home

narcpi_wfp.sys

ContentWatch

It runs as a Windows 64-bit kernel mode device driver named “narcpi_wfp”.
Publisher:
ContentWatch  (signed and verified)

MD5:
1c68ae6a297162ba06da6206561ba0c8

SHA-1:
53f0aa78516aabb9fec4ee40f6de354738ee3a61

SHA-256:
5e2947620a90e71cd5613104fca61f9acc2953aa2a202df9292686a759e85f20

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 11:52:22 PM UTC  (a few moments ago)

File size:
30.8 KB (31,512 bytes)

File type:
Driver (Win64 SYS)

Common path:
C:\Windows\System32\drivers\narcpi_wfp.sys

Digital Signature
Signed by:
ContentWatch

Authority:
GlobalSign nv-sa

Valid from:
8/1/2012 4:35:24 PM

Valid to:
8/2/2015 4:35:24 PM

Subject:
CN=ContentWatch, O=ContentWatch, L=Midvale, S=Utah, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11213A8155A0FD90E501E2EB88F998156CDE

File PE Metadata
Compilation timestamp:
12/17/2014 6:00:35 PM

OS version:
6.2

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
11.0

CTPH (ssdeep):
768:dRzSuH8aoFB6WKp7UTbKqCMC3KZKyBzLbqOgHz:dcucaoFfbitoKJz

Entry address:
0x8070

Entry point:
48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, DA, 48, 8B, F9, E8, 83, FF, FF, FF, 48, 8B, D3, 48, 8B, CF, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, E9, 5A, 93, FF, FF, CC, CC, B8, 81, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A4, 84, 00, 00, C8, 50, 00, 00, F0, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 22, 85, 00, 00, 00, 50, 00, 00, 18, 81, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 16, 87, 00, 00, 28, 50, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3904

Code size:
18 KB (18,432 bytes)

Driver
Display name:
narcpi_wfp

Description:
NARC Packet Informant (WFP)

Type:
Kernel device driver (KernelDriver)


Scan narcpi_wfp.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.