» MsgPlusDriver.sys
Overview
Analysis
File Details
Behaviors (1)

MsgPlusDriver.sys

Messenger Plus! Virtual Camera

Kimahri Software inc.

This adware uses the Crossrider platform to build and distribute this web browser advertising injection extension. Once installed in the browser it will hijack various browser settings (homepage, search) and may interfere and track behaviors as well as deliver ads. The file MsgPlusDriver.sys, “MsgPlusDriver WDM Driver” by Kimahri Software inc has been detected as adware by 2 anti-malware scanners. It runs as a Windows 64-bit kernel mode device driver named “Messenger Plus! Virtual Camera”. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

MsgPlusDriver.sys

Publisher:

Yune Software (signed by Kimahri Software inc.)

Product:

Messenger Plus! Virtual Camera

Description:

MsgPlusDriver WDM Driver

Version:

5, 5, 0, 761 built by: WinDDK

MD5:

7db54c30f684d591f42cc966ee6ba6a3

SHA-1:

9127c687ceaf8d420f1ab986aa5f0a8dd7963de3

SHA-256:

9f5a82e0104c482b962b8d4be228657fc420efbc2f62e9f97512e4674fb6f514

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

5/7/2024 7:24:38 AM UTC (today)

Scan engine

Detection

Engine version

Panda Antivirus

PUP/PlusHD

14.02.05.10

Reason Heuristics

PUP.KimahriSoftwareinc.Q

14.2.22.22

File size:

99.8 KB (102,160 bytes)

Product version:

5, 5, 0, 761

Original file name:

MsgPlusDriver.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\msgplusdriver.sys

Digital Signature

Signed by:

Kimahri Software inc.

Authority:

VeriSign, Inc.

Valid from:

6/21/2012 2:00:00 AM

Valid to:

6/22/2013 1:59:59 AM

Subject:

CN=Kimahri Software inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Kimahri Software inc., L=Montreal, S=Quebec, C=CA

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

07C63B61BAA996BF90FF340CD94B17DA

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

1536:1lhGAcdsFDDnDDtDDI4DDDbDDD1Do5h15iMSxSDDDDDDDLDDDDDDDeTDDDDDDDDe:HRbfRvR6YQ

Entry point:

48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, 86, 9A, FE, FF, CC, CC, 88, 69, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, F0, 6A, 01, 00, C8, 36, 00, 00, 40, 69, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, FC, 6B, 01, 00, 80, 36, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, BE, 6B, 01, 00, 00, 00, 00, 00, 9E, 6B, 01, 00, 00, 00, 00, 00, 7E, 6B, 01, 00, 00, 00, 00, 00, 64, 6B, 01, 00, 00, 00, 00, 00, 46, 6B, 01, 00... 
[+]

Driver

Display name:

Messenger Plus! Virtual Camera

Service name:

MsgPlusDriver

Type:

Kernel device driver (KernelDriver)

Remove MsgPlusDriver.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.