Webcam Interception and Protection in Kernel Mode in Windows
Show in Graph
Image Description
Common Information
Type Value
UUID 0afa2f3f-76bc-4483-b0fa-b99f3bb75a99
Fingerprint 3b53c520a5234e14c94b5527d3fbff1ce3c34677f446d8b57f1de8ff16bb995b
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 6, 2019, 11:11 p.m.
Added to db April 16, 2024, 8:29 p.m.
Last updated Aug. 31, 2024, 12:18 a.m.
Headline Webcam Interception and Protection in Kernel Mode in Windows
Title Webcam Interception and Protection in Kernel Mode in Windows
Detected Hints/Tags/Attributes 50/3/26
Source URLs
Redirection Url
Details Source https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-Maltsev.pdf
URL Provider
Details Provider Source level domain
Details virusbulletin.com www.virusbulletin.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
ksproxy.ax
Details Domain 198 
youtube.com
Details Domain 4128 
github.com
Details Domain 2 
reasonsecurity.com
Details Email 1 
michael.maltsev@reasonsecurity.com
Details File 1 
webcamcapture.exe
Details File 1 
vfwwdm32.dll
Details File 9 
ks.sys
Details File 4 
mfcore.dll
Details File 1 
mfksproxy.dll
Details File 1 
launcher_main.exe
Details File 5 
mskssrv.sys
Details File 1 
fsclient.dll
Details File 1122 
svchost.exe
Details File 1 
filter.sys
Details File 3 
ksthunk.sys
Details File 1 
webcamcapture.dll
Details Github username 2 
reasonsoftware
Details Url 1 
https://youtube.com/watch?v=
Details Url 1 
https://youtube.com/watch?v=jkzoqgk3vtk
Details Url 1 
https://youtube.com/watch?v=z
Details Url 1 
https://github.com/reasonsoftware/webcam-interception-driver
Details Windows Registry Key 3 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OEM\DshowBridge
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\OEM\DshowBridge
Details Windows Registry Key 104 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows