home

narcpi_wfp.sys

ContentWatch

It runs as a Windows kernel mode device driver named “narcpi_wfp”.
Publisher:
ContentWatch  (signed and verified)

MD5:
00ee082bf1c537d7968c99566884607e

SHA-1:
389bd31ec3fbd6a197204f6d60ca3cd46c3ac226

SHA-256:
66aa14d6a451fa98955c9cf4f28968fa838a50a708a638d2b1a3aee146f52b81

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/28/2024 3:26:55 AM UTC  (today)

File size:
36.7 KB (37,552 bytes)

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\narcpi_wfp.sys

Digital Signature
Signed by:
ContentWatch

Authority:
GlobalSign nv-sa

Valid from:
7/20/2015 10:24:01 PM

Valid to:
9/2/2018 12:35:24 AM

Subject:
CN=ContentWatch, O=ContentWatch, L=Midvale, S=Utah, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112108462DFB703E103BFE642A73AB3D06E5

File PE Metadata
Compilation timestamp:
8/14/2015 1:57:15 AM

OS version:
6.2

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
11.0

CTPH (ssdeep):
768:yZmu5U+Vj+OP16/3kkzJZTR/K8vQKFgSQLJ+XgTY:y8u5D+OkTzntdmSuJjY

Entry address:
0x3E44

Entry point:
8B, FF, 55, 8B, EC, E8, B8, 31, 00, 00, 5D, E9, 9E, D5, FF, FF, CC, CC, CC, CC, CC, CC, 3B, 0D, 10, 60, 40, 00, 75, 03, C2, 00, 00, E9, 06, 00, 00, 00, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 51, 89, 4D, FC, 6A, 02, 59, CD, 29, CC, CC, CC, CC, CC, CC, FF, 25, E8, 50, 40, 00, CC, CC, CC, CC, CC, CC, FF, 25, E0, 50, 40, 00, CC, CC, CC, CC, CC, CC, FF, 25, DC, 50, 40, 00, CC, CC, CC, CC, CC, CC, FF, 25, D4, 50, 40, 00, CC, CC, CC, CC, CC, CC, FF, 25, B8, 50, 40, 00, CC, CC, CC, CC, CC, CC, FF, 25, B4, 50...
 
[+]

Code size:
16 KB (16,384 bytes)

Driver
Display name:
narcpi_wfp

Description:
NARC Packet Informant (WFP)

Type:
Kernel device driver (KernelDriver)


Scan narcpi_wfp.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.