home

wcmvcam.sys

Windows Win 7 DDK driver

Tenki Technology Co., Ltd.

The file wcmvcam.sys, “WebcamMax Capture” by Tenki Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program WebcamMax by CoolwareMax.
Publisher:
Windows (R) Win 7 DDK provider  (signed by Tenki Technology Co., Ltd.)

Product:
Windows (R) Win 7 DDK driver

Description:
WebcamMax Capture

Version:
6.1.7600.16385 built by: WinDDK

MD5:
ee8a9734b448836b0127c76066119e9c

SHA-1:
75c4cb930719d98d4c53574c243c0e1bed344b71

SHA-256:
d7d3abc414ef6e20033addde749d1694e52d30f620818e4ef6fbad681c6c73f6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/11/2025 10:52:15 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.TenkiTec
16.8.3.0

File size:
1 MB (1,068,216 bytes)

Product version:
6.1.7600.16385

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
wcmvcam.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Program Files\webcammax\wcmvcam.sys

Digital Signature
Signed by:
Tenki Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
5/30/2011 7:00:00 AM

Valid to:
5/30/2012 6:59:59 AM

Subject:
CN="Tenki Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Tenki Technology Co., Ltd.", L=Langfang, S=Hebei, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1BA7EF22FB3BE25B922AF13705001118

File PE Metadata
Compilation timestamp:
6/23/2011 1:42:30 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
6144:OG+VTepbEO/z5tD4OtwoakgicqBM9QqSuf2fvUZXp095:6Teqaz5t4OwoQqBEQqSO2f8RpY

Entry address:
0x101C3E

Entry point:
8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 52, F3, EF, FF, CC, CC, AC, 1C, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, D4, 1D, 10, 00, 8C, 2C, 00, 00, A0, 1C, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, E2, 1D, 10, 00, 80, 2C, 00, 00, D8, 1C, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, C0, 1E, 10, 00, B8, 2C, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 86, 1D, 10, 00, 9A, 1D, 10, 00, 00, 00, 00, 00, 50, 1D, 10, 00, 18, 1D, 10, 00, 68, 1D, 10, 00, 7C, 1D, 10, 00, 0E, 1D...
 
[+]

Entropy:
3.6810

Code size:
10.6 KB (10,880 bytes)

The file wcmvcam.sys has been discovered within the following program.

WebcamMax  by CoolwareMax
Publisher's description - “It enables you to add thousands of cool effects to webcam video for your live video chats or streaming, and new effects are keeping added. You can show to your friends with you wearing a pair of cat's eyes, becoming a two-heads weirdie or even in a wanted poster.”
client7.webcammax.net/client/?PID=WCM&&ACTION=?uninstall
38% remove it
 
Powered by Should I Remove It?

Remove wcmvcam.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.