home

WinFilter.dll

The module WinFilter.dll has been detected as adware by 17 anti-malware scanners. Also know as BrowserDefender, this bundled service will prevent various web browser toolbars and extensions from running as well as block changes to the search page and provider.
MD5:
486ec1c63e198f21f4a777f8cada19de

SHA-1:
da9ff79f9f4c11b254e43d179133e0eac8519f9b

SHA-256:
02d8fb7bcc5dcb93139b8a30e1bf9475f4207f2ab35e17f17c26f21fe82ad0c4

Scanner detections:
17 / 68

Status:
Adware

Explanation:
This service will prevent resources from modifying the web browser's home and search pages as well as the search provider set by the product, an affiliate search engine partner.

Analysis date:
4/18/2024 2:18:03 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.BProtector.2
1021

AhnLab V3 Security
Adware/Win32.SProtector
2014.02.07

AVG
Generic_r
2015.0.3499

Baidu Antivirus
Trojan.Win32.SProtector
4.0.3.14420

Bitdefender
Gen:Variant.Adware.BProtector.2
1.0.20.550

Emsisoft Anti-Malware
Gen:Variant.Adware.BProtector
8.14.04.20.10

ESET NOD32
Win32/SProtector (variant)
8.9393

Fortinet FortiGate
Riskware/SProtector
4/20/2014

F-Secure
Gen:Variant.Adware.BProtector.2
11.2014-20-04_1

G Data
Gen:Variant.Adware.BProtector
14.4.24

IKARUS anti.virus
AdWare.Bprotector
t3scan.2.2.29

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.3988

Malwarebytes
Trojan.SProtector
v2014.04.20.10

McAfee
Adware-BProtect!486EC1C63E19
5600.7155

MicroWorld eScan
Gen:Variant.Adware.BProtector.2
15.0.0.330

Reason Heuristics
Adware.BProtector.J
14.8.5.22

Sophos
Generic PUA NK
4.97

File size:
4 MB (4,142,592 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\ProgramData\winfilter\winfilter.dll

File PE Metadata
Compilation timestamp:
12/27/2013 1:52:14 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:NGudlLFpuh30bJtPnXSN/4AZwEh3rl9COeSrnYPpFHTnyKE3o8+8QubuxC9zXwQy:JXPun59COREPv1UNQboZ4P7538X

Entry address:
0x110A7D

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, D5, DE, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 18, 3F, 26, 10, E8, 64, 50, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 50, AC, 2A, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 78, 0C, 25, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.3 MB (2,416,128 bytes)

Remove WinFilter.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.