wpnfd_1_10_0_6.sys

Word Proser Driver x64

Wordprosers LLC

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The file wpnfd_1_10_0_6.sys by Wordprosers has been detected as adware by 5 anti-malware scanners.
Publisher:
Word Proser  (signed by Wordprosers LLC)

Product:
Word Proser Driver x64

Version:
1.10.0.6

MD5:
7c31785de6e928007984bf9faecb60b6

SHA-1:
640735a096e4ea45d7a3a2b24cc96a5258181ee7

SHA-256:
865889d4f0b4c8ad6526f19f6629a371f420a353f011bf741ea61b8dbeae9f78

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
12/24/2024 11:56:08 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AVG
Wordproser
2016.0.3235

Dr.Web
Adware.Plugin.274
9.0.1.05190

Kaspersky
not-a-virus:AdWare.Win64.Vitruvian
15.0.0.543

Panda Antivirus
Generic Suspicious
15.01.08.02

Reason Heuristics
PUP.Wordprosers.R
15.1.8.12

File size:
56.9 KB (58,240 bytes)

Product version:
1.10.0.6

Copyright:
Copyright (C) 2015

Original file name:
wpnfd.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\wpnfd_1_10_0_6.sys

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
6/30/2014 4:58:57 PM

Valid to:
6/30/2016 4:58:57 PM

Subject:
E=support@wordproser.com, CN=Wordprosers LLC, O=Wordprosers LLC, L=La Jolla, S=CA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112185C82DF38C3E8058F8A898AF88A5B351

File PE Metadata
Compilation timestamp:
8/22/2012 1:34:56 AM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
8.0

CTPH (ssdeep):
1536:XiBIL6sCyo5oIUo0I77nPaXq4Fs+hMeGlDOtcRnfow:SC6sCysD7L+Fs+hYOtcRnfH

Entry address:
0x10008

Entry point:
48, 8B, 05, F1, D0, FF, FF, 49, B9, 32, A2, DF, 2D, 99, 2B, 00, 00, 48, 85, C0, 74, 05, 49, 3B, C1, 75, 2F, 4C, 8D, 05, D6, D0, FF, FF, 48, B8, 20, 03, 00, 00, 80, F7, FF, FF, 48, 8B, 00, 49, 33, C0, 49, B8, FF, FF, FF, FF, FF, FF, 00, 00, 49, 23, C0, 49, 0F, 44, C1, 48, 89, 05, AE, D0, FF, FF, 48, F7, D0, 48, 89, 05, AC, D0, FF, FF, E9, DB, B0, FF, FF, CC, CC, CC, B0, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, B4, 04, 01, 00, 10, C0, 00, 00, A0, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, D6, 04, 01, 00...
 
[+]

Code size:
44 KB (45,056 bytes)

Remove wpnfd_1_10_0_6.sys - Powered by Reason Core Security