» camstudio.exe
Overview
Analysis
File Details
Downloads (83)

camstudio.exe

SpeedyInstall (Alpha Criteria Ltd.)

The application camstudio.exe by SpeedyInstall (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.giftcapitalbyte.com and multiple other hosts.

File name:

camstudio.exe

Publisher:

CamStudio (signed by SpeedyInstall (Alpha Criteria Ltd.))

Product:

CamStudio

Version:

2.0.5.a0.1_63980

MD5:

4b5d062856f44984f0097ac227803635

SHA-1:

166cee997e6c56bffc35da9b0d0adaf668547dfd

SHA-256:

57fb5f8d3ebf59ce4bd2cf82b5e746993745680e78d6519f4113aa74c40df1a2

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/1/2024 10:32:40 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC (M)

16.8.6.11

File size:

1.6 MB (1,640,088 bytes)

Product version:

2.0.5.a0.1_63980

CamStudio

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\camstudio.exe

Digital Signature

Signed by:

SpeedyInstall (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

1/6/2016 3:35:52 PM

Valid to:

8/20/2016 3:45:01 PM

Subject:

CN=SpeedyInstall (Alpha Criteria Ltd.), O=SpeedyInstall (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121A6DC69485443ADA37B28455486E38F93

File PE Metadata

Compilation timestamp:

10/13/2013 9:19:32 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:+ElbYOS5l07fR0j/tHeByNcdHzhsq9rS7hkd:jMqZ0TtHuyubsB9kd

Entry address:

0x113BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86... 
[+]

Entropy:

7.9240

Developed / compiled with:

Microsoft Visual C++

Code size:

63.5 KB (65,024 bytes)

The file camstudio.exe has been seen being distributed by the following 50 URLs.

http://www.giftcapitalbyte.com/sdd3gDzDYOtxmAFBfkQdO9xyWviF4sY0VFqwAsTp3skbPrb92XbY87pOVEKuFkoclCT59uyiEeWKW_vEmMqnS9FJmI9Eud7xssASiyK_yfz_uarAgDu2yS5iSGeYe884Rk jgGCXKhEskuWzi2lrazocy8BXJQBhuRvuRDdYZ6Koslid4V3BJie_TreD 0O85WhODQlk-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/w2ZZUsQYzo_t89UfDTTLVkVtKjlKfdOnGXZtWrCtZ 8r_NTAq3T_7sSMbTYEqnPlirKR05PM It6v1_bcc409bVOYHg273aIDO4aBbUkh9BWa49L1a6Mus99L1hKa3sA1e3cvSiT_E9ovgE0a2_bTElpCE 5 0ol V0jjjsOElezM5sCO5tsVXGKiLgFWUzRD8 6rqlT-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/MsqCPXIIecBBzMOBNzUPddsM A3FQGzFntNJPy3QrbAqja5T0CCFq365WBxL098YL1aNohNnzUImYKoKeGJ1r_67Zdi9xdRygAZM59curtuOvwfUQ9_gMRmQl9TXjB6ogd EP6IUhfggfn28PjHh851RvZR4zFddH9Cwvre4N2tJCb477prL8gvlgvMVq1zyoesQrmpi-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/cj Gc tDjCzIZD1is10LY1t1otom8oVnMQU9kyE6cdipMF82vgVHLsmPo9StG3L_XvpL_cLcXt4Y LzmjWBmlBGN2ZriVuNHEJIOLczV3uOjtpdwDWxnVhMZMpIyonn86EvAhAbL_c4gQNZb_afH_HmlP4uw1Bc5zW6l3viZdroxdGsZtqSqb2dh52HMllqdeqWROWtk-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/RLsBZkP3NQXsaWgYvVhEJUTmuHYR7lqjamNxogYI4qGPRsRES 7DKCBbqmHAwJKnbvFr8XiBewy1mCauJ2VXkB63Zun0OO1zwwWAdowtXSGHXesQgQ_8enKJizYEQAZv7QvGUcZKvnxCJuM67bQTKyabextPsVSYC0cqqWss5xSOC1ZIKzg23KKA_SRO5u9Gzdgo0r2m-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/gdDbSJnv_PIlRxT_UU_d9k_svESocIqCcOS E7J2gokTn1WbjyNV9vcOzoM4YMABQ01WdQ71NCTqH ZEKQI1 GqUu_0Lvc9r3f Qeisb_IKRBAvrGo4LrtmG9jR3Y_Sw5flDv70Srn5VTmW4qbpVwnmVNaNu1akd env_freBG5pDaHA4J So1 8jXKubgLRWicQzrod-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://dc703.4shared.com/download/.../camstudio.exe

