camstudio.exe

KBM2 Installer

Best Download Manager

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application camstudio.exe by Best Download Manager has been detected as adware by 14 anti-malware scanners. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from api.kbm2.com.
Publisher:
Best Download Manager   (signed by Best Download Manager)

Product:
KBM2 Installer

Version:
2.5.1.0

MD5:
a0f58a6205124972ae75e55eaa89eeeb

SHA-1:
5a43dab5d15716b3178aa3a4f317e01049db6b1e

SHA-256:
11caf837c6c00ff2ef633e978a8f6e507d0fa0fa9de7aa6910125313b0dc7e34

Scanner detections:
14 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Analysis date:
11/23/2024 6:20:54 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
AdInject.Bdmngr
2016.0.3075

Baidu Antivirus
PUA.Win32.KBM
4.0.3.15617

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Plugin.85
9.0.1.0168

ESET NOD32
Win32/KBM.A potentially unwanted
9.11512

G Data
Win32.Application.Kbm
15.6.25

IKARUS anti.virus
PUA.KBM
t3scan.1.8.9.0

Malwarebytes
PUP.Optional.BundleInstaller.A
v2015.06.17.01

McAfee
Artemis!A0F58A620512
5600.6731

NANO AntiVirus
Riskware.Win32.Plugin.cxiows
0.30.20.1219

Reason Heuristics
PUP.Yontoo.Installer
15.6.17.13

VIPRE Antivirus
sterkly LLC
39562

Zillya! Antivirus
Backdoor.PePatch.Win32.55566
2.0.0.2147

File size:
541.6 KB (554,632 bytes)

Product version:
2.5.1.0

Copyright:
(c) Best Download Manager . All rights reserved.

Original file name:
KBM2.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\camstudio.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/25/2013 9:00:00 AM

Valid to:
7/26/2015 8:59:59 AM

Subject:
CN=Best Download Manager, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Best Download Manager, L=Carlsbad, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5F3BBF9CAABCE7C81AB69ABF7371A064

File PE Metadata
Compilation timestamp:
8/8/2013 4:25:15 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:Tgq6uX5c0RzWguzZylIAllGVytvHdKme7IZopYYQfT:TR610ZluglqytYmesZo7Qb

Entry address:
0x3A3C0

Entry point:
E8, 0E, 6F, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, D0, 0B, 47, 00, 75, 02, F3, C3, E9, 95, 6F, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 85, F6, 75, 04, 33, C0, EB, 61, 83, 7D, 08, 00, 75, 13, E8, D9, 35, 00, 00, 6A, 16, 5E, 89, 30, E8, 6C, 75, 00, 00, 8B, C6, EB, 48, 83, 7D, 10, 00, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 66, 70, 00, 00, 83, C4, 0C, EB, C7, FF, 75, 0C, 6A, 00, FF, 75, 08, E8, B4, 31, 00, 00, 83, C4, 0C, 83, 7D, 10, 00, 74, BB, 39, 75, 0C, 73, 0E, E8, 8F, 35, 00, 00, 6A...
 
[+]

Entropy:
6.2400

Code size:
342.5 KB (350,720 bytes)

The file camstudio.exe has been seen being distributed by the following URL.

Remove camstudio.exe - Powered by Reason Core Security