» winfilter.dll
Overview
Analysis
File Details

winfilter.dll

The module winfilter.dll has been detected as adware by 15 anti-malware scanners. Also know as BrowserDefender, this bundled service will prevent various web browser toolbars and extensions from running as well as block changes to the search page and provider.

File name:

winfilter.dll

MD5:

dbd63b57f7b343de566c10cc0ee4a249

SHA-1:

5f16d4eaaceff793fc8b9bdef6e91b0d0d18d518

SHA-256:

9ce2e44852fb24fdc6be2322128a36f170ecd0c01f02e9725f0a50d293ce2233

Scanner detections:

15 / 68

Status:

Adware

Explanation:

This service will prevent resources from modifying the web browser's home and search pages as well as the search provider set by the product, an affiliate search engine partner.

Analysis date:

4/19/2024 6:02:17 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.BProtector.2

623

AVG

Generic_r

2016.0.3101

Baidu Antivirus

Trojan.Win32.SProtector

4.0.3.15523

Bitdefender

Gen:Variant.Adware.BProtector.2

1.0.20.715

Emsisoft Anti-Malware

Gen:Variant.Adware.BProtector

8.15.05.23.11

ESET NOD32

Win32/SProtector (variant)

9.9411

F-Secure

Gen:Variant.Adware.BProtector.2

11.2015-23-05_7

G Data

Gen:Variant.Adware.BProtector

15.5.24

IKARUS anti.virus

AdWare.Bprotector

t3scan.2.2.29

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.1998

Malwarebytes

Trojan.SProtector

v2015.05.23.11

McAfee

Adware-BProtect!DBD63B57F7B3

5600.6757

MicroWorld eScan

Gen:Variant.Adware.BProtector.2

16.0.0.429

Reason Heuristics

Adware.BProtector

15.5.23.11

Sophos

Generic PUA FP

4.97

File size:

4.2 MB (4,380,160 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\ProgramData\winfilter\winfilter.dll

File PE Metadata

Compilation timestamp:

2/2/2014 9:55:48 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

98304:BKafMaXHvajpk+Df5F6cgjLVw+t3biYBy4Zd9L/Z9jvPMHhFU68S1I:8Na3va1aTBw+t3+D6NRXiJH

Entry address:

0x139634

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, ED, DD, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 00, 71, 29, 10, E8, 3D, 50, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 50, EC, 2D, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 30, 3C, 28, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

7.0868

Developed / compiled with:

Microsoft Visual C++

Code size:

2.5 MB (2,621,952 bytes)

Remove winfilter.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.