» writetimeexe_camera.exe
Overview
Analysis
File Details
Downloads (2)

writetimeexe_camera.exe

oTweak Software LLC

The application writetimeexe_camera.exe by oTweak Software has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.driverdetectivedownload.com and multiple other hosts.

File name:

Publisher:

oTweak Software LLC (signed and verified)

MD5:

3ec11bc28458ce756c2f268e2b4a8062

SHA-1:

75f2e032bfef047b64376061e7bb5fe6e0257d0b

SHA-256:

5f3fb8a9cc517bb13376057617b28377dc481f0d509777b31febc56ab078bf61

Scanner detections:

6 / 68

Status:

Potentially unwanted

Analysis date:

11/16/2024 6:43:08 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Program.Unwanted.257

9.0.1.0131

herdProtect (fuzzy)

variant of drvwindows079.exe

2015.8.8.23

NANO AntiVirus

Riskware.Nsis.Unwanted.dpybkw

0.30.24.1357

Reason Heuristics

PUP.oTweak.Optional.Installer.Meta (L)

15.12.1.12

Trend Micro House Call

Suspicious_GEN.F47V0506

7.2.131

File size:

3.6 MB (3,751,448 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\writetimeexe_camera.exe

Digital Signature

Signed by:

oTweak Software LLC

Authority:

thawte, Inc.

Valid from:

3/5/2015 1:00:00 AM

Valid to:

3/5/2017 12:59:59 AM

Subject:

CN=oTweak Software LLC, O=oTweak Software LLC, L=Rostov-Na-Donu, S=Rostovskaya obl., C=RU

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

1BA315B89D1AF7C2CB153F29392B2B78

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:qvdL+xLHqLS2GEygs29byZi0LGntb0NdZiK4iRPW:+6JqWfyQoKT4ik

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file writetimeexe_camera.exe has been seen being distributed by the following 2 URLs.

http://www.driverdetectivedownload.com/count/click.php?f=http://downloads.otweak.com/dup/74/.../stromberg_carlson_infinity_7310_firmware.exe&i=stromberg_carlson_infinity_7310_firmware_1

http://www.driverdetectivedownload.com/count/click.php?f=http://downloads.otweak.com/dup/74/.../dynamode_11n_usb_adapter_ra5370_driver.exe&i=dynamode_11n_usb_adapter_ra5370_driver_1

Remove writetimeexe_camera.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.