» camstudio.exe
Overview
Analysis
File Details
Downloads (49)

camstudio.exe

Path Quality (Alpha Criteria Ltd.)

The application camstudio.exe by Path Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.conceptspresentmeta.com and multiple other hosts.

File name:

camstudio.exe

Publisher:

CamStudio (signed by Path Quality (Alpha Criteria Ltd.))

Product:

CamStudio

Version:

2.0.5.a0.1_60682

MD5:

1462021b391798f2ae31cde7a898afd9

SHA-1:

9c485277d0d3b606747cc07aebce343b704db478

SHA-256:

ea5a3cee94c43f7d174fc3f3e6cb28ab5a5c8cd55fd39f240e96dad2ba1b8912

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

11/1/2024 8:33:11 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC (M)

16.7.10.14

File size:

990 KB (1,013,792 bytes)

Product version:

2.0.5.a0.1_60682

CamStudio

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\camstudio.exe

Digital Signature

Signed by:

Path Quality (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

12/31/2015 6:09:15 AM

Valid to:

8/3/2016 9:53:56 AM

Subject:

CN=Path Quality (Alpha Criteria Ltd.), O=Path Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121865442A968BACB1F4EC1956476A3AE8D

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:d1QPcnADHUAApXfhY/91+Q/C7vMFvaBEi5wsItQ:d6ZepXfDQN17sqQ

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9258

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file camstudio.exe has been seen being distributed by the following 49 URLs.

http://www.conceptspresentmeta.com/c?x=3fjb4IuuJHVRAlxIM5noAWoBUnzW93rtFk5GEeRP/Tc=&e=0&c=aSRWpB8ff91rbYE 3xmoJyw85tvkKqUvAL6CAnjSpFaaRYTBHNo2Z81wgFkt7Mm1WFEPyhPXjNrYm0pxD2Rf3L3DNPavt1MoKgPwXU0XuTOrxgHzkm/7puXI8Ce0OtC/4KRNecTmnvRAyx 9sLwNWs5G4E82NiwkDnZKAcNwJ3M=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=uFnTzfcisDLbJQQ4MEJDAWoVivdKM/OOBZz6K3acvis=&e=0&c=rpsJ8Pt/5cgtYu6pFtvtaYlGXbTqWjB31U/zbcqlrdI/3WTVFA6bNcdPVIKlrQTS8bgymJ7EdrLSNQ7NRo3b5 duGtLhTia4Wa7B5fB1Lrof/UAUYpVRWClAjL4kx6g0dVSARb5qkdfxgfup/Of5QFg/VMN9BFJUDTlOAwrl1M0=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=GWJ21B2ZeaE2R3fkuieo9klZc2wAmy8lGalmocJd98s=&e=0&c=aRz6htWpDHNdZjZPN5wPCXaOYA q09VlAD1pVpGp5Nxn2SNnDYApGyLLqvEmYxczjyPPCWxg350sRLpnD2mBsJJje89X7JhdwuIMl7AKKgnwjvu MmuNWoFtpvpfilbHI vZ3ExbX9e/M1QLWPZi3ikCfoQvEiLoW61utnICoBA=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=1x NzMRqGXgfS8iLrYKdpG2JCN53nMFpjrLEM7FZ8js=&e=0&c=DnoVwyyGwqYkAZz1QwGDxny7tolQ4iyVO99qvCV1ug9H45QcZ1re2bCCN89Wra6TV7NH5XLyx8kghbjC8S/Ki3sNseoQ9rQtBpvuPAhG9tbFgaRIs5IHS/oznrtrgkrmbfOEYGa8CAgbC4CAyn2FITsVJG2TnmQK7/ZP9HMWfRQ=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=MMv0VjOr/aCoJajcgg en//6Pm2iW3CnraFvZqmG/wI=&e=0&c=VDLFRS5yRrgc2qf7VOrlJf 7xdhXW3y0JEasVz3MzaGi2V4MFJNZJjCW0zxyOjDMVnfI/yC0SIelZwW5kJxxdmG6OKpRVnc0dIJgFgd3aC ychwDHE5YIy3G/ Fht52WiSKtnh/QioV0c57 TmQs59bq3Nli/Xp62DdhImBqnY0=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=zkdfSwzwusdn ZnpnS8edjF2 PtmzHUrfhBtFUvqp3E=&e=0&c=rLLt07c4zi AinNJElQy/Kp58Z7wgxFPyAuFwiRGMiH8mI7w9OItsfMw5xHb0UPutaSJ4Y95kiT1EBIXj67rqeTNzJ/ZxgeObeOvKWluWlCKnJgh9yf1/IZX1ZFsMfkTnyT YLkaySmEiIL5r/BcIrInYXI9h/IBQlFF79wU6bU=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=zY4MvDye/4Xq0TcZRjFF9C2MNRTma5CtWbIBP5apkBI=&e=0&c=bUeDRx3WDWIqxWA2eHN0HSu/tqwVfZ x/zyR2s2B5GB33okCOsS 04LcWuIf09KvAXyg7Q2Si1rwi7CS/67WWwZokQKb 8YjZadQYJrDQ2W 0V3a7TOF9tgLM6KO5gcX2TdE/d89LmqgcU/I4KttPxrEZyLotWxCoHAcG2rgRA=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=Ns nmZ2SCjsLbRG3DuQsWsMURBkXNSldtNR0kOCrhgY=&e=0&c=HU5WHx1WuZK8bzYdNtn0Srd4Z1y/nmC0kfUEOGDU1oYsyqPsN3Sp2QODg/x/rzxs8dDQ QTgkD8oYn998n2k1ARvdMdtCOGMv9r6YyJS68P9/yQ6kmq64gJU9mlJ0CKBChvEPsGBel77jiJ6prtTs5FsVIm7N8FZMRHMXDnjhEs=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=NWAMF19XT6EK1QIqSBg9fVxUpvAhZx2j3a/eiYQLvNk=&e=0&c=ryenbArtJSYPC/Xg01ZyZw0AccwzFiHzZ/TYc/9W1qFXJQbZwl/TsofLweBG5778HL3j1l1beweYQtUrMMr7GgG4bzLhC0s 0eZnhrf2A7El6Tp gwkcyfyvEAGP/DsS88SFBsmnkvnrhNi3v52ESo3E3ca9AfsIqEmFloDZF0s=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=7sOuCkFPNd5S70Y7UEPZ6nfopZsnlmIjP/BYQGFvO0A=&e=0&c=6qY0gh eQl92uM6l3zk1Vl UJPJa1PeQsRXqwIAH4Bvso4YL80kHBoyj0STwuBB8tHYVwzgVz0Gp lorxYRuTMK6Zh6Ux1zbdvdvBXSTDgn1Smp10ApYkb2p0c8u7KFDPS0ApA xSYyiKT7Eq9wAo kyvW1Y1KDxbTbsdAx6nuo=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=ypKPwPGEsY0UHTtfumOxDSuguG2J0 jjQtnrx20 eSA=&e=0&c=gowP5MftnWaw CEAGYzv45/YTj4OZYKldqW GUDO9iQUc5mKpLIqkCD/1y9k9Vl4Xqjs0lc8zWfSNUmUvuRdp/Tfrl/SNoeKGNOKqILU1lNYBnPZoEsJgFA HWdTH5WvHUJWhYTJ6x/tvwMyOkGxWi8GCBMy8EuCUTESnQlzrh0=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=UagfK9l3 Fyg iR0MwSmMoVDwHtt6 YFZjzmyxgxwWw=&e=0&c=3tjeAN0CbJXEqAf5BsfQi/KVjMe15oBLG