http://www.giftcapitalbyte.com/3JccFqgWNqRaG_sWqxhLTs13vMqk4HSkxqEULgpb_WxJGxmiqA4_mH1o86fm5qGdjU01gEe_Qr18_7MUAnCyjPTWohU0KQcHPDC2K4oUqfysdYtrlis6zEXzasg3WGcmu1qobxA5cb_R6fRegjhCCnHoorsC0fPT85vqPMxykOVTNqTt3ylB9QObTQsrdfXJXOpKliP8-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/DS12wBuo36jYQhlGZgroPpzDNvu6agHOaKvdornmsaJ Xp1DANGftfu267USjhUFq4XZzIpMlkSoqPNByeFo1InkjX_pF6nytIR0XFA52VMPfNGe7 VmUxs6ZG65f762KC2yhcZxbdLzWbSu_EixxE5 I3eDIxYydwXOM4oiMrFrKDnIo2HD07OFufled3v4l8HP725f-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/ Eeiwp86Kgx0J9UDzMGQFxJ1mqCyYewL3 TvHOcpQex2niTlszUo6GD7utkl9KPUj5z5Uh7qrAtTPooHFfwtwfGYAnh5s0whiwnhF47Sf5lmaW5bzQnLUVrH5wdwiWlIT6OE644h1QR1ep9M3Sgm8E8Al_AXt85rK9NJoy3sIZRQrhDPryiRGcSU0wSdywMZCCgXfqe4-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/FJTAmOOQP_GuQfpIiBo1nIG3AWtErZstUPmrHqJvtslK88FBg Rg7FCQVgpLn_rwWce6nF5F1VGDG7MixKeBLXUZFDGUwBSKjjj5V6Izxb5VLrnu6cZjwTssJPCkgmaVmtv2s5WCOH9ZWpLNIN5mUJdJNrRxJIa_QocHlCJOaj82olbs8zYvxqrMdt6Iif6y5f0o5jpA-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/ANRKA15LWi9Xnn6 s1jSpSalQYU5dKA25BuBsM6Nby7uIJ_C1rJEO2H9VIMdoCSTwPrdqS5tuFJGZxvNBTsJ09KX2V6fgMdfRzeDDOo0Uzqxegc2toywYptIZSOGj3jynAbRJxJRkv4yjFnI0cBHYFRivykCmBBM1v5VJBRbgjf82oNWAzbIlI Wqhf7zOuwutBlXJ3I-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/7TXI60lb4x5QW36oE7sfWAsP_tDAhjDY6rVPXHrW508 qK2t7d2vLTMXSeZwX8BhxPM1ygWq06LcbqW9RgW4c1CtMuE0S1l89dVpHv9Pc5cjdAvyB0zlBjQTiG8ssW6StQ8nulu5oRzDqXPd4MoHnl5pjtfQPYZPZEBiGCoVZG5fiG8xL9FTiINY8x44a4q8bWsRFFPx-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/y6AiJA2RC2muU4Pvn5u_6mwka06q2glPxwOyS_ZvE5K9DLL8JN1BtAqOrAUao6Wt7S0aU16a p6XqRGc4zRQQkI8Uy8qNPEHOMl0gRgizOfzpYPWnQO1lOeoAMrFEXH2pWxYnfZ1b3XwsSO_pKH2RzK ZHkc9w26IltFGvn WW_uU3OOEF7B76kl4idnOfZNGiE1_guG-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/zHbKmq9kC2TqtDHIUx8COE0RdTvlALr39aVRdV G7mqlNsrhnuJHC8eGvDFpm722LQ9UYbHPybsLCE_gdK66PL_hHHbTRNqugEoGU9mfD_cvSf8KkZvkCj_MZrPaHh4sgZp0RcrK6zv94yv1scMbKAqQ6JTuUu_lQf9JiKMBF9e65tA3XlzzB_Tue8jwWZbfZYN6wUM7-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/8YGP0_oSVu_MFDvt59pIJug1wqSMvy1CWs3UEl8mZMkqL1MDFPtPhPDSPU5XVylhxfFa