home

wpsvc.exe

Word Proser Client Service

Wordprosers LLC

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application wpsvc.exe by Wordprosers has been detected as adware by 25 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Word Proser 1.10.0.9 Client Service”.
Publisher:
Word Proser  (signed by Wordprosers LLC)

Product:
Word Proser Client Service

Version:
1.10.0.9

MD5:
1c733dcbdd909cab08af6ca244643b89

SHA-1:
e52596b650a83ac713da7de8cd2e4904bf5b09ce

SHA-256:
d61dc723089d5bbaed75173eb3908fb80ac5b9e717d6dad063a8587f93c5a079

Scanner detections:
25 / 68

Status:
Adware

Analysis date:
11/5/2024 4:41:57 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Vitruvian.B
724

Agnitum Outpost
PUA.Vitruvian
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.209.122

AVG
Wordproser
2016.0.3202

Baidu Antivirus
Adware.Win32.Vitruvian
4.0.3.15211

Bitdefender
Adware.Vitruvian.B
1.0.20.210

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
ApplicUnwnt
20073

Emsisoft Anti-Malware
Adware.Vitruvian
8.15.02.11.11

ESET NOD32
Win32/AdWare.Vitruvian (variant)
9.10675

Fortinet FortiGate
Riskware/Vitruvian
2/11/2015

F-Secure
Adware.Vitruvian.B
11.2015-11-02_4

G Data
Adware.Vitruvian
15.2.24

IKARUS anti.virus
PUA.Vitruvian
t3scan.1.8.3.0

Kaspersky
not-a-virus:AdWare.Win32.Vitruvian
14.0.0.2503

Malwarebytes
PUP.Optional.WordProser.A
v2015.02.11.11

MicroWorld eScan
Adware.Vitruvian.B
16.0.0.126

nProtect
Adware.Vitruvian.B
14.11.13.01

Panda Antivirus
Generic Suspicious
15.02.11.11

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Service.InfoAtoms
15.2.11.11

Sophos
Generic PUA KJ
4.98

Trend Micro House Call
Suspicious_GEN.F47V1015
7.2.42

Vba32 AntiVirus
AdWare.Vitruvian
3.12.26.3

VIPRE Antivirus
InfoAtoms
37434

File size:
272.1 KB (278,608 bytes)

Product version:
1.10.0.9

Copyright:
Copyright (C) 2015

Original file name:
wpsvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\wordproser_1.10.0.9\service\wpsvc.exe

Digital Signature
Signed by:
Wordprosers LLC

Authority:
GlobalSign nv-sa

Valid from:
6/30/2014 9:58:57 AM

Valid to:
6/30/2016 9:58:57 AM

Subject:
E=support@wordproser.com, CN=Wordprosers LLC, O=Wordprosers LLC, L=La Jolla, S=CA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112185C82DF38C3E8058F8A898AF88A5B351

File PE Metadata
Compilation timestamp:
2/6/2015 3:26:23 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
6144:BrSSh37Li9pc6ofzIwuVipU+CCTB9GEueopQdt:BrfNLi9m6o8wuVipU+CCTvqadt

Entry address:
0x21245

Entry point:
E8, 28, 65, 00, 00, E9, 7B, FE, FF, FF, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56, 53, 8B, D9, 8B, 74, 24, 14, F7, C6, 03, 00, 00, 00, 8B, 7C, 24, 10, 75, 0B, C1, E9, 02, 0F, 85, 85, 00, 00, 00, EB, 27, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 83, E9, 01, 74, 2B, 84, C0, 74, 2F, F7, C6, 03, 00, 00, 00, 75, E5, 8B, D9, C1, E9, 02, 75, 61, 83, E3, 03, 74, 13, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 84, C0, 74, 37, 83, EB, 01, 75, ED, 8B, 44, 24, 10, 5B, 5E, 5F, C3, F7, C7, 03, 00, 00, 00, 74...
 
[+]

Entropy:
6.3179

Code size:
181 KB (185,344 bytes)

Service
Display name:
Word Proser 1.10.0.9 Client Service

Service name:
wpsvc_1.10.0.9

Description:
This service enables Word Proser 1.10.0.9 on HTTP websites

Type:
Win32OwnProcess


Remove wpsvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.