wpnfd_1_10_0_5.sys

Word Proser Driver x86

Wordprosers LLC

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The file wpnfd_1_10_0_5.sys by Wordprosers has been detected as adware by 13 anti-malware scanners. It runs as a Windows kernel mode device driver named “wpnfd_1_10_0_5”.
Publisher:
Word Proser  (signed by Wordprosers LLC)

Product:
Word Proser Driver x86

Version:
1.10.0.5

MD5:
5d99ffbc131bedc1e80e1584d0000ac8

SHA-1:
5a908c5bd105b898fe92e570caab0becc0d710ba

SHA-256:
49e9523a0b4171a5e58afcab744ea73a7d57dfeca3c3e176713c443f8f8d2b2d

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
12/25/2024 12:25:47 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Popad
7.1.1

AVG
Wordproser
2015.0.3255

Dr.Web
Adware.Popad.10
9.0.1.0354

Fortinet FortiGate
Adware/Vitruvian
12/20/2014

IKARUS anti.virus
AdWare.Vitruvian
t3scan.1.8.5.0

Kaspersky
not-a-virus:AdWare.Win64.Vitruvian
14.0.0.2770

Malwarebytes
PUP.Optional.WordProser.A
v2014.12.20.01

McAfee
Artemis!5D99FFBC131B
5600.6911

Panda Antivirus
Generic Suspicious
14.12.20.01

Qihoo 360 Security
HEUR/QVM00.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Wordprosers.R
14.12.20.1

Trend Micro House Call
Suspicious_GEN.F47V1219
7.2.354

Vba32 AntiVirus
AdWare.Vitruvian
3.12.26.3

File size:
51.5 KB (52,736 bytes)

Product version:
1.10.0.5

Copyright:
Copyright (C) 2014

Original file name:
wpnfd.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\wpnfd_1_10_0_5.sys

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
6/30/2014 2:58:57 PM

Valid to:
6/30/2016 2:58:57 PM

Subject:
E=support@wordproser.com, CN=Wordprosers LLC, O=Wordprosers LLC, L=La Jolla, S=CA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112185C82DF38C3E8058F8A898AF88A5B351

File PE Metadata
Compilation timestamp:
8/21/2012 11:34:53 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
8.0

CTPH (ssdeep):
768:VA47urAd7AVbTXO2vZd1VjXjurCIDaCCepa+ez8oc3fzg5C5Etb23in:O47ue7ITew1JXCrdDqe43cPkU+tJn

Entry address:
0xA085

Entry point:
8B, FF, 55, 8B, EC, A1, 00, 8C, 01, 00, 85, C0, B9, 4E, E6, 40, BB, 74, 04, 3B, C1, 75, 1E, 8B, 15, 08, 8B, 01, 00, B8, 00, 8C, 01, 00, C1, E8, 08, 33, 02, A3, 00, 8C, 01, 00, 75, 07, 8B, C1, A3, 00, 8C, 01, 00, F7, D0, A3, 04, 8C, 01, 00, 5D, E9, 51, E7, FF, FF, CC, 2C, A1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A8, A4, 00, 00, 94, 8A, 00, 00, 18, A1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, DE, A4, 00, 00, 80, 8A, 00, 00, 24, A1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FA, A4, 00, 00, 8C, 8A, 00, 00, 00...
 
[+]

Entropy:
6.2954

Code size:
34.8 KB (35,584 bytes)

Driver
Display name:
wpnfd_1_10_0_5

Type:
Kernel device driver (KernelDriver)

Group:
PNP_TDI


Remove wpnfd_1_10_0_5.sys - Powered by Reason Core Security