wpnfd_1_10_0_5.sys

Word Proser Driver x64

Wordprosers LLC

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The file wpnfd_1_10_0_5.sys by Wordprosers has been detected as adware by 5 anti-malware scanners. It runs as a Windows 64-bit kernel mode device driver named “wpnfd_1_10_0_5”.
Publisher:
Word Proser  (signed by Wordprosers LLC)

Product:
Word Proser Driver x64

Version:
1.10.0.5

MD5:
76856cd4c95f6be28e429e3a2ac5750d

SHA-1:
4d40c2980446b287f576e063ce36f4bb48784787

SHA-256:
4d80298388f8d304ff630ba4cd67fb2c2925e8301787f4b9a9555634c3f108c4

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
12/25/2024 12:30:07 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Wordproser
2015.0.3256

Dr.Web
Adware.Plugin.274
9.0.1.0352

Kaspersky
not-a-virus:AdWare.Win64.Vitruvian
14.0.0.2777

Panda Antivirus
Generic Suspicious
14.12.18.03

Reason Heuristics
PUP.Wordprosers.R
14.12.18.15

File size:
56.9 KB (58,240 bytes)

Product version:
1.10.0.5

Copyright:
Copyright (C) 2014

Original file name:
wpnfd.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\wpnfd_1_10_0_5.sys

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
6/30/2014 8:58:57 AM

Valid to:
6/30/2016 8:58:57 AM

Subject:
E=support@wordproser.com, CN=Wordprosers LLC, O=Wordprosers LLC, L=La Jolla, S=CA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112185C82DF38C3E8058F8A898AF88A5B351

File PE Metadata
Compilation timestamp:
8/21/2012 5:34:56 PM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
8.0

CTPH (ssdeep):
1536:9iBIL6sCyo5oIUo0I77nPaXq4Fs+hMeGlDOtcRngyy:wC6sCysD7L+Fs+hYOtcRngn

Entry address:
0x10008

Entry point:
48, 8B, 05, F1, D0, FF, FF, 49, B9, 32, A2, DF, 2D, 99, 2B, 00, 00, 48, 85, C0, 74, 05, 49, 3B, C1, 75, 2F, 4C, 8D, 05, D6, D0, FF, FF, 48, B8, 20, 03, 00, 00, 80, F7, FF, FF, 48, 8B, 00, 49, 33, C0, 49, B8, FF, FF, FF, FF, FF, FF, 00, 00, 49, 23, C0, 49, 0F, 44, C1, 48, 89, 05, AE, D0, FF, FF, 48, F7, D0, 48, 89, 05, AC, D0, FF, FF, E9, DB, B0, FF, FF, CC, CC, CC, B0, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, B4, 04, 01, 00, 10, C0, 00, 00, A0, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, D6, 04, 01, 00...
 
[+]

Entropy:
6.3816

Code size:
44 KB (45,056 bytes)

Driver
Display name:
wpnfd_1_10_0_5

Type:
Kernel device driver (KernelDriver)

Group:
PNP_TDI


Remove wpnfd_1_10_0_5.sys - Powered by Reason Core Security