» camstudio.exe
Overview
Analysis
File Details
Downloads (19)

camstudio.exe

Path Quality (Alpha Criteria Ltd.)

The application camstudio.exe by Path Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.giftcapitalbyte.com and multiple other hosts.

File name:

camstudio.exe

Publisher:

CamStudio (signed by Path Quality (Alpha Criteria Ltd.))

Product:

CamStudio

Version:

2.0.5.a0.1_61161

MD5:

7b34dc0037f9d94c309345b2d9b24914

SHA-1:

2bf806272f83384670882dd40e7a38e04fc2445e

SHA-256:

e66f58f9571669930fb673f5402890dba8f892e7472eff056142d2ede12d45ad

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/28/2024 12:27:41 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC (M)

16.7.17.10

File size:

988.6 KB (1,012,368 bytes)

Product version:

2.0.5.a0.1_61161

CamStudio

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\camstudio.exe

Digital Signature

Signed by:

Path Quality (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

12/31/2015 1:09:15 PM

Valid to:

8/3/2016 4:53:56 PM

Subject:

CN=Path Quality (Alpha Criteria Ltd.), O=Path Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121865442A968BACB1F4EC1956476A3AE8D

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:iTfX+OUopkvQikg+G0uJpX8rv6Wa3BmVTf/XvQyMBTlP0QjcpMXVJoa:iD1pkvqkKCWaYzGpfL

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9327

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file camstudio.exe has been seen being distributed by the following 19 URLs.

