» browsermon.sys
Overview
Analysis
File Details
Behaviors (1)

browsermon.sys

PrivDog

Adtrustmedia, LLC

The file browsermon.sys, “BrowserMon Driver” by Adtrustmedia has been detected as a potentially unwanted program by 7 anti-malware scanners. It runs as a Windows file system device driver named “browserMon”.

File name:

browsermon.sys

Publisher:

AdTrustMedia (signed by Adtrustmedia, LLC)

Product:

PrivDog

Description:

BrowserMon Driver

Version:

4.0.7.0

MD5:

ac968a0ac41d29f7d18de14161b9fc12

SHA-1:

949a9b6f1b3852a6d35c1b3087f34e5d990c49e6

SHA-256:

e1f09de5c1e9b0038d07336fb4d2c3df1caed5c53079e176491097c606d47e12

Scanner detections:

7 / 68

Status:

Potentially unwanted

Explanation:

Displays advertising 'Trusted Advertisements' in the user's web browser in pages that normally would not show ads. Ads from AdTrustMedia are indicated by "AT-M Ad" displayed on the bottom right of the advertisement.

Analysis date:

5/13/2025 8:40:12 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.HfsAdware

1.3.0.6379

Fortinet FortiGate

W32/PrivDog.FCOW!tr.bdr

7/25/2015

McAfee

BackDoor-FCOW!AC968A0AC41D

5600.6694

Reason Heuristics

PUP.Adtrustmedia (M)

15.7.25.11

Sophos

PrivDog

4.98

Trend Micro House Call

Suspicious_GEN.F47V0323

7.2.206

VIPRE Antivirus

AdTrustMedia

39308

File size:

17.7 KB (18,112 bytes)

Product version:

4.0.7.0

Original file name:

PrivDog

File type:

Driver (Win32 SYS)

Common path:

C:\Windows\System32\drivers\browsermon.sys

Digital Signature

Signed by:

Adtrustmedia, LLC

Authority:

COMODO CA Limited

Valid from:

3/19/2015 2:00:00 AM

Valid to:

1/1/2016 1:59:59 AM

Subject:

CN="Adtrustmedia, LLC", O="Adtrustmedia, LLC", STREET="41 Watchung Plaza \#330", L=Montclair, S=New Jersey, PostalCode=07042, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

55A8A637287BFE69A0D09B9FA473C126

File PE Metadata

Compilation timestamp:

3/20/2015 4:32:43 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

384:WGj2x2AFwsME0Ct5QrnACxMMC18xS7Lia5r:1TAwE0XntxhQ3r

Entry address:

0x1D24

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 52, FF, FF, FF, EC, 1D, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 10, 20, 00, 00, E8, 14, 00, 00, E0, 1D, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4A, 20, 00, 00, DC, 14, 00, 00, 84, 1D, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 6A, 22, 00, 00, 80, 14, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 52, 20, 00, 00, 54, 22, 00, 00, 40, 22, 00, 00, 28, 22, 00, 00, 0A, 22, 00, 00, F0, 21, 00, 00, D6, 21, 00, 00, BE, 21, 00, 00... 
[+]

Code size:

6.3 KB (6,400 bytes)

Driver

Display name:

browserMon

Description:

FsFilter Mini-Filter Driver

Type:

File system 'filter' driver (FileSystemDriver)

Group:

FSFilter Activity Monitor

Depends on:

FltMgr

Remove browsermon.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.