wpsvc.exe

Word Proser Client Service

Wordprosers LLC

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application wpsvc.exe by Wordprosers has been detected as adware by 24 anti-malware scanners.
Publisher:
Word Proser  (signed by Wordprosers LLC)

Product:
Word Proser Client Service

Version:
1.10.0.6

MD5:
9774b8a352319d8e1969eaff18709fc3

SHA-1:
4a227931c2fc5a281d7f831d327e65b847afa488

SHA-256:
8a71b936c8e19bb0a40981a0a8e29ac5fc5d4c05745991103dd6deb82c4f14f7

Scanner detections:
24 / 68

Status:
Adware

Analysis date:
12/25/2024 12:34:00 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Vitruvian.B
757

Agnitum Outpost
PUA.Vitruvian
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.200.12

AVG
Wordproser
2016.0.3235

Baidu Antivirus
Adware.Win32.Vitruvian
4.0.3.1518

Bitdefender
Adware.Vitruvian.B
1.0.20.40

Comodo Security
ApplicUnwnt
20073

Emsisoft Anti-Malware
Adware.Vitruvian
8.15.01.08.12

ESET NOD32
Win32/AdWare.Vitruvian (variant)
9.10675

Fortinet FortiGate
Riskware/Vitruvian
1/8/2015

F-Secure
Adware.Vitruvian.B
11.2015-08-01_5

G Data
Adware.Vitruvian
15.1.24

IKARUS anti.virus
PUA.Vitruvian
t3scan.1.8.3.0

Kaspersky
not-a-virus:AdWare.Win32.Vitruvian
14.0.0.2672

Malwarebytes
PUP.Optional.WordProser.A
v2015.01.08.12

MicroWorld eScan
Adware.Vitruvian.B
16.0.0.24

nProtect
Adware.Vitruvian.B
14.11.13.01

Panda Antivirus
Generic Suspicious
15.01.08.12

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Wordprosers.F
15.1.8.12

Sophos
Generic PUA KJ
4.98

Trend Micro House Call
Suspicious_GEN.F47V1015
7.2.8

Vba32 AntiVirus
AdWare.Vitruvian
3.12.26.3

VIPRE Antivirus
InfoAtoms
36472

File size:
271.1 KB (277,584 bytes)

Product version:
1.10.0.6

Copyright:
Copyright (C) 2015

Original file name:
wpsvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\wordproser_1.10.0.6\service\wpsvc.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
6/30/2014 4:58:57 PM

Valid to:
6/30/2016 4:58:57 PM

Subject:
E=support@wordproser.com, CN=Wordprosers LLC, O=Wordprosers LLC, L=La Jolla, S=CA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112185C82DF38C3E8058F8A898AF88A5B351

File PE Metadata
Compilation timestamp:
1/8/2015 12:44:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
3072:j2QKWxfCa20/vIrksRq2z8NnE5Q0tCT7nyGPeWDUpTFiLMA+VChJLCTBfYSUeooR:j/5skOI82yGJwVMLMA5TLCTBmBNNY11

Entry address:
0x21118

Entry point:
E8, 69, 56, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56, 53, 8B, D9, 8B, 74, 24, 14, F7, C6, 03, 00, 00, 00, 8B, 7C, 24, 10, 75, 0B, C1, E9, 02, 0F, 85, 85, 00, 00, 00, EB, 27, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 83, E9, 01, 74, 2B, 84, C0, 74, 2F, F7, C6, 03, 00, 00, 00, 75, E5, 8B, D9, C1, E9, 02, 75, 61, 83, E3, 03, 74, 13, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 84, C0, 74, 37, 83, EB, 01, 75, ED, 8B, 44...
 
[+]

Code size:
180.5 KB (184,832 bytes)

Remove wpsvc.exe - Powered by Reason Core Security