home

cmwd.sys

Cart Crunch Israel LTD

The file cmwd.sys by Cart Crunch Israel has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Say Media Group LTD  (signed by Cart Crunch Israel LTD)

Product:
Say Media Group LTD

Version:
2.3.0.7

MD5:
b824431facfcfa602182a219626d86fd

SHA-1:
9eaec2319777e266191dbcb78c632839fb0a2fc3

SHA-256:
e3fccd4663c3ac583302057f53054915a1feba5618eb2fb7bdbca483a449198d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/28/2024 3:33:38 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.1.20.1

File size:
27.7 KB (28,320 bytes)

Product version:
2.3.0.7

Copyright:
Copyright ® Say Media Group LTD All rights reserved

Original file name:
Say Media Group LTD

File type:
Driver (Win32 SYS)

Language:
Language Neutral

Common path:
C:\ProgramData\piccolor utility\cmwd.sys

Digital Signature
Signed by:
Cart Crunch Israel LTD

Authority:
VeriSign, Inc.

Valid from:
11/17/2014 1:00:00 AM

Valid to:
10/31/2015 12:59:59 AM

Subject:
CN=Cart Crunch Israel LTD, O=Cart Crunch Israel LTD, L=Givatayim, S=NA, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3CA4D07AA5563EEDDF79967BA126C1C1

File PE Metadata
Compilation timestamp:
11/6/2014 5:18:18 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

Entry address:
0x70A7

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 4F, FF, FF, FF, CC, E0, 70, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, E4, 75, 00, 00, 00, 50, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, BC, 71, 00, 00, D6, 71, 00, 00, E8, 71, 00, 00, 00, 72, 00, 00, 10, 72, 00, 00, 28, 72, 00, 00, 3A, 72, 00, 00, 44, 72, 00, 00, 4E, 72, 00, 00, 66, 72, 00, 00, 74, 72, 00, 00, 88, 72, 00, 00, A0, 72, 00, 00, AA, 72, 00, 00, BE, 72, 00, 00, DE, 72, 00, 00, F2, 72, 00, 00, 0A, 73, 00...
 
[+]

Code size:
15.5 KB (15,872 bytes)

Remove cmwd.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.