http://www.giftcapitalbyte.com/c?x=q6HxazGLtkHrbRKt7PKezDjfxShKdxa2QF2D79x1Tg4=&e=0&c=65lHfjHz8yDPjxPeH6UPheguJCvFLxaMVb G7EIAV83z6ihIL2FV6MygenNL/KVxu0q2VX735pG vS0BSOl6ETSbTchh5 EA2ib/r6Lsev EnBkSnmyO7pMxHCG1wXiMhdJsNkHuOfQmlWzoWubDsFYYSIXc7MS/gJYPbigx9hI=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=GNbOWe9w/4txIBFFlNwGt8vqk8AsknxeITGDYTdBR o=&e=0&c=Ze6yaPbeL70NlIfdaz96UCg9jyZm402Bd/SGIxj9ucrKHEc/g3MZHNCcw6cY0IoPZyAFgwTOxYwxaIIeEkURU3Uup2Usm0FsDQO/ThewXsgONwUHLnaDQ2TvT8wjqBYwPIjcPIbjL6QkAL5XWhvu Q2F5zXjOXkX5g37P/5Rapo=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=e y6OnBPOcZKA6osMcq4EvO6G1WWpCTN/bSouNw00JU=&e=0&c=LKqc2NaOoGwRVEbPWRbhE0ha r 7alpoPk VMwVZEOdoYjaxmleqRvl8hcZbFFvq 2qRYEtjjwKzAWLbZzTaNP NoTpaR6yIyhAHI2nWdniD//DZAosBc2NYLbsDsD/uV/Q61tS2siM4iJvuGTTE30bClqV/W3uAjXGVwCS1CYI=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=FyZQyUbrtMot6/v2un4GZzk boU3p0k0kK5LkY1Rmm0=&e=0&c=Fvx9687utyFN9KNPBd8x9hBKxzwjWhUbYzfEVeRqmGWsI/x5Bb/IeE0Ru4OPVtFOKqYIACLFs05FnHeLW/UvC8nnZl1MGymdDvG0/dxDNkmXBaLL029IgK5iQG2Gwvzg5d7gd99MxBOWiesE5Uj5oZOxbcN82qKXMmzYL9NHUpU=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=KJUmK nBQ9fwNda4tZKIW8pbo9A P7zdjtYI9lHXHZs=&e=0&c=onzgllW3mgPcXZri1XYeZmWBadYe5 n5JtgcL JVWiM8eGey2H0h7VGKb2fI3Esjf0feRK2ANvBC2kSZPPHVtbvuxY Rs1i8mFTnbUvs9Ku/vWY9CREp 33xd1pu5mW8oqhBQt1QSmxzRhTpV6WtB8pc2F9EIXHd0Geu3XFFCkI=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=yKBiNJQcK0AfQm17uk48Y7oP4QlS51ZMg 1ZOkUA8XE=&e=0&c=S45inOcrndC4VmOeUavGcsO5OkaDwJZhB55UJQ65TKdWmELUcN2Eh9/ZHhlV2P33WoRIPz8SPa7tMmFfEJZFqevhj8t10HzhWmyCmkWtNy2lORSkyqvDVmq43FFImNCu0JH7GCN2D4H0l8JjwyuW7SKf45ck8lfsSUu77/BmeZ4=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=50c2wlQeONaIAHXgDsdV4F8QBcFATQNgzh2 8vvlI5E=&e=0&c=0SrzBeLMM2A M3kup 7Z2siGkUl/sVo59Tp9iCFshwjA4T1IodCzjnpGjajgmDlLylCb2wSHs IWU8ZSnD7SwI8o6ahs7xlCmhQWJ0fVNlPagKrD DYWY7DybDyDYtcJvwVmnn2UCMhjrvu98 cco5wxDnjDMX6ys1GfrS6myaY=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=TAj3s /uS6l1yX0iglHQBy4SOFh7BFmDHjP6TEHqDXs=&e=0&c=GW7w8CK2ko7WTc9/hi9EjJqvGDpqeFyKhL2gT0HOyIF6cumd2EMjHAuynw7fl5zz9pYhekqOH9TBf Kkd SNSbGRQ LIPy5omkP5PDMB879ZwspjA1V Hnt4dlGY tHgNo7vb7y63Qwu1jWUoPVaAowdxaWBfynNQjhsmUXW5as=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=DKpKyC6cFSA79ZEd4wwwnqgjMvBpKCdiLVbwiS15rHg=&e=0&c=U8sa6ZnEPgSfgoWEs8r05E2/4gH5YTF6QrkKTJCJ8ZM7bsOZQj4AAulbHBSVGMEZeAnWcwHD4efTPZJIZyDwOhAxsfdAcgAtsldiqByf0uTJ1V8j1EnTjf0Eb92eK8WgeUqOBQ3vEFwZ AcHjJTQ0mzR k892Z5gqMTlBGN/8nY=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=Ote9jwleTvMjhucwlSUlcmhHpmGlt 6kIxO5Wzf4Pns=&e=0&c=MH0U2HCFGjYtHU8efGwzheCao0QDPnyi2zekc8 ebrXn2t2qGi8GO2O7CIOcx2M00qbwXGtRgTpeiG63J5L u0uUZ5/ANxdq1wehuSZHBV1vu