» camstudio.exe
Overview
Analysis
File Details
Downloads (7)

camstudio.exe

SpeedyInstall (Alpha Criteria Ltd.)

The application camstudio.exe by SpeedyInstall (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.giftcapitalbyte.com and multiple other hosts.

File name:

camstudio.exe

Publisher:

CamStudio (signed by SpeedyInstall (Alpha Criteria Ltd.))

Product:

CamStudio

Version:

2.0.5.a0.1_63980

MD5:

0339a8cf1a6abbd8d4803125a5ee91d9

SHA-1:

059b813a1b9c549f93687228e0e4afa2428efd51

SHA-256:

3a039145c1baf3cbd65d1a09cb2174ba80dd33681d9c65cce16d14b17fe08be8

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

11/1/2024 2:34:38 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC (M)

16.8.6.10

File size:

1.6 MB (1,640,088 bytes)

Product version:

2.0.5.a0.1_63980

CamStudio

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\camstudio.exe

Digital Signature

Signed by:

SpeedyInstall (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

1/6/2016 4:35:52 PM

Valid to:

8/20/2016 4:45:01 PM

Subject:

CN=SpeedyInstall (Alpha Criteria Ltd.), O=SpeedyInstall (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121A6DC69485443ADA37B28455486E38F93

File PE Metadata

Compilation timestamp:

10/13/2013 10:19:32 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:iElbYOS5l07fR0j/tHeByNcdHzhsq9rS7hkd:3MqZ0TtHuyubsB9kd

Entry address:

0x113BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

63.5 KB (65,024 bytes)

The file camstudio.exe has been seen being distributed by the following 7 URLs.

http://www.giftcapitalbyte.com/K_HsrDXVAgtUADg4OuveYg wlnzNZAH3fsrL1zLG7TD8AXOEqBPTVMyYcIJmzk_zjbpiIpE0AoQP89Rt2qufxhFkyAr_h93YVK0C4sFR_Bley1 ev97q3wF95250WBKuBA9eWzLx_NlWoelO5FYC67YtKdiB6T5YFgtWqqC7_XifkcmYS37SmV5DxSKxwJwFhOmYH5Jq-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://share2.earthlinktele.com/download.aspx?file=51307404&sig=MDgvMTAvMjAxNiAyMzozOTo1Nw==

http://www.giftcapitalbyte.com/v9U0j4a3w33YQJkKUAXZws2G0b7Ixhcofe6RdFWAC6PQxyvwcW13gZJm1ZuxgfWgjJWshmldAQi8 bCpxv9EtS5LVFtjep36Pq4xcY9XwYi6fzQKhamPxp3w8YJ83L5JxKzwF58l6W8FvrT6cuG wQTJ21CXsdSOXRzc8rbelo5hysYs_WICVLB9daNPqHQvAvdyHz1O-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/g Gj7alOtR6_IuxHTZ553dIU3KmZD7BV_089vokwQAKYWdtzoXwq RNPF kQG70Oz0WJrWBBI_XkjnMLxtJNTRg1cy6cWQZG81laW2ESLnwnc_s3a94P8JUcNsI4olKrvaom3tSEFkFcQHuYHvKUR8_b675n8TpyGHkGz8OnQn32nY22vAVVRhlqi4 QgCDXPwaJfrL2-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/iMsE54uZDGoDmWDwGiVUKwNx100ygaCci MfSoM2u KPEhNEr43qzS3yRDzaCnKRkqegC80F7kLyojRrM5lXfM 8abjEvAre2iJvqgcb5jBXJkm 5UpWXj8MCD1knj_f180XR_R2g5_gSpXBe7a7wxuspYMuIGNaKOTNiKiMjCm1q4KR1UufwuJbdz8Z9aG0CxzMMzPf-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/fxyWF0glwaXUzKkVlTFd7LXMDlHDmH804TBTMV8Nw0oHi4kzeEs8oG28FAKz1Kf0xpOa7DL6Z01XG2ixQQ5XqUVG5Jj0D2ITIse Gl26PJtuc6bgc70a5aji4j zrS4SvtV6a77j0oxtaCZAIEt9d6Ce9zVVhT epbM3RsfHHEfqNOwWaUXxMY3P9YWAXL4Q_LKiEgIS-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/fRfuxMQVDaFUnu_l0gr GFl6V7bpSiBHKv_B7qr9md_59K2fbPcQaQ3BXaHmmVok7lRpFtgRqvOYlS0_ E1Fy BIN_FdAoIU6_QlAgi1EgWtgZqLV8zI5Y4Ybb4LY0A_Xon1iSpUOMqYyOazSpRrsZ5TqNfAwzZ0rJELoaqAb2J0aV9B FJiC83nGkB84OCXJfk4h34C-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

Remove camstudio.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.