» wpnfd.sys
Overview
Analysis
File Details
Behaviors (1)

wpnfd.sys

Word Proser Driver x64

Wordprosers LLC

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The file wpnfd.sys by Wordprosers has been detected as adware by 10 anti-malware scanners. It runs as a Windows 64-bit kernel mode device driver named “wpnfd”.

File name:

wpnfd.sys

Publisher:

Word Proser (signed by Wordprosers LLC)

Product:

Word Proser Driver x64

Version:

1.9.0.7

MD5:

23b70f71debec2a59e1c2c1d1c2016a1

SHA-1:

9f560eece18c5105b952a17976448cf83684a977

SHA-256:

a9907086b552be3afe0dbaaef7f736d0b0549bf1513833e84ae942d3aea4d816

Scanner detections:

10 / 68

Status:

Adware

Analysis date:

11/5/2024 4:34:35 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Wordproser

2016.0.3108

Bkav FE

W64.HfsAdware

1.3.0.6379

Dr.Web

Adware.Plugin.274

9.0.1.05190

ESET NOD32

Win64/NetFilter.A potentially unsafe application

7.0.302.0

Fortinet FortiGate

Adware/Vitruvian

5/15/2015

herdProtect (fuzzy)

variant of ccnfd_1_10_0_2.sys (Adware)

2015.8.12.9

Kaspersky

not-a-virus:AdWare.Win64.Vitruvian

15.0.0.543

Panda Antivirus

Generic Suspicious

15.05.15.01

Reason Heuristics

Threat.InfoAtoms.Wordprosers

15.5.15.9

File size:

56.9 KB (58,240 bytes)

Product version:

1.9.0.7

Original file name:

wpnfd.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\wpnfd.sys

Digital Signature

Signed by:

Wordprosers LLC

Authority:

GlobalSign nv-sa

Valid from:

6/30/2014 8:58:57 AM

Valid to:

6/30/2016 8:58:57 AM

Subject:

E=support@wordproser.com, CN=Wordprosers LLC, O=Wordprosers LLC, L=La Jolla, S=CA, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112185C82DF38C3E8058F8A898AF88A5B351

File PE Metadata

Compilation timestamp:

8/21/2012 5:34:56 PM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

8.0

CTPH (ssdeep):

1536:wiBIL6sCyo5oIUo0I77nPaXq4Fs+hMeGlDOtcRnhI4h:VC6sCysD7L+Fs+hYOtcRnhjh

Entry address:

0x10008

Entry point:

48, 8B, 05, F1, D0, FF, FF, 49, B9, 32, A2, DF, 2D, 99, 2B, 00, 00, 48, 85, C0, 74, 05, 49, 3B, C1, 75, 2F, 4C, 8D, 05, D6, D0, FF, FF, 48, B8, 20, 03, 00, 00, 80, F7, FF, FF, 48, 8B, 00, 49, 33, C0, 49, B8, FF, FF, FF, FF, FF, FF, 00, 00, 49, 23, C0, 49, 0F, 44, C1, 48, 89, 05, AE, D0, FF, FF, 48, F7, D0, 48, 89, 05, AC, D0, FF, FF, E9, DB, B0, FF, FF, CC, CC, CC, B0, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, B4, 04, 01, 00, 10, C0, 00, 00, A0, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, D6, 04, 01, 00... 
[+]

Entropy:

6.3826

Code size:

44 KB (45,056 bytes)

Driver

Display name:

wpnfd

Type:

Kernel device driver (KernelDriver)

Group:

PNP_TDI

Remove wpnfd.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.