itdrvr_vw_1_10_0_25.sys

IT WFP Driver x86

INTELLITERM

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The file itdrvr_vw_1_10_0_25.sys by INTELLITERM has been detected as adware by 7 anti-malware scanners. It runs as a Windows kernel mode device driver named “itdrvr_vw_1_10_0_25”.
Publisher:
IT  (signed by INTELLITERM)

Product:
IT WFP Driver x86

Version:
1.10.0.25

MD5:
27c4d885224ffbfa507410a8a3ca94fa

SHA-1:
0aabcafca6e15ab15993e252721f89718be93408

SHA-256:
ef31c1f486d7e337059b682e9f321875ceff59f867598b7c56426bf5fa016b7f

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
11/5/2024 6:55:58 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Arcabit
PUP.Adware.IntelliTerm.edr
1.0.0.567

AVG
Generic
2016.0.2972

ESET NOD32
Win32/NetFilter.A potentially unsafe (variant)
9.12296

Qihoo 360 Security
HEUR/QVM00.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.InfoAtoms.INTELLITERM (M)
15.9.28.17

SUPERAntiSpyware
Adware.Vitruvian/Variant
9602

File size:
47.4 KB (48,504 bytes)

Product version:
1.10.0.25

Copyright:
Copyright (C) 2015

Original file name:
netfilter2.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\itdrvr_vw_1_10_0_25.sys

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
9/4/2014 8:19:45 PM

Valid to:
9/4/2016 8:19:45 PM

Subject:
E=support@intellitermapp.com, CN=INTELLITERM, O=INTELLITERM, L=Dover, S=DE, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11211D1C7CC68CCF5A46EB25358287403126

File PE Metadata
Compilation timestamp:
6/11/2015 7:35:46 AM

OS version:
6.2

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
11.0

CTPH (ssdeep):
768:9TwWwOtI2RdX8jQDkBHPzcEro9xFQxwt+1nxZ16Z4USt0s2gpv:BzFyzQDkBvzc0sxFQxwt+1xyK6c

Entry address:
0x820C

Entry point:
8B, FF, 55, 8B, EC, E8, F0, 2D, 00, 00, 5D, E9, 18, E2, FF, FF, CC, CC, CC, CC, CC, CC, 3B, 0D, 14, A0, 40, 00, 75, 03, C2, 00, 00, E9, 06, 00, 00, 00, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 51, 89, 4D, FC, 6A, 02, 59, CD, 29, CC, CC, CC, CC, CC, CC, 6A, 08, 59, CD, 29, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, B8, 01, 00, 00, 00, C2, 10, 00, 4E, 00, 46, 00, 53, 00, 44, 00, 4B, 00, 20, 00, 46, 00, 6C, 00, 6F, 00, 77, 00, 20, 00, 45, 00, 73, 00, 74, 00, 61, 00, 62, 00, 6C, 00, 69, 00, 73, 00, 68, 00...
 
[+]

Code size:
33 KB (33,792 bytes)

Driver
Display name:
itdrvr_vw_1_10_0_25

Type:
Kernel device driver (KernelDriver)

Group:
PNP_TDI


Remove itdrvr_vw_1_10_0_25.sys - Powered by Reason Core Security