» vm332_sti.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

vm332_sti.exe

VM331 StiMnt

Vimicro

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘332BigDog’.

File name:

vm332_sti.exe

Publisher:

Vimicro

Product:

VM331 StiMnt

Version:

1, 0, 0, 3

MD5:

b7a36b59f77c1a088fe3a19bfadcb9f0

SHA-1:

832d55180cd1091786d07e374b5af64db8ac112f

SHA-256:

88c33c26391f6d0773bb2ab8aca3a10b781453954af1e4f665898ca75f49cae4

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/14/2024 11:17:11 AM UTC (today)

File size:

524 KB (536,576 bytes)

Product version:

1, 0, 0, 3

Original file name:

VM331_STI.exe.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Traditional, Taiwan)

Common path:

C:\Program Files\usb camera2\vm332_sti.exe

File PE Metadata

Compilation timestamp:

1/15/2010 3:38:44 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:kPIVpyrF2z/Guun0iBNktZ5D6rmtuaczz0UTUASsctV/wQ2BZW2vd1a86v+/vlfD:qIVpqu4/atZ56RQp7wHg21lTcoAW

Entry address:

0x40255

Entry point:

E8, A8, FD, 00, 00, E9, 16, FE, FF, FF, 53, 56, 8B, 74, 24, 0C, 8B, 46, 0C, 8B, C8, 80, E1, 03, 33, DB, 80, F9, 02, 75, 3F, 66, A9, 08, 01, 74, 39, 8B, 46, 08, 57, 8B, 3E, 2B, F8, 85, FF, 7E, 2C, 57, 50, 56, E8, 6A, 5B, 00, 00, 59, 50, E8, 3B, A3, 00, 00, 83, C4, 0C, 3B, C7, 75, 0F, 8B, 46, 0C, 84, C0, 79, 0F, 83, E0, FD, 89, 46, 0C, EB, 07, 83, 4E, 0C, 20, 83, CB, FF, 5F, 8B, 46, 08, 83, 66, 04, 00, 89, 06, 5E, 8B, C3, 5B, C3, 56, 8B, 74, 24, 08, 85, F6, 75, 09, 56, E8, 33, 00, 00, 00, 59, 5E, C3, 56, E8... 
[+]

Entropy:

6.5836

Code size:

428 KB (438,272 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

332BigDog

Command:

C:\Program Files\usb camera2\vm332_sti.exe

The file vm332_sti.exe has been discovered within the following program.

Lenovo EasyCamera by Lenovo

support.lenovo.com/en_US/downloads/detail.page?DocID=DS012661

22% remove it

Scan vm332_sti.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.