» fimx64.sys
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

fimx64.sys

Free ISO Mount

Rspark LLC

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The file fimx64.sys, “Free ISO Mount Driver” by Rspark has been detected as adware by 2 anti-malware scanners. It runs as a Windows 64-bit kernel mode device driver named “Free ISO Mount driver”. This file is typically installed with the program Free ISO Mount by Media Freeware which is a potentially unwanted software program.

File name:

fimx64.sys

Publisher:

Rspark LLC (signed and verified)

Product:

Free ISO Mount

Description:

Free ISO Mount Driver

Version:

1.0.0.0

MD5:

8f78fe5b659bae9546e4233263e0ceb1

SHA-1:

04753793c5ca0ac33c5b067e32cc98524f99c460

SHA-256:

7edcbcec6a813201838460bc751d374776227cfd7b7267d3be6502555610304f

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/27/2024 3:32:45 AM UTC (today)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Gen:Heur.MSIL.Krypt

8.14.04.10.03

Reason Heuristics

PUP.Rspark.J

14.4.10.3

File size:

33.1 KB (33,896 bytes)

Product version:

1.0.0.0

Original file name:

FIM.sys

File type:

Driver (Win64 SYS)

Common path:

C:\Program Files\free iso mount\fimx64.sys

Digital Signature

Signed by:

Rspark LLC

Authority:

DigiCert Inc

Valid from:

11/25/2013 8:00:00 AM

Valid to:

1/26/2015 8:00:00 PM

Subject:

CN=Rspark LLC, O=Rspark LLC, L=Seattle, S=Washington, C=US

Issuer:

CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0969FC9F3451C04483AE5CCEADE9FC13

File PE Metadata

Compilation timestamp:

12/8/2013 4:01:12 AM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

768:0H4dzgYCsV3e4cT8BpKCX5VTdO3WOyma+3Kg:0HeysZRXsmOy9+3

Entry address:

0x9064

Entry point:

48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, E2, 84, FF, FF, CC, CC, B0, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 52, 93, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 08, 92, 00, 00, 00, 00, 00, 00, 20, 92, 00, 00, 00, 00, 00, 00, 38, 92, 00, 00, 00, 00, 00, 00, 4C, 92, 00, 00, 00, 00, 00, 00, 5A, 92, 00, 00, 00, 00, 00, 00, 72, 92, 00, 00, 00, 00, 00, 00, 84, 92, 00, 00... 
[+]

Entropy:

6.2505

Code size:

17.5 KB (17,920 bytes)

Driver

Display name:

Free ISO Mount driver

Service name:

ISOMount

Type:

Kernel device driver (KernelDriver)

The file fimx64.sys has been discovered within the following program.

Free ISO Mount by Media Freeware

The installer uses the OutBorwse download manager to bundle additional adware during install including Conduit Search Protect, Yontoo PlurPush, SysTweak and other toolbars and potentially unwanted software utilities.

www.mediafreeware.com

72% remove it

Remove fimx64.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.