kFsa586qvouCklqp_3mKG3kp5QTd2mNOY4KUGfVx5Vh8CJhS hX3AKX4ZkGpZxlVH0QZzvDbFlEoxv41OsJV3mLC3zDeBWd56oeIQMCS2CTErX9TByJytWUn91dbmTrFS5Y-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/pvrHJwaPlDMIeOyFM6HWFMCIAo434g8tsMGab dCl4R9FITQmr4qMTp8Z4SD2WNhGl1Q8L5beQL7xxWy2dVeOmqMbYXetzefuaw0AQB HCqp9 w5B4rv7P37E4vqSZgepPqU5FhOQPKr8noSvxjaio2m8GyiLqlIOS4tTAvhRcuo15LF3KC0GIyGgvWmgTP5t2GsEsNh-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/Ew26qxfMEnA0DL5gK 6UUbTfxY6mP815wzfDVxKmGqau72bjjHi6VrSkVKzs2_WboUlgAKyvWqrLs7EwCW6IfjQgsgFXPKEno2CpneAcceUtJApz e40MEJBoE2FBEHycqwyE7VEF7nAgqyJu3Tq0x3W7BzcBEEjKkaZNPIQVLfkXLUiTKKaA6nbXUqnPD2TZdzjblVf-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/0tlylxVfGqYPzUzOm_WYiWlznAyk9haY8jWQbDRYruNfPVdvNoAZC5NOzGbjCzKlDYBv_p_56BPCN3BlP9va0VX7uZ1zgVbpDZZccrJ5Df ugQlQLksgukKqbJI 6LKRBV4vLbicdad txBgXmfYpxZMgwO_cLjr1w8YvAZpHvyvoSFQdyMYNUy0l7sGZijjL1yoM5Y1-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/r0Tlz6_D7aGLAHzHqPcW_bCDehDIfe5kOLmL9fDBLlYNLCSQ79q8lliVW0myqVzWTURcAywBhzF_4_WASaf8GRpkjXVmi5fDWMZyKwlA5GoTw3Opd6vQ kQXgckZ7AIxY6gfm9vLC31VG8GYDNgA4wYXytKDShbNOdYlnt__CYi7GEgn6ZqjM2f75RvZaY4DIVr_yCRo-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/odSd5k9AlQw0e4MYH71Ag3Bu6Vh CixUGm_WfPnQWvbZ4pI FMAkyyKXtnx6vIPgPRu6uUYjZAN4E8D7FvP_Dudu_2uLD0TI8RTLB1Ps5FEvmprLRD6oC1OGoXtdjYObVoYvO8GrNj0yGw8OvsxGAGSNboEJ1501kPI7QwqJKqy2KWgwLoxeEFNzkT6ojC2HvQmZ8I n-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/v_l90ztJ1nfPEGcQOLUAlRNlnuSBY2I_iADyJdiEV79HRaW uJXkuVOsiBDa4EC_w29GVOumoIFKfiL_8Kd1yZMzYS456OER1AbBYbv_vIjId5ZsG6XwYRQbryEXDD3Op1Iqq JWMZ2PAG2lKhMVpi GfQg7jZNVVkUNt9Aa8d2oxgjhsJ7DzihUedd4rZ37Fks3Zno5-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/ 5h8C0cS7_RJb6XkhJqNdAbi2j2hg4UUE_ 6YbJ60frsPcxgsKeGVae8J1gHk mL_ vEP2ezBQM_zy 1elVCfOy9snD vQ0rpN4mzi8y_1p3 i9WiRYN1nxSa1tQqiyWvllfqk_RdfRfMh