» who stalks my cam.exe
Overview
Analysis
File Details
Behaviors (1)

who stalks my cam.exe

PHROZEN SOFTWARE (PHROZEN SAS)

The executable who stalks my cam.exe has been detected as malware by 5 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named WhoStalksMe triggered to execute each time a user logs in.

File name:

Publisher:

Phrozen SAS (signed by PHROZEN SOFTWARE (PHROZEN SAS))

Version:

1.3.0.0

MD5:

736595cb0bd9f13688f7e6485e9ec6c3

SHA-1:

b4c39ba21348d2d0e98642a16bb77f3ffd3710cb

SHA-256:

39bce6b7ddab544ee865934e9ff1c783577ee75746d120743d05dde52143c135

Scanner detections:

5 / 68

Status:

Malware

Analysis date:

11/24/2024 6:00:44 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Pioneer-C

160903-1

AVG

Win32/Floxif.A

2013.0.4447

ESET NOD32

Win32/Floxif.H virus

6.3.12010.0

F-Prot

W32/Floxif.B

4.6.5.141

Microsoft Security Essentials

TrojanDropper:Win32/Floxif.A

1.227.1489.0

File size:

7.1 MB (7,414,845 bytes)

Product version:

1.3

2015

Trademarks:

Phrozen Software™

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\compressed\portable\who stalks my cam.exe

Digital Signature

Signed by:

PHROZEN SOFTWARE (PHROZEN SAS)

Authority:

COMODO CA Limited

Valid from:

11/18/2015 3:00:00 AM

Valid to:

11/18/2017 2:59:59 AM

Subject:

CN=PHROZEN SOFTWARE (PHROZEN SAS), O=PHROZEN SOFTWARE (PHROZEN SAS), STREET=12B rue de la Muette, L=Maisons Laffitte, S=Yvelines, PostalCode=78600, C=FR

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00DC9768E6091113E137EAF897D0436221

File PE Metadata

Compilation timestamp:

12/16/2015 6:50:29 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:KgyyRX9IZTAtkPJfLG0zG+rWTyluacPteF8iWBqwst1z:K4RX9IZTAtCJQwWWlHcPonWBtQz

Entry address:

0x4465F4

Entry point:

E9, CF, F1, FF, FF, F0, 53, B8, 08, 46, 83, 00, E8, CF, 81, BC, FF, 8B, 1D, BC, 20, 86, 00, A1, 78, 1B, 86, 00, C6, 00, 01, 6A, 00, E8, BA, C3, BC, FF, 68, F0, 66, 84, 00, 6A, 00, 6A, 00, E8, 10, C0, BC, FF, E8, 23, C1, BC, FF, 3D, B7, 00, 00, 00, 75, 2B, 68, 18, 67, 84, 00, 68, 3C, 67, 84, 00, E8, 25, CB, BC, FF, 85, C0, 0F, 84, 9C, 00, 00, 00, 6A, 05, 50, E8, 05, D0, BC, FF, 6A, 00, E8, 3E, C0, BC, FF, E9, 88, 00, 00, 00, B2, 01, B8, 5C, 67, 84, 00, E8, 41, E1, E5, FF, 8B, 03, E8, 8E, 98, D9, FF, 8B, 03... 
[+]

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

4.3 MB (4,478,976 bytes)

Scheduled Task

Task name:

WhoStalksMe

Trigger:

Logon (Runs on logon)

Description:

Detect who stalks your webcams

Remove who stalks my cam.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.