» browserMon.sys
Overview
Analysis
File Details
Behaviors (1)

browserMon.sys

Windows Win 7 DDK driver

Adtrustmedia, LLC

The file browserMon.sys, “FsMonitor Filter Driver” by Adtrustmedia has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a Windows 64-bit file system device driver named “browserMon”.

File name:

browserMon.sys

Publisher:

Windows (R) Win 7 DDK provider (signed by Adtrustmedia, LLC)

Product:

Windows (R) Win 7 DDK driver

Description:

FsMonitor Filter Driver

Version:

6.1.7600.16385 built by: WinDDK

MD5:

1c12a564f7964058bfae650410050446

SHA-1:

2c10a428fd2aa1e18ac091809bd1f061453e15cb

SHA-256:

e736a5d6c385b91ab43d63ae4ffeeff38d64ff1c44777ee08934fb425a74277e

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Displays advertising 'Trusted Advertisements' in the user's web browser in pages that normally would not show ads. Ads from AdTrustMedia are indicated by "AT-M Ad" displayed on the bottom right of the advertisement.

Analysis date:

4/23/2024 12:07:46 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Adtrustmedia (M)

15.6.20.23

File size:

20.3 KB (20,768 bytes)

Product version:

6.1.7600.16385

Original file name:

browserMon.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\browsermon.sys

Digital Signature

Signed by:

Adtrustmedia, LLC

Authority:

COMODO CA Limited

Valid from:

11/14/2013 1:00:00 AM

Valid to:

11/15/2014 12:59:59 AM

Subject:

CN="Adtrustmedia, LLC", O="Adtrustmedia, LLC", STREET="41 Watchung Plaza #330", L=Montclair, S=New Jersey, PostalCode=07042, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

4969CFD545F605E70D3F1290BB4893DB

File PE Metadata

Compilation timestamp:

11/13/2014 5:19:50 PM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

384:LQ08ug2FzUSDOZypiuuz2hb7lVAKL6TWCxMMC18RaJSbHzIxsl:kuZzUSDrp42hbxcTjxh0xK

Entry address:

0x70F0

Entry point:

48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, FA, FE, FF, FF, CC, CC, 00, 72, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 9A, 74, 00, 00, B0, 30, 00, 00, 50, 71, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A4, 76, 00, 00, 00, 30, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A8, 74, 00, 00, 00, 00, 00, 00, 90, 76, 00, 00, 00, 00, 00, 00, 7C, 76, 00, 00, 00, 00, 00, 00, 58, 76, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

7.5 KB (7,680 bytes)

Driver

Display name:

browserMon

Description:

FsFilter Mini-Filter Driver

Type:

File system 'filter' driver (FileSystemDriver)

Group:

FSFilter Activity Monitor

Depends on:

FltMgr

Remove browserMon.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.