home

twin cam screensaver.exe

The executable twin cam screensaver.exe has been detected as malware by 11 anti-virus scanners. The file has been seen being downloaded from www.screensaversplanet.com and multiple other hosts.
MD5:
0f56e98c5642b4749bb98c3569931dbc

SHA-1:
bfe62fdb2e6a04f58099c4f4b24c627c500cd01c

SHA-256:
710bdc503a0b5ab22ef812c6d1e9fc92bac1142abfa8dd857be6e0911d4bc98d

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
11/25/2024 3:49:08 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Pedka
1.3.0.4959

Clam AntiVirus
Win.Trojan.Agent-520511
0.98/213

IKARUS anti.virus
Trojan-Dropper.Win32.Agent
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.177.12067

McAfee
Artemis!0F56E98C5642
5600.6625

NANO AntiVirus
Trojan.Win32.Agent.cwdmey
0.28.0.59826

Norman
Delf.BAQH
11.20151001

Trend Micro House Call
HV_AGENT_CG1541BC.RDXN
7.2.274

Vba32 AntiVirus
TrojanDropper.Agent
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
29192

Zillya! Antivirus
Dropper.Agent.Win32.119451
2.0.0.1786

File size:
1.9 MB (2,019,483 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\twin cam screensaver.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:8Luohd/DG1CJTpqIfS4MNsCaw8W8wNPjm0+69O:lmq6TpjHMNsCr182mGO

Entry address:
0xCB5E8

Entry point:
55, 8B, EC, 83, C4, F0, B8, 98, B2, 4C, 00, E8, 68, B5, F3, FF, A1, BC, F1, 4C, 00, 8B, 00, E8, 4C, 57, F9, FF, A1, BC, F1, 4C, 00, 8B, 00, BA, 48, B6, 4C, 00, E8, 47, 53, F9, FF, 8B, 0D, 80, F0, 4C, 00, A1, BC, F1, 4C, 00, 8B, 00, 8B, 15, 08, A4, 4C, 00, E8, 3B, 57, F9, FF, A1, BC, F1, 4C, 00, 8B, 00, E8, AF, 57, F9, FF, E8, AA, 8E, F3, FF, 00, 00, FF, FF, FF, FF, 15, 00, 00, 00, 53, 63, 72, 65, 65, 6E, 73, 61, 76, 65, 72, 20, 49, 6E, 73, 74, 61, 6C, 6C, 61, 72, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.3223

Developed / compiled with:
Microsoft Visual C++

Code size:
810 KB (829,440 bytes)

The file twin cam screensaver.exe has been seen being distributed by the following 2 URLs.

https://www.screensaversplanet.com/files/.../Twin Cam Screensaver.exe

http://www.animatedpiston.com/.../Twin Cam Screensaver (2).exe

Remove twin cam screensaver.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.