» wcmvcam64.sys
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

wcmvcam64.sys

Windows Win 7 DDK driver

Tenki Technology Co., Ltd.

The file wcmvcam64.sys, “WebcamMax Capture” by Tenki Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a Windows 64-bit kernel mode device driver named “WebcamMax, WDM Video Capture”. This file is typically installed with the program WebcamMax by CoolwareMax.

File name:

wcmvcam64.sys

Publisher:

Windows (R) Win 7 DDK provider (signed by Tenki Technology Co., Ltd.)

Product:

Windows (R) Win 7 DDK driver

Description:

WebcamMax Capture

Version:

6.1.7600.16385 built by: WinDDK

MD5:

3a2d452c40162823b79867040b46d4a8

SHA-1:

adc23fc9e7ba607d5c3cfa544a4047dcdcc2be85

SHA-256:

12dbf363daa50da6d8185f67abdba1050db8fd7f24c98279db4f26cf0d3ea95a

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 10:29:29 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.TenkiTechnologyCo.M

14.3.3.12

File size:

1 MB (1,071,032 bytes)

Product version:

6.1.7600.16385

Original file name:

wcmvcam.sys

File type:

Driver (Win64 SYS)

Common path:

C:\Windows\System32\drivers\wcmvcam64.sys

Digital Signature

Signed by:

Tenki Technology Co., Ltd.

Authority:

VeriSign, Inc.

Valid from:

5/30/2011 2:00:00 AM

Valid to:

5/30/2012 1:59:59 AM

Subject:

CN="Tenki Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Tenki Technology Co., Ltd.", L=Langfang, S=Hebei, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1BA7EF22FB3BE25B922AF13705001118

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

6144:QKy+VTepbEO/z5tD4OtwoakgicqBM9QqSuf2fvUZXp095:vtTeqaz5t4OwoQqBEQqSO2f8RpY

Entry point:

48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, 32, D7, EF, FF, CC, CC, 00, 2E, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, FA, 2E, 10, 00, 40, 36, 00, 00, C0, 2D, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, DE, 2F, 10, 00, 00, 36, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A0, 2F, 10, 00, 00, 00, 00, 00, 80, 2F, 10, 00, 00, 00, 00, 00, 60, 2F, 10, 00, 00, 00, 00, 00, 46, 2F, 10, 00, 00, 00, 00, 00, 28, 2F, 10, 00... 
[+]

Driver

Display name:

WebcamMax, WDM Video Capture

Service name:

WCMVCAM

Type:

Kernel device driver (KernelDriver)

The file wcmvcam64.sys has been discovered within the following program.

WebcamMax by CoolwareMax

Publisher's description - “It enables you to add thousands of cool effects to webcam video for your live video chats or streaming, and new effects are keeping added. You can show to your friends with you wearing a pair of cat's eyes, becoming a two-heads weirdie or even in a wanted poster.”

client7.webcammax.net/client/?PID=WCM&&ACTION=?uninstall

38% remove it

Remove wcmvcam64.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.