5: f88f0cc7b6ff55a2c5c77b076154ad9a
SHA1: 482861a757de7f51d8c2a28ddee326df5b131a97
SHA256: 5D8A45C3103299CBFC46473974A1C5393A7A577F2F079B8F68FFC8701BE2FB4B
File Size: 2.14 MB, 2138624 bytes
MD5: 2a34e64160c4abddc01acab092da3c33
SHA1: 266acf167761f064d3b4add5c33b6031a1a7b8c7
SHA256: EB498B69CF90F6283B9FCF5C1F4AEE860573F39F7CDEB7DD7E00F4676CC816F5
File Size: 1.98 MB, 1978880 bytes
MD5: 3160c554ee32f53be57fe86f05d1cf45
SHA1: 9366b02c54a8a19c9c8963a92c49f9ec8b8c3d25
SHA256: E3FF4B784C726A9DD12765230C1F06AB9528696DFBEA10EC954B76AB63C4A1A1
File Size: 2.16 MB, 2161152 bytes
MD5: 09b0deaa3cdf3479ce8cf8c6a9d7198b
SHA1: ba64022176e8f1ea636a9d893d43063c065fe1f3
SHA256: CA1D515EC1D4B5103E8E176D26CFCEF536B445C45E5104C5966A38FEF116B2F8
File Size: 2.11 MB, 2111488 bytes
MD5: b5e97fae648e151189970a611ea3358c
SHA1: 3107183892257c4c96fd9864970a177befae350a
SHA256: E1EBB5331C00939D31FEF394485747B9B52633FD1CD437D280EAEAEB7C9EA29C
File Size: 2.12 MB, 2124288 bytes
MD5: f73218065a5a9b09e4d774fc428e390b
SHA1: ca2eb1396df62e774d37f46737f1fd6f64429110
SHA256: A3C5EB4D951A4CE14F5B8F8130E8EB91E16063049D1CD166B4BF96B7B466E40C
File Size: 1.96 MB, 1962496 bytes
MD5: 0a6e3da3e7e146faa9156c733bdaa01b
SHA1: c0dbe956b493a18dafa02eb529d30e5535a4cc88
SHA256: 69368417D2810C0313A2299FBF07AD1CE9E7629C039B16B61BF9751EC1E355F3
File Size: 1.98 MB, 1980928 bytes
MD5: be0a65275f73fd0035211cefe6ecad51
SHA1: f17a06f6eed47d07cace36816f45651169122156
SHA256: 6E771EACF5B4C28C1FB4D99CA856D3389E90015E6937F9407F32BD8AB091A9C1
File Size: 1.97 MB, 1970688 bytes
MD5: 1846d452c683eab1400c30d65c0d2b01
SHA1: 24ff16e6f3ea0cfc0e99ad7bd5ecd9b3a7f208bb
SHA256: A6C26476D5521B04F3FE17757618A41A24D79645FD60EDA4B575286AF7030C60
File Size: 1.97 MB, 1965056 bytes
MD5: 33e98dca160064abc2d7e676aafeafbc
SHA1: a2dce735ece09b40ab2849e3e6575c68b2d62dde
SHA256: 9DBB7F1F69533149AF92903246ACD5C2F98D2ABEFBAEC8BD32C742C54BA5DFFA
File Size: 1.99 MB, 1990144 bytes
MD5: 5a5abbb52fdec5e41b1a557432040391
SHA1: 26d7810378f515e2be8c58bd40947dfa5f09b6ee
SHA256: C20D5928A4F4D20A53D8FBC799EA8B2F0686D70DCE3A5237C158FC15AC28FCDE
File Size: 1.99 MB, 1988096 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • Bahopope Software
  • Begefu Software Ltd.
  • Boticotodab
  • Cacomo Ltd.
  • Cemelecomap
  • Decedilab Software Ltd.
  • Gakuf
  • Latate Ltd.
  • Lucoke
  • Nehote
Show More
  • Pahunopo
  • Pamok Software Ltd.
File Description
  • Kanac Letufehu
  • Rareh
  • Rarima
  • Somun
  • Tagakabu Peciseb
File Version
  • 3.4.27.51
  • 3.4.3.57
  • 3.3.40.88
  • 2.7.12.21
  • 2.5.41.30
  • 2.5.19.53
  • 1.8.32.1
  • 1.6.28.13
  • 1.5.6.28
  • 1.3.44.58
Show More
  • 1.3.23.97
  • 1.2.26.28
Internal Name
  • cefafokupog
  • CitoLudik
  • CoheceSodoni
  • hacile
  • Kolon
  • Pocita
  • Raba
  • Racoce
  • SabopopHonece
  • Socege
Show More
  • terokaritudur
  • Todadil
Legal Copyright
  • Cacomo Ltd. 2011-2016 All Rights Reserved
  • Cemelecomap All Rights Reserved
  • Copyright 2010-2017
  • Copyright 2011-2015 All Rights Reserved
  • Copyright All Rights Reserved
  • Copyright © 2009-2016 All Rights Reserved
  • Latate Ltd. 2012-2016 All Rights Reserved
Legal Trademarks
  • 2012-2016
  • Boticotodab trademark 2011-2017
  • Gakuf trademark 2009-2017
  • Lucoke trademark
Original Filename
  • cefafokupog.exe
  • CitoLudik.exe
  • CoheceSodoni.exe
  • hacile.exe
  • Kolon.exe
  • PocitaBonibe.exe
  • Raba.exe
  • racoceneluka.exe
  • SabopopHonece.exe
  • socegekegugas.exe
Show More
  • terokaritudur.exe
  • Todadil.exe
Product Name
  • Cibubume
  • Dofot Sinosodek Kamo
  • Faleher Debopupa 27
  • Gatoce Lakup 16
  • Kehub
  • Lotohodit Bikugab Tapadas
  • Mecesope 86
  • Pusered 71 Meman
  • Sarerucoh Mege
  • Sigafodal 7 Gahalatol
Show More
  • Tahelesa Rusobako 80 Kagamod
  • Torukoho Sefuril 6
Product Version
  • 3.8.12.13
  • 3.7.33.76
  • 3.6.32.94
  • 3.3.45.5
  • 3.1.41.33
  • 2.9.32.31
  • 2.4.34.74
  • 2.1.28.51
  • 1.7.28.38
  • 1.7.6.98
Show More
  • 1.3.34.18
  • 1.3.18.61

File Traits

  • 2+ executable sections
  • No Version Info
  • VirtualQueryEx
  • x86

Block Information

Total Blocks: 5,611
Potentially Malicious Blocks: 1
Whitelisted Blocks: 5,582
Unknown Blocks: 28

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Banker.AM
  • Banker.RF
  • DealPly.AS
  • DealPly.ASB
  • Delf.OD
Show More
  • Delf.ODB
  • Filecoder.RR
  • Installmonstr.EC
  • MSIL.Agent.FG
  • MyDoom.A

Windows API Usage

Category API
User Data Access
  • GetUserObjectInformation

Trending

Most Viewed

Loading...