kwdBecNbA L_TWkX995CHSNDiY7pxN2 uE JrQG0m3JZR9Oi1IC k4yJr-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/xOGcURgCkrTAyyvEX5DjkbXxOLX6a61ff5yTk COS rxhi7JnowaqbrWnRG19FjeezRTBsRC46AYbAhZbYedBm1DgI0vOQIDTeWxROME5iMqAQ8G0oykkCFibdmfPl2BYBgEs_R9eru2w7Qqk mUGuRN9xaziHn60T7oOeyguw8 lYIUlpEhVufbtro44oLUdd9K0kem-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/iGN2izMIuW3DGfm4XihbzELdb_PKoe_FyTs4idNwzhBJ0vMTra9s00_FxgIFv8Vr5t3Oz0w_CYJvy8VeYWZ4XLrgA_pZ67leclzs9GSINLbApyKVXFnwT_GXpWoxxyxwYvVOmUR1GV CbHSy2TGG5x j6PcNdHSCu1JTT4sEbCEd_Mb7T0HHq5TKKYkJfzBFhgkdo_ar-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/sjaUWSYfnzUOOYi0MksOvwoa_wP46es6cP0KfDOYO9 i0Nxjg4WJNbvuxReMNqWLzu1Edv2bsfqwL3rlKVeFg0E81W3uBldCwwwbXNs_N7iSFj1eUhAey6EUIU8Bgx50bLkM_ cJZPH05 Xy56DsZZtPcxk5XlZuPbuEiCTXN_nsGsAOsd2vV1nqnLam5oQyz XxcnSt-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/0dxoyLtMqM_GwfA0tIHiAGks9JPIg8exEwpq0G1ssNu6qd8dymPZ1H_p0dc5mFKDmtmQAjAFyWzNn9ycPB_CyscYi x0xLRCEekZu_Z0Xtl0jhQ0o3eVFaCwuN_ o4hADMEDwaAy47HnK6XXbYUOSPsBydssUpLj3MqTFT0xB0cRLaJuHugYJqs1O7u4fxWxP8YKYdZE-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/t0y30YXBIXNW_Yxcckm7rRsTrV08qvWoO3NOA8oZ3_etGQCVOw9nNNaV3niAni0fGMVXlgeKPBESIxGuTUOfOHJ6 DNIV4IjAMkZuo1EWhf3t8dVt4xoZV9ixnWgIj8kYUPfOkNutxQNaG4J6ih_NyKkXoW0p1Okqd_2z59EzS9RPlv_6GHnq3spZxh6nWu6yzfYCoky-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/ZbZ7A0G3Fy89PCZQFdt5XpyE05DHK IP04lyxXMTb_HNphmfHhnQisVJsuI fH7 TJOXyVHSlhugDznNHj2crflyRZoZjKI8cFgxlF5JPbFM5VYkblVC NXjUXT_fmS7OSGt5IhU2eYPkXM6tJASP53XsMquSvbIZlIfUp2CMZMe1h8YskHL1J5NxAHmtuHHevj5CJmt-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/dxVNVP7K1fNw4N1zRY0o0NuiXj6JWgpS6t3KoFQ2Haf0S_Fm zpoID0rrms4VfACJxhJGZZI1Y9kwg7qxZFzPk2ACzQwe8zNzA48jSU8Iv2_Qex5C JIb7zgjAVvff5d5F4Wal5vpihwMT9H Mu0sXDvGRAbI5KhT RA3YPmG Qxfw968q6lNEgC5j9 PSW6xUYYTBk_-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

Latest 30 of 83 download URLs

Remove camstudio.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.