home

tsmon.exe

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘tsmon.exe’.
MD5:
43223280aeaa2503a9aabf60e1f18875

SHA-1:
95189ac8098b10fc96093815fae336a912ddd540

SHA-256:
0c8382f75cede7ad532b02817d25090ae7ec96edde952c8c430ad7c9623b273e

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
5/11/2025 6:51:22 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.KeyLogger
4.0.3.14112

Comodo Security
Heur.Suspicious
17591

ESET NOD32
Win32/KeyLogger.Gratis (variant)
8.9277

File size:
888.5 KB (909,824 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\tss manager\tsmon.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:2k9KJPcSZKE7kQmtSX/ey4IKWPnZqa6x:Z9KJEeVgby4yn0

Entry address:
0xBB180

Entry point:
55, 8B, EC, 83, C4, F4, B8, 20, AD, 4B, 00, E8, 8C, B9, F4, FF, A1, 64, DE, 4B, 00, 8B, 00, E8, 74, E3, F8, FF, A1, 64, DE, 4B, 00, 8B, 00, 33, D2, E8, 6A, DF, F8, FF, 8B, 0D, 9C, DF, 4B, 00, A1, 64, DE, 4B, 00, 8B, 00, 8B, 15, 94, 37, 4B, 00, E8, 66, E3, F8, FF, 8B, 0D, 6C, DB, 4B, 00, A1, 64, DE, 4B, 00, 8B, 00, 8B, 15, 70, 2A, 4B, 00, E8, 4E, E3, F8, FF, A1, 64, DE, 4B, 00, 8B, 00, E8, C2, E3, F8, FF, E8, 2D, 87, F4, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
744.5 KB (762,368 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
tsmon.exe

Command:
C:\Program Files\tss manager\tsmon.exe


Scan tsmon.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.