» dpmonitor.sys
Overview
Analysis
File Details
Behaviors (1)

dpmonitor.sys

北京天创奇迹广告有限公司

It runs as a Windows kernel mode device driver named “DpMonitor”.

File name:

dpmonitor.sys

Publisher:

北京天创奇迹广告有限公司 (signed and verified)

MD5:

0d5eb4d5e81c1c4eec469be2ec14a989

SHA-1:

db4e665e44f3f392741c03603a2eed8c7068387d

SHA-256:

bbcf3e78ce0aabff4f7bb3d887368435be649feade0d90f452c71dab70b79504

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

11/24/2024 3:58:50 AM UTC (today)

Scan engine

Detection

Engine version

Qihoo 360 Security

HEUR/QVM00.1.Malware.Gen

1.0.0.1015

Rising Antivirus

PE:Trojan.Win32.Generic.180899AF!403216815

23.00.65.15211

File size:

249.3 KB (255,328 bytes)

File type:

Driver (Win32 SYS)

Common path:

C:\Windows\System32\drivers\dpmonitor.sys

Digital Signature

Signed by:

北京天创奇迹广告有限公司

Authority:

Thawte, Inc.

Valid from:

7/31/2014 2:00:00 AM

Valid to:

10/31/2015 12:59:59 AM

Subject:

CN=北京天创奇迹广告有限公司, OU=技术部, O=北京天创奇迹广告有限公司, L=北京, S=北京, C=CN

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

440EFB0AEFBBFCFEA50B0E8F992848BC

File PE Metadata

Compilation timestamp:

1/26/2015 2:42:10 AM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

6144:k3wLsvC0n82bHebaOrbaSoSZY6w/Hu58CgOyhdZUTNLJJvJduNz:KvCg82aOOiSxZ4u572ZUlJJvJ

Entry address:

0x603E

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 42, B3, FF, FF, CC, CC, 94, 60, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, DA, 64, 00, 00, 08, 40, 00, 00, 8C, 60, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 08, 65, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, F4, 64, 00, 00, 00, 00, 00, 00, 78, 61, 00, 00, 84, 61, 00, 00, A6, 61, 00, 00, B8, 61, 00, 00, D0, 61, 00, 00, E2, 61, 00, 00, FA, 61, 00, 00, 06, 62, 00, 00, 12, 62, 00, 00, 2A, 62, 00, 00, 48, 62... 
[+]

Code size:

11 KB (11,264 bytes)

Driver

Display name:

DpMonitor

Type:

Kernel device driver (KernelDriver)

Scan dpmonitor.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.