who stalks my cam.exe

PHROZEN SOFTWARE (PHROZEN SAS)

The executable who stalks my cam.exe has been detected as malware by 5 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named WhoStalksMe triggered to execute each time a user logs in.
Publisher:
Phrozen SAS  (signed by PHROZEN SOFTWARE (PHROZEN SAS))

Version:
1.3.0.0

MD5:
736595cb0bd9f13688f7e6485e9ec6c3

SHA-1:
b4c39ba21348d2d0e98642a16bb77f3ffd3710cb

SHA-256:
39bce6b7ddab544ee865934e9ff1c783577ee75746d120743d05dde52143c135

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
11/24/2024 6:00:44 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Pioneer-C
160903-1

AVG
Win32/Floxif.A
2013.0.4447

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

Microsoft Security Essentials
TrojanDropper:Win32/Floxif.A
1.227.1489.0

File size:
7.1 MB (7,414,845 bytes)

Product version:
1.3

Copyright:
2015

Trademarks:
Phrozen Software™

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\compressed\portable\who stalks my cam.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/18/2015 3:00:00 AM

Valid to:
11/18/2017 2:59:59 AM

Subject:
CN=PHROZEN SOFTWARE (PHROZEN SAS), O=PHROZEN SOFTWARE (PHROZEN SAS), STREET=12B rue de la Muette, L=Maisons Laffitte, S=Yvelines, PostalCode=78600, C=FR

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DC9768E6091113E137EAF897D0436221

File PE Metadata
Compilation timestamp:
12/16/2015 6:50:29 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:KgyyRX9IZTAtkPJfLG0zG+rWTyluacPteF8iWBqwst1z:K4RX9IZTAtCJQwWWlHcPonWBtQz

Entry address:
0x4465F4

Entry point:
E9, CF, F1, FF, FF, F0, 53, B8, 08, 46, 83, 00, E8, CF, 81, BC, FF, 8B, 1D, BC, 20, 86, 00, A1, 78, 1B, 86, 00, C6, 00, 01, 6A, 00, E8, BA, C3, BC, FF, 68, F0, 66, 84, 00, 6A, 00, 6A, 00, E8, 10, C0, BC, FF, E8, 23, C1, BC, FF, 3D, B7, 00, 00, 00, 75, 2B, 68, 18, 67, 84, 00, 68, 3C, 67, 84, 00, E8, 25, CB, BC, FF, 85, C0, 0F, 84, 9C, 00, 00, 00, 6A, 05, 50, E8, 05, D0, BC, FF, 6A, 00, E8, 3E, C0, BC, FF, E9, 88, 00, 00, 00, B2, 01, B8, 5C, 67, 84, 00, E8, 41, E1, E5, FF, 8B, 03, E8, 8E, 98, D9, FF, 8B, 03...
 
[+]

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
4.3 MB (4,478,976 bytes)

Scheduled Task
Task name:
WhoStalksMe

Trigger:
Logon (Runs on logon)

Description:
Detect who stalks your webcams


Remove who stalks my cam.exe - Powered by Reason Core Security