gPvLO1qHDy rCmVobx4i7AYAm98NFh3NWfmnHWNM95T5IUaGktqmn/A1J07oykfiSMaC1N22t7LEkwFRQ9 vOMvVReS0nNjFrSvDuJWv9Ke3EOzt5ysXZedeNXvEPJHjTDt6VCHcY=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=zgvTj Du6JXDVYxIbbUyNvi8kHC9I8fAfBxzS9spFeI=&e=0&c=yFAKnH384c6fA4hoXiK9nuMHz9ULm2J7tQCb GuaTd985n84MbAqhNSxqe4XUBlZ8VtyjEZ//duS9fmhvvCu9puWdVP3k58u41 30Zfh627Kn5uk7i70u8W NYWZGKoFdBRQZZKJHjEQkDrsBgsIafCzncVD73rS3pDiKh/I2nM=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=pEf3KPnpw6EUYghjCSweKDr2reJ/se/z2xWlXuVM8yA=&e=0&c=Eaq K/cR9cHGgqbMJ0IMdlP3xSMokp1FB5cnVUqsNecRIccTiRv4W9PMDhyEaQV8RTs9AiJb7bbdiHwi66jI/k1NPtS9e7v0K6O8w LsKNlw7qhBTnU7ipKk5hQpytxmgYWIsvRL8rvgSRghHIGKEAyiJpRETZY0KMvIx/gLkRs=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=ZzvEsRcMOlUxrjlwvVTS4Bm0nJuV68W3j D/jSod NQ=&e=0&c=W3Ge7AkxhIdysPAwcXjU/WZpj2jnungQZSuRyUSxobKxoXYNVWdgEAOlr4r0RLkdpIh QvGfcqHhjFEjepWuS5xZC5MUu02vAnVQmg7cDZ9yeN42OgEgV9tEKUgftPCDQ1B8VQN9D0fFwZT3L6noxcJrLnekRv YYHdFoMXu4aY=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=YPJP5qSW5VmRji/Ueb5KCVwYP5 GpARTcgsXvpTVLIw=&e=0&c=MCSmjL4OV7SBggGtzBie 4o1zTrLV VLxsh7gpvO0PAXFrl7n6RXb1ubsGMQnQUj4VzK2ZQdvbCxyBOqSkUYK65R0gmROjP3EcSpwVtwvyCoyFoCxLxGlzx5EFT9GnOpBcpzJjQyN /03g/rq7jtmv16PPyfzvXPkzkHKk1ZRBY=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=1inR4Sx6eFtFWrYJbHqPme4bVyEfKinQ4Krg4CU19yA=&e=0&c=fle31JRZBrHqDrFKMKx5QFc0U/I33t00qB 4V6LxvfP Jw5sfM4aXtI1qBe3H2DYNwaEyzoDTow/oD0XlCyl9OAwdThBPfh5yHnT5bKqNsAZTKUopp7Zg1gMmZ1bzdxCyG5YfXgKrnoXvxcQVqoaG9qPcf/p3cVxQOSU31THxjo=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=f h4Hs3zkCpweHAgXHygtFbNzOKGGD8DfExIlOTn198=&e=0&c=wrR5EECONbHYzNdyQM1RosL/h3Y 3XhemdmpDcCCrRFsPrjD9Qo19LHasUS5SZqenHU9TT2HitJB/gametpUToiuEqxFpv3kahcamWZyfVPlFScX1gWy9YXS1PGxr oHKd1cna1FHcDHZqmwiKDdxcdtYL/RtdwtIcelS36ddCQ=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=4S3rm3MLbQCnA4757bCR9NvWwBxiUXZpFCt1UYL1yx0=&e=0&c=L7XDarPe/1kJinrmqhN1gGWVGxgnxCedxRYm45Jr2RrSbIajwfeuYEdqBM8Sg5rsLf1lQ6O7rX/ax9gH/sN7iUzgGZ0Q5kS9pdT936XcITNo3wn3785uwsWXiNQRR45F8xCnlQ3RSO9KJhHlfzo0QxtEnWEL2bkcKqTidjIZyso=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=O UyTshoaAWobo8mkjDLENhf0dcXjZjOOEXsghVSkKI=&e=0&c=Zwr9AKtnBL2fxgGoKh5mttBijd3tCJfnrXPuthVqi8BezESDRxcptsX81c9xfhXDR139LWuDyp2l7YPENa/WikcSKP/fm5M5KmXYpIAplK1O1hK8xHevxhrKQUwUla6rEFI5ymRNJyZxORDnfuhwIo7Opsfub sovKqHSg8Wtbw=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=l1NNxcHzhQSe0s3mcNedcQJx5st19D6scilid8/dzuY=&e=0&c=EM Hc3vSTURq21Zo8ZR1nwc 4luu0aGIBxUJqKaCgomN5t99h2qROla5YdraALj5mL55LiHAlyxmrOcTTsKc/6YbAIVBPdti7qFpGnTU9q45eXcLenq2CSrTfgRaPVecEqqJk8ixb8Q 5dMMpK1wclBZCEdqr7VEBBD7Bh9lCTE=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=4ZFf2dAibet/dKAiGI14GFPuAaU9aqYG 0eXxaPy9UA=&e=0&c=5KebqvOaF0NHLo0g9Ei9lJi4pbelOPGlB24dekocYpY9aAXKebTyr8v2PwyTbR8NIA6yukt8G8JyOE5bON4RQk7ZvyJsSlK1wMdZG1LNOPVIKVKvinHRb4hRVVlhQBlc6Y8IjhqzxKI1k1xQNu7JFTjI6jt2JNXAXmINE4eLgG0=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=aT 7DqOuVbVrrpR94NoiINlcaPRPsSB7u2Z86VnjGxM=&e=0&c=RgJ2jLMuOzIR2seRUUiqFezr0rEFdSnR81AkUMo24vKMwoJWQvphwr16oQKDae8f1fq7h9uSnjr/gGM pr1DqSQNbmHNqap twcVX94AUA8EWBRwWDG vO9EM35DVJr1OOcui5j3bqiqPlqJwNrIRQjE7Zