WAPageViewer Ads
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 8,345 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 8,259 |
| First Seen: | September 18, 2015 |
| Last Seen: | April 18, 2026 |
| OS(es) Affected: | Windows |
The WAPageViewer program may be promoted to you as an advanced EPUB, MOBI and PDF file viewer, but it is adware that might redirect you to phishing pages and slow down your PC. Security investigators report that the WAPageViewer adware may add a scheduled task in Windows named VSProtect to ensure its operations when you log on. Additionally, the WAPageViewer adware may change your DNS and proxy settings to reroute your Internet traffic through the servers of advertisers. The WAPageViewer adware might show pop-up and pop-under windows to promote third-party software like OfferMosquito and PlusHD. As stated above, the WAPageViewer adware may appear as VSProtect and attach a plug-in to your Internet browsers. The WAPageViewer name is just a front for the Visual Protect Service that would work in your Windows background and may block the native ads on Amazon, Best Buy and eBay. Computer users should note that the adware-powered Visual Protect Service process may utilize Web storage data, session cookies and read your Internet browsing history to facilitate the display of related marketing content. The WAPageViewer adware could be found in the Program Files directory and may have a separate auto-recovery module installed in the hidden AppData folder to make its manual removal difficult for users. The assistance of a reputable anti-spyware solution can purge the WAPageViewer adware and its associated files securely.
Table of Contents
Analysis Report
General information
| Family Name: | Adware.DealPly.AAI |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
51333bd7eeeea7534294e8e6aea12e73
SHA1:
0fc09675cc93efbaff9c3f9bfeece803a0074d3b
File Size:
2.16 MB, 2159104 bytes
|
|
MD5:
ae2662e1eafa59f46cc57049f88b4347
SHA1:
2fa54f78f6b244f24b986e80fe4e7ce6657cccb9
File Size:
2.00 MB, 2000384 bytes
|
|
MD5:
6b0d164368012e3ac1babc2b05d1a0cb
SHA1:
2e88d33300a3ca251398a7fa01c321e15f92ca51
SHA256:
FFE1046A9F0348DCC6683C3C55B7B92296DC92DBC5443516F20AC1D1C7EF3C30
File Size:
2.16 MB, 2163712 bytes
|
|
MD5:
7a25c685e80b28dbdd74c12ffe4e6cdc
SHA1:
3537963759d8967fb319a1aee857c7d427ddc718
SHA256:
D856F5761F6E79BD12347D11050D112A56ACFD3F150C9E3616EB232DD1237E31
File Size:
2.15 MB, 2153984 bytes
|
|
MD5:
e4d9a26b2b744c2c32d007e6fb1d2901
SHA1:
ddb55fb8072027611cbf42746d6e5def45a3bb0d
SHA256:
7A57F26F62C119455BC5A6363BB9370110C0F8AE4B5AB1D94BD0B3706BCEA274
File Size:
2.15 MB, 2152960 bytes
|
Show More
|
MD5:
af749fdb4c364d4bb49b5f3a305d4003
SHA1:
5cebaa444fc694b08a556977c06b4b7f33dd9b93
SHA256:
6F86976BB10A71F7D57D41CDB487A80E125102F56048C1DFC36D3069A9F44005
File Size:
2.15 MB, 2151424 bytes
|
|
MD5:
7536d0f41dd93f20240a6844cd32bcb2
SHA1:
fb1d65fa8ae060649f972ca0bb1292aa97230c93
SHA256:
347F2857ECCBCD47F9E046760219B2109165864A301B0D897C548C3DF9475542
File Size:
1.96 MB, 1961984 bytes
|
|
MD5:
f0522afc7d593dbca7bb3aa5f067cd42
SHA1:
81bfe248041534d39fd342515a79ef1d2970d21b
SHA256:
891FF844CDA7DE036A25398FFC69996204A355B65683AB5662E3194AAE5611BC
File Size:
1.98 MB, 1976832 bytes
|
|
MD5:
a2251a447d0be5894b31919c9afb0b7f
SHA1:
f5094aa6f8f20eb27115f6277876dd20681361f4
SHA256:
CCEC0B7D66F04571213B1FECA56ED8F1D7ACA46D68B632A8D3908DA43AEFBFC6
File Size:
2.15 MB, 2152448 bytes
|
|
MD5:
8bec2dccf638ba4e452f3c76930e1000
SHA1:
231906b4d26ebffd1d9b0c286776ac85d4a4a06e
SHA256:
0DF1B40F57E926F2FE95C233AE62ADCF44CFE41428A1B5D95B03C789C5D39590
File Size:
