wpsvc.exe

Word Proser Client Service

Wordprosers LLC

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application wpsvc.exe by Wordprosers has been detected as adware by 20 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Word Proser 1.10.0.2 Client Service”.
Publisher:
Word Proser  (signed by Wordprosers LLC)

Product:
Word Proser Client Service

Version:
1.10.0.2

MD5:
b25922683bff1e1aa8164dc99e25f6e3

SHA-1:
e9304196741996e6d60d33bc705c4b8462b6ee53

SHA-256:
ae0e7f64ca5d642a50172ed0c233dd78e26a9a1d501f14759f1e47d52587ad70

Scanner detections:
20 / 68

Status:
Adware

Analysis date:
12/25/2024 12:36:05 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Vitruvian.B
794

Agnitum Outpost
PUA.Vitruvian
7.1.1

AVG
Wordproser
2015.0.3297

Baidu Antivirus
Adware.Win32.Vitruvian
4.0.3.14122

Bitdefender
Adware.Vitruvian.B
1.0.20.1680

Comodo Security
ApplicUnwnt
20073

Emsisoft Anti-Malware
Adware.Vitruvian
8.14.12.02.07

ESET NOD32
Win32/AdWare.Vitruvian (variant)
8.10675

Fortinet FortiGate
Riskware/Vitruvian
12/2/2014

F-Secure
Adware.Vitruvian.B
11.2014-02-12_3

G Data
Adware.Vitruvian
14.12.24

IKARUS anti.virus
PUA.Vitruvian
t3scan.1.8.3.0

Malwarebytes
PUP.Optional.WordProser.A
v2014.11.08.03

MicroWorld eScan
Adware.Vitruvian.B
15.0.0.1008

nProtect
Adware.Vitruvian.B
14.11.13.01

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Service.Wordprosers.F
14.11.20.9

Sophos
Generic PUA KJ
4.98

Trend Micro House Call
Suspicious_GEN.F47V1015
7.2.336

VIPRE Antivirus
InfoAtoms
34536

File size:
271.1 KB (277,584 bytes)

Product version:
1.10.0.2

Copyright:
Copyright (C) 2014

Original file name:
wpsvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\wordproser_1.10.0.2\service\wpsvc.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
6/30/2014 8:58:57 AM

Valid to:
6/30/2016 8:58:57 AM

Subject:
E=support@wordproser.com, CN=Wordprosers LLC, O=Wordprosers LLC, L=La Jolla, S=CA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112185C82DF38C3E8058F8A898AF88A5B351

File PE Metadata
Compilation timestamp:
11/4/2014 12:55:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
6144:LZ4157+kGcAbVeuo7n4B5QCTBRuBAxb16:LZ4LC/cABeuo74B5QCTpB16

Entry address:
0x21158

Entry point:
E8, 69, 56, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56, 53, 8B, D9, 8B, 74, 24, 14, F7, C6, 03, 00, 00, 00, 8B, 7C, 24, 10, 75, 0B, C1, E9, 02, 0F, 85, 85, 00, 00, 00, EB, 27, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 83, E9, 01, 74, 2B, 84, C0, 74, 2F, F7, C6, 03, 00, 00, 00, 75, E5, 8B, D9, C1, E9, 02, 75, 61, 83, E3, 03, 74, 13, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 84, C0, 74, 37, 83, EB, 01, 75, ED, 8B, 44...
 
[+]

Entropy:
6.3161

Code size:
180.5 KB (184,832 bytes)

Service
Display name:
Word Proser 1.10.0.2 Client Service

Service name:
wpsvc_1.10.0.2

Description:
This service enables Word Proser 1.10.0.2 on HTTP websites

Type:
Win32OwnProcess


Remove wpsvc.exe - Powered by Reason Core Security