home

WordProserClientIE.dll

Word Proser Client BHO x64

Wordprosers LLC

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The module WordProserClientIE.dll by Wordprosers has been detected as adware by 14 anti-malware scanners.
Publisher:
Word Proser  (signed by Wordprosers LLC)

Product:
Word Proser Client BHO x64

Version:
1.10.0.2

MD5:
42ee2738a6d3128e7336ee4b0e438961

SHA-1:
ac20e1bf33265bb62be21277f842ddc8ed6e0556

SHA-256:
066cdc7781b414457547e0225fcdf263558c333dab2a273c4d8267ddf7910980

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
1/24/2025 5:19:16 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Vitruvian.B
810

AVG
Wordproser
2015.0.3297

Baidu Antivirus
Adware.Win64.Vitruvian
4.0.3.141117

Bitdefender
Adware.Vitruvian.B
1.0.20.1605

Emsisoft Anti-Malware
Adware.Vitruvian
8.14.11.17.09

ESET NOD32
Win64/Adware.Vitruvian (variant)
8.10675

F-Secure
Adware.Vitruvian.B
11.2014-17-11_2

G Data
Adware.Vitruvian
14.11.24

IKARUS anti.virus
AdWare.Vitruvian
t3scan.1.8.3.0

Malwarebytes
PUP.Optional.WordProser.A
v2014.11.08.04

MicroWorld eScan
Adware.Vitruvian.B
15.0.0.963

nProtect
Adware.Vitruvian.B
14.10.14.01

Reason Heuristics
PUP.Wordprosers.S
14.11.20.9

VIPRE Antivirus
InfoAtoms
32470

File size:
177.6 KB (181,840 bytes)

Product version:
1.10.0.2

Copyright:
Copyright (C) 2014

Original file name:
WordProserClientIE.dll

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\Program Files\wordproser_1.10.0.2\ie\wordproserclientie.dll

Digital Signature
Signed by:
Wordprosers LLC

Authority:
GlobalSign nv-sa

Valid from:
6/30/2014 8:58:57 AM

Valid to:
6/30/2016 8:58:57 AM

Subject:
E=support@wordproser.com, CN=Wordprosers LLC, O=Wordprosers LLC, L=La Jolla, S=CA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112185C82DF38C3E8058F8A898AF88A5B351

Registration
CLSID:
{3EBB5099-9732-48AE-B032-58B702D86EEC}

COM registered:
Yes

File PE Metadata
Compilation timestamp:
11/4/2014 12:55:05 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:SKuIDvuAZBJJ3rDKQ+oisDuP9h4T+ofngXQNM+cqHKFcZfKAGbpla6ovpIZvi:SKvuAnrDBmxPH4TJPgAy2acZfKAGPaIQ

Entry address:
0xF0F4

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, D3, 55, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 00, A4, 01, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF...
 
[+]

Entropy:
5.8751

Code size:
95 KB (97,280 bytes)

Remove WordProserClientIE.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.