home

ipnp.dll

Windows Operating System

Microsoft Software Corporation

The module ipnp.dll, “WMI Performance Reverse Adapter” by Microsoft Software has been detected as a potentially unwanted program by 10 anti-malware scanners.
Publisher:
Foundation Corporation  (signed by Microsoft Software Corporation)

Product:
Windows® Operating System

Description:
WMI Performance Reverse Adapter

Version:
6.1.7600.16385 (win7_rtm.090713-1255)

MD5:
fd9ded935ca5041e0f361efc3ff7c6b4

SHA-1:
675c5c050498b1e01d823deb209cb7f10fb7e515

SHA-256:
93492daef3cf245be42659d8fcfb367d31f9a65ee80364713312764688ab20d0

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
1/2/2026 11:50:09 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.RemoteAdmin.RFS
1036

Bitdefender
Application.RemoteAdmin.RFS
1.0.20.475

F-Secure
Application.RemoteAdmin.RFS
11.2014-05-04_7

G Data
Application.RemoteAdmin.RFS
14.4.24

IKARUS anti.virus
Application.RemoteAdmin.RFS
t3scan.2.2.29

Kaspersky
not-a-virus:RemoteAdmin.Win32.Agent
14.0.0.4064

Malwarebytes
Trojan.RMS
v2014.04.05.04

NANO AntiVirus
Trojan.Win32.Stealer.crkvhr
0.28.0.57630

Sophos
Generic PUA GK
4.97

Trend Micro House Call
TROJ_GEN.F47V1026
7.2.95

File size:
954.8 KB (977,720 bytes)

Product version:
6.1.7600.16385

Copyright:
© Foundation Corporation. All rights reserved.

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\vmwarednd\54c6ada0\7zipsfx.000\ipnp.dll

Digital Signature
Signed by:
Microsoft Software Corporation

Authority:
Microsoft Software Corporation

Valid from:
10/23/2013 3:48:54 PM

Valid to:
1/1/2040 5:59:59 AM

Subject:
CN=Microsoft Software Corporation

Issuer:
CN=Microsoft Software Corporation

Serial number:
4559BCE5B18F238748894945FC1CEA73

File PE Metadata
Compilation timestamp:
5/18/2013 11:39:06 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:Nh4IaVAuqZnOH04Ma3DKbws+eWRH6oRS/FfnrV:zo6CdMa3DKss+eWRa3NfnrV

Entry address:
0xD3ABC

Entry point:
55, 8B, EC, 83, C4, C0, B8, A0, DC, 4C, 00, E8, C8, 9A, F3, FF, 80, 3D, 0C, 77, 4D, 00, 00, 75, 0B, A1, 48, AC, 4D, 00, 50, E8, F8, A3, F3, FF, C6, 05, 0C, 77, 4D, 00, 01, E8, 6C, 4D, F3, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
839.5 KB (859,648 bytes)

Remove ipnp.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.