» 16b1cff2-7027-cf06-919c-a32f04d761db_1d1e3adf13386cf
Overview
Analysis
File Details
Downloads (7)

16b1cff2-7027-cf06-919c-a32f04d761db_1d1e3adf13386cf

Path Quality (Alpha Criteria Ltd.)

The file 16b1cff2-7027-cf06-919c-a32f04d761db_1d1e3adf13386cf by Path Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.giftcapitalbyte.com and multiple other hosts.

File name:

Publisher:

CamStudio (signed by Path Quality (Alpha Criteria Ltd.))

Product:

CamStudio

Version:

2.0.5.a0.1_61161

MD5:

c7e457ffdde3acec8ca12755beb9c4b0

SHA-1:

aa227c3fa0f408413a6712fa98c3f262aad4f12c

SHA-256:

bf1840c2089be60981ae0eacee3f35fa9ef32383b7534b14fdafe475e3e8d032

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/28/2024 12:35:58 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC (M)

16.7.21.0

File size:

988.6 KB (1,012,368 bytes)

Product version:

2.0.5.a0.1_61161

CamStudio

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\ProgramData\microsoft\microsoft antimalware\scans\filesstash\16b1cff2-7027-cf06-919c-a32f04d761db_1d1e3adf13386cf

Digital Signature

Signed by:

Path Quality (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

12/31/2015 7:09:15 PM

Valid to:

8/3/2016 9:53:56 PM

Subject:

CN=Path Quality (Alpha Criteria Ltd.), O=Path Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121865442A968BACB1F4EC1956476A3AE8D

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:0TfX+OUopkvQikg+G0uJpX8rv6Wa3BmVTf/XvQyMBTlP0QjcpMXVJoa:0D1pkvqkKCWaYzGpfL

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9327

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file 16b1cff2-7027-cf06-919c-a32f04d761db_1d1e3adf13386cf has been seen being distributed by the following 7 URLs.

http://www.giftcapitalbyte.com/c?x=CTnSME3l1I iyvsGFr79DGqnKe3A9bmku1JTgb9RBhs=&c=0EazpKYFx9FBAAfBvXrVFXxRaDDlLuh2n81LVNGhO9UYZ549RFPYU7MiMSGLESKT86CqnxO7V6opv8eR00bF IHvJIUWHSyg80W21MX8SUq6zeXQQUTlioRagE5d/wuJ&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=6MRh3dxPnvlrdJntAoWpxoRDCUuln9EAoTEaR0fIeec=&c=TLr8pybvq/5gUSr3r3UYHFz KhErm /wBfusztmdAgaA/Prudhug0ljiTOKx98FH BFotGQgBhNokBaSjI7iZAhtBS0oe0zDCYF iWQ3VmBxES4Kj1tRdEba8zTHuAL/&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=bn0npwJMq03PIb2X7PuhHASta0X0AFbs8zacQDFErV8=&c=Z6qNzEjC28Gwzez5fzr8wUrPEYDR8UWW1e5BlXU9X3HFWxKpNVoLxSCkygLodvsPgvg/bFqLEueuISp1uQVL0fIom7YbJuhGN45eM2C6ZJ6CJDwMVvT3G3WyboCJXyM0&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=EufoAunxiFUpbvo bjH5BlUbXzs7v7IQ9vovzryIqEQ=&c=fOyHKiXhjHywpY3IIT KkiJOlg6UTNK5yOigeFJL6y9 9U92YeXYDLRReZV/2yCOkGK10bNIO021nAiH21Fq5FqL6c3WU1vky0aGQ2yMNtHXP 8PiP8eM8qc8lfLHrHd&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=zEOOJrR48F 2KSXt1bVWPRbmT7GS9VT1ygV4xk iEpM=&c=6p5n VnpAv0UTK1lUrlCzCOlXU2mZNgsr058nsdwZ31kAYmPG6KNV1rYy7zR2DpsqzhB2SPT/XZKAdcoTZqwUxBkDiX2trxDiAwHS2NHjfdTcqkeW3/hUEu Fvqpap3D&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=neGo3G011he0G4Cm5x0Z 3guWpCjS6fHsFDgajkcuzM=&c=i/SV/6zctOV5DDNCjkRVG1oaEA8jfPHh Q8j7zPQ/MPk6AIG3nNbRkFmF3vKc3faHLSeKx9yJsmVpzm9B7LgGDGc1KF3tnRRLwLKuGqSDtk7CtMw1Gex 0REeEDFesbz&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=1hhmZP4Geqnsda7UOCjyvDW0jGhW/seKeL1FVlTifJE=&c=mODEMdisUDxHAaS4gkVdVsNf DG8l7tmPJXsiTmusUQZEXoCDgcCyjgX4JiKNZaih3pOJnZMd7mg3Je3gRXnyB8XeQhIrMCslErcGPH9VCE2AU2343bGRXiNzUNFArfl&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

Remove 16b1cff2-7027-cf06-919c-a32f04d761db_1d1e3adf13386cf - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.