hzNPwYeyBtVUdby9AM7vB3HKgHzCs8HOXmsIe3R8027gQguk/o5H kQqZzRTs=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=hb4wCSuc7Bp8mfHfqifcBthNwupjqi9iZsgecabNcUo=&e=0&c=KXTpvdV0laINYsA6sloGU7EycQEHlR8k8HGXJsEcUD3n8T7KS/iberEZgMxWostl umYmUPinQ3PgNTS24tyNVx2kmXG3oxMb1WoMG0W6gmC 9EN7KJG3Iy9w6XdwgVcU/Wl6errzsxgrMHCpQvULJz4V7/pNGQrL73dJBgYuGo=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=4hWDZ/cyMD7JzUJl74W1vIEwFRzDNNeKlJyF9zjvKfc=&e=0&c=IUa/WeFBErK3H5DVVqVo1O1ZdyyaKXfScQCml0 Aqrq7av84Wt3 vUjFVxtksbGtO3ilRfPM /eftrsZIU6F6Q4CHHaadwsgz4paYgRXis7CfllusPWeyhNW2lhNSg9kJvKNpsf2nFpr2Icu8C3M0Ilrnz/ucclWrc2hAZGoM7U=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=oADHGnfS1WpDpGSmMDLHZEqYocPAN46wbIBJ6R00fdY=&e=0&c=ZZLna0fr8otvwzUn2YDE5lHCeBR/HsBOatMXP TUEUiSop4K055F4oFX9w/REfwHpZTdDFKN9i9bjeDFdK9GVaRuse99KBKIBMNEz6tiqu6hGaaEzmznDVoLxdJt1ZlRp2k6btunC0eBbpZlEeVbNQNXMuhd/OAdaJZtMqZdnTk=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=op551uZDsTmQ7aBgyaETQDtbmG6exiAXjLaqgPrV4xU=&e=0&c=sKqn57P7n31K5xScfMXwPJOXEwxoBqvV3BNTDxV4fnCH1mHpLj3igd0oa37l JAoAw9lyVwtNzSt39/URq0Zr/xE0pJcG vYr8TWv/OX0b107bHuLamOPwr0o/9ulbUaDJyccJT 6nm3wrDoLLSR0lfk0mrHKWksDCutsEdjdZk=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=EEj/jcUM 2dUB2H3 aCdZuvRHd25EhUJzrA2w0IX7hg=&e=0&c=wFdk1TWCYhn4Vmhi6PGgfZBhxQxrd Zr1VO9hS0Y2sVD0MA4xFYNQZu1slyaLhp8WHUXgSaXBiB1/g7f8Z91BRMoik yx9IqGreh ifbCMnDVaIXU5mlCIqbPodsNfmeYuqwDg8EkP6pKtW uveHJw96vPotCqj2Lri0XbMY7VA=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=riq2P4yip0 PYMNSaWrzC3lZTq1kcBmW8KdxpZKp7HA=&e=0&c=EkqhuI3evkmKO0CHJsPFDL6s8N8Kpj4fgL9bo k1KU9F/t7bIxYcfOKHb80lJTUocj0W1M1IgzDyvqKBukFrpjgTPF408bZFw6GGmUeNNtFrSBVktuvzCfRbhlin777b N15flcarcNUpUh69KGcxiDN3YxfBib6beCu3vyt9X0=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=dgNpxfOTzlAuKm2qebSIg5fReCCrpKk5ogGNeqESxK0=&e=0&c=BlPVcAQjRiFbjJlTea9r6XIzVr0k0fZPEzejiDaGbCrVVf3X06UnY0RM/K60qcFIqaO/6phzA2oyyGYhMV64f3u5AkYK7IsQdQj/9p 37Wc0jrhkk1ZBtepK0RGiY4 W4KJuHJGzWTrKi2abYLnJHop9RdFyRbQ VqiHR3xG0GY=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=4NfouWM5qKA54DbZLd/njyOA90tCtadcQhbiuUw7U4Q=&e=0&c=SuTU6SxNNuvSUA0bzBefFp YvuqnCMmukZj9rlQQKO8IorOhtaapm/Y54ODYJQYkKYHCZPld5V7zD8395zRWSi5HUwQ6ekqP9T0b5GT0Lyk1k4fyIl87R37hS FdTGG8zGx9GMHGm7fHlRJ9L5Qtpiy787Fv nCmiW0OfXJTD2c=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=s9ggglv0ttKZRvOQZ2z9BkffRvI4uMWoUcRX4wv5sbg=&e=0&c=tstNQcWbXB40g07gZDm92BThNVSj2SGopl4myRw9LIm/gdZ6Zh4N0o3yx6b2TyyNcgvSNCWV rPgnXQhs6O2CwLpkMvohG9VxvabewjO P/dhdAw8HSnpnej68YuJrewbYzUgScn3ljHmcWX KhFOiwzkfdT 7976WoWG6 uRa4=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

Remove camstudio.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.