1.96 MB, 1963520 bytes
|
|
MD5:
1cf72d192a8f6e014720b72b4c93aab2
SHA1:
b195f14f3659d59d868cefdfe33359b488c3bde2
SHA256:
1BC1CE5E63D9FB42006CB8A2D6C0B05A8489CD61922CC51DBA40E02066AAF249
File Size:
1.99 MB, 1988608 bytes
|
|
MD5:
c57bbfce54a8fb33dbacfcc4da8c878a
SHA1:
9b754b195a8802fbdd99836cb508c2c6d61d97f9
SHA256:
7E9998250620B762105BB5850BA2BAFB0EB23231FCD90D02BD48F1215CCECCBD
File Size:
2.13 MB, 2125312 bytes
|
|
MD5:
55b3c3084cd67b579ff244b46d9224b2
SHA1:
ff2e7b48d0ff21cb724eb88cfc619301a1af6801
SHA256:
06FBBC2C343FDCCE0AA6C6708D04F21C4710600699EB1D880E620C3B5158C1F8
File Size:
1.98 MB, 1981440 bytes
|
|
MD5:
f88f0cc7b6ff55a2c5c77b076154ad9a
SHA1:
482861a757de7f51d8c2a28ddee326df5b131a97
SHA256:
5D8A45C3103299CBFC46473974A1C5393A7A577F2F079B8F68FFC8701BE2FB4B
File Size:
2.14 MB, 2138624 bytes
|
|
MD5:
2a34e64160c4abddc01acab092da3c33
SHA1:
266acf167761f064d3b4add5c33b6031a1a7b8c7
SHA256:
EB498B69CF90F6283B9FCF5C1F4AEE860573F39F7CDEB7DD7E00F4676CC816F5
File Size:
1.98 MB, 1978880 bytes
|
|
MD5:
3160c554ee32f53be57fe86f05d1cf45
SHA1:
9366b02c54a8a19c9c8963a92c49f9ec8b8c3d25
SHA256:
E3FF4B784C726A9DD12765230C1F06AB9528696DFBEA10EC954B76AB63C4A1A1
File Size:
2.16 MB, 2161152 bytes
|
|
MD5:
09b0deaa3cdf3479ce8cf8c6a9d7198b
SHA1:
ba64022176e8f1ea636a9d893d43063c065fe1f3
SHA256:
CA1D515EC1D4B5103E8E176D26CFCEF536B445C45E5104C5966A38FEF116B2F8
File Size:
2.11 MB, 2111488 bytes
|
|
MD5:
b5e97fae648e151189970a611ea3358c
SHA1:
3107183892257c4c96fd9864970a177befae350a
SHA256:
E1EBB5331C00939D31FEF394485747B9B52633FD1CD437D280EAEAEB7C9EA29C
File Size:
2.12 MB, 2124288 bytes
|
|
MD5:
f73218065a5a9b09e4d774fc428e390b
SHA1:
ca2eb1396df62e774d37f46737f1fd6f64429110
SHA256:
A3C5EB4D951A4CE14F5B8F8130E8EB91E16063049D1CD166B4BF96B7B466E40C
File Size:
1.96 MB, 1962496 bytes
|
|
MD5:
0a6e3da3e7e146faa9156c733bdaa01b
SHA1:
c0dbe956b493a18dafa02eb529d30e5535a4cc88
SHA256:
69368417D2810C0313A2299FBF07AD1CE9E7629C039B16B61BF9751EC1E355F3
File Size:
1.98 MB, 1980928 bytes
|
|
MD5:
be0a65275f73fd0035211cefe6ecad51
SHA1:
f17a06f6eed47d07cace36816f45651169122156
SHA256:
6E771EACF5B4C28C1FB4D99CA856D3389E90015E6937F9407F32BD8AB091A9C1
File Size:
1.97 MB, 1970688 bytes
|
|
MD5:
1846d452c683eab1400c30d65c0d2b01
SHA1:
24ff16e6f3ea0cfc0e99ad7bd5ecd9b3a7f208bb
SHA256:
A6C26476D5521B04F3FE17757618A41A24D79645FD60EDA4B575286AF7030C60
File Size:
1.97 MB, 1965056 bytes
|
|
MD5:
33e98dca160064abc2d7e676aafeafbc
SHA1:
a2dce735ece09b40ab2849e3e6575c68b2d62dde
SHA256:
9DBB7F1F69533149AF92903246ACD5C2F98D2ABEFBAEC8BD32C742C54BA5DFFA
File Size:
1.99 MB, 1990144 bytes
|
|
MD5:
5a5abbb52fdec5e41b1a557432040391
SHA1:
26d7810378f515e2be8c58bd40947dfa5f09b6ee
SHA256:
C20D5928A4F4D20A53D8FBC799EA8B2F0686D70DCE3A5237C158FC15AC28FCDE
File Size:
1.99 MB, 1988096 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has exports table
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name |
Show More
|
| File Description |
|
| File Version |
Show More
|
| Internal Name |
Show More
|
| Legal Copyright |
|
| Legal Trademarks |
|
| Original Filename |
Show More
|
| Product Name |
Show More
|
| Product Version |
Show More
|
File Traits
- 2+ executable sections
- No Version Info
- VirtualQueryEx
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 5,611 |
|---|---|
| Potentially Malicious Blocks: | 1 |
| Whitelisted Blocks: | 5,582 |
| Unknown Blocks: | 28 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Banker.AM
- Banker.RF
- DealPly.AS
- DealPly.ASB
- Delf.OD
Show More
- Delf.ODB
- Filecoder.RR
- Installmonstr.EC
- MSIL.Agent.FG
- MyDoom.A
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| User Data Access |
|
