home

cmvcamdrv.sys

SageTech

It runs as a Windows kernel mode device driver named “CamMask Virtual Webcam”.
Publisher:
SageTech  (signed and verified)

MD5:
395495fdf58ef01676c99b02c7f362f7

SHA-1:
106faaf2e7ff6955c7918b05c1be14daddcb47d3

SHA-256:
bc760ffe259de13c7de62e82b00f13a49386bb1ce1b710fc3692bc0ce9f1a166

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 10:50:03 PM UTC  (today)

File size:
928.7 KB (951,000 bytes)

File type:
Driver (Win32 SYS)

Common path:
C:\Windows\System32\drivers\cmvcamdrv.sys

Digital Signature
Signed by:
SageTech

Authority:
VeriSign, Inc.

Valid from:
5/12/2011 3:00:00 AM

Valid to:
5/20/2014 2:59:59 AM

Subject:
CN=SageTech, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SageTech, L=San Jose, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
31309A599C3FE22C5AF29A1415C31BC5

File PE Metadata
Compilation timestamp:
12/23/2013 11:44:10 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
10.0

CTPH (ssdeep):
3072:X3ILZA9n4UKA/gBLhTAnWBPdXfguTK321N1TctBcKdw5:X3m0WpGBZdw5

Entry address:
0x1000

Entry point:
55, 8B, EC, 83, EC, 3C, 53, 6A, 3C, 33, DB, 8D, 45, C4, 53, 50, E8, B1, 26, 00, 00, 8B, 55, 0C, 8B, 45, 08, 83, C4, 0C, 8D, 4D, C4, 51, 52, 50, C7, 45, C4, 3C, 00, 00, 00, 89, 5D, C8, C7, 45, CC, 70, 14, 40, 00, C7, 45, D0, 20, 16, 40, 00, C7, 45, D4, 00, 17, 40, 00, C7, 45, D8, A0, 00, 00, 00, C7, 45, DC, 0C, 00, 00, 00, 89, 5D, E4, C7, 45, E0, 90, 00, 00, 00, 66, 89, 5D, E8, C7, 45, EC, 03, 00, 00, 00, 89, 5D, F4, C6, 45, F0, 01, FF, 15, 14, 40, 40, 00, 5B, 8B, E5, 5D, C2, 08, 00, CC, CC, CC, CC, CC, CC...
 
[+]

Entropy:
5.1572

Developed / compiled with:
Microsoft Visual C++

Code size:
11 KB (11,264 bytes)

Driver
Display name:
CamMask Virtual Webcam

Service name:
CamMask

Type:
Kernel device driver (KernelDriver)


Scan cmvcamdrv.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.