» wcmvcam.sys
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

wcmvcam.sys

Windows Win 7 DDK driver

Tenki Technology Co., Ltd.

The file wcmvcam.sys, “WebcamMax Capture” by Tenki Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a Windows 64-bit kernel mode device driver named “WebcamMax, WDM Video Capture”. This file is typically installed with the program WebcamMax by CoolwareMax.

File name:

wcmvcam.sys

Publisher:

Windows (R) Win 7 DDK provider (signed by Tenki Technology Co., Ltd.)

Product:

Windows (R) Win 7 DDK driver

Description:

WebcamMax Capture

Version:

6.1.7600.16385 built by: WinDDK

MD5:

ee8a9734b448836b0127c76066119e9c

SHA-1:

b0e635fa2b38258575f570b6500891dd0fc825d7

SHA-256:

d7d3abc414ef6e20033addde749d1694e52d30f620818e4ef6fbad681c6c73f6

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 2:53:26 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.TenkiTechnologyCo.K

14.3.2.17

File size:

1 MB (1,068,216 bytes)

Product version:

6.1.7600.16385

Original file name:

wcmvcam.sys

File type:

Driver (Win64 SYS)

Common path:

C:\Windows\System32\drivers\wcmvcam.sys

Digital Signature

Signed by:

Tenki Technology Co., Ltd.

Authority:

VeriSign, Inc.

Valid from:

5/30/2011 3:00:00 AM

Valid to:

5/30/2012 2:59:59 AM

Subject:

CN="Tenki Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Tenki Technology Co., Ltd.", L=Langfang, S=Hebei, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1BA7EF22FB3BE25B922AF13705001118

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

6144:OG+VTepbEO/z5tD4OtwoakgicqBM9QqSuf2fvUZXp095:6Teqaz5t4OwoQqBEQqSO2f8RpY

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 52, F3, EF, FF, CC, CC, AC, 1C, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, D4, 1D, 10, 00, 8C, 2C, 00, 00, A0, 1C, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, E2, 1D, 10, 00, 80, 2C, 00, 00, D8, 1C, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, C0, 1E, 10, 00, B8, 2C, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 86, 1D, 10, 00, 9A, 1D, 10, 00, 00, 00, 00, 00, 50, 1D, 10, 00, 18, 1D, 10, 00, 68, 1D, 10, 00, 7C, 1D, 10, 00, 0E, 1D... 
[+]

Entropy:

3.6810

Driver

Display name:

WebcamMax, WDM Video Capture

Service name:

WCMVCAM

Type:

Kernel device driver (KernelDriver)

The file wcmvcam.sys has been discovered within the following program.

WebcamMax by CoolwareMax

Publisher's description - “It enables you to add thousands of cool effects to webcam video for your live video chats or streaming, and new effects are keeping added. You can show to your friends with you wearing a pair of cat's eyes, becoming a two-heads weirdie or even in a wanted poster.”

client7.webcammax.net/client/?PID=WCM&&ACTION=?uninstall

38% remove it

Remove wcmvcam.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.