wpnfd.sys

Word Proser Driver x64

Wordprosers LLC

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The file wpnfd.sys by Wordprosers has been detected as adware by 10 anti-malware scanners. It runs as a Windows 64-bit kernel mode device driver named “wpnfd”.
Publisher:
Word Proser  (signed by Wordprosers LLC)

Product:
Word Proser Driver x64

Version:
1.9.0.7

MD5:
23b70f71debec2a59e1c2c1d1c2016a1

SHA-1:
9f560eece18c5105b952a17976448cf83684a977

SHA-256:
a9907086b552be3afe0dbaaef7f736d0b0549bf1513833e84ae942d3aea4d816

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
12/25/2024 12:04:24 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Wordproser
2016.0.3108

Bkav FE
W64.HfsAdware
1.3.0.6379

Dr.Web
Adware.Plugin.274
9.0.1.05190

ESET NOD32
Win64/NetFilter.A potentially unsafe application
7.0.302.0

Fortinet FortiGate
Adware/Vitruvian
5/15/2015

herdProtect (fuzzy)
2015.8.12.9

Kaspersky
not-a-virus:AdWare.Win64.Vitruvian
15.0.0.543

Panda Antivirus
Generic Suspicious
15.05.15.01

Reason Heuristics
Threat.InfoAtoms.Wordprosers
15.5.15.9

File size:
56.9 KB (58,240 bytes)

Product version:
1.9.0.7

Copyright:
Copyright (C) 2014

Original file name:
wpnfd.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\wpnfd.sys

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
6/30/2014 8:58:57 AM

Valid to:
6/30/2016 8:58:57 AM

Subject:
E=support@wordproser.com, CN=Wordprosers LLC, O=Wordprosers LLC, L=La Jolla, S=CA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112185C82DF38C3E8058F8A898AF88A5B351

File PE Metadata
Compilation timestamp:
8/21/2012 5:34:56 PM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
8.0

CTPH (ssdeep):
1536:wiBIL6sCyo5oIUo0I77nPaXq4Fs+hMeGlDOtcRnhI4h:VC6sCysD7L+Fs+hYOtcRnhjh

Entry address:
0x10008

Entry point:
48, 8B, 05, F1, D0, FF, FF, 49, B9, 32, A2, DF, 2D, 99, 2B, 00, 00, 48, 85, C0, 74, 05, 49, 3B, C1, 75, 2F, 4C, 8D, 05, D6, D0, FF, FF, 48, B8, 20, 03, 00, 00, 80, F7, FF, FF, 48, 8B, 00, 49, 33, C0, 49, B8, FF, FF, FF, FF, FF, FF, 00, 00, 49, 23, C0, 49, 0F, 44, C1, 48, 89, 05, AE, D0, FF, FF, 48, F7, D0, 48, 89, 05, AC, D0, FF, FF, E9, DB, B0, FF, FF, CC, CC, CC, B0, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, B4, 04, 01, 00, 10, C0, 00, 00, A0, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, D6, 04, 01, 00...
 
[+]

Entropy:
6.3826

Code size:
44 KB (45,056 bytes)

Driver
Display name:
wpnfd

Type:
Kernel device driver (KernelDriver)

Group:
PNP_TDI


Remove wpnfd.sys - Powered by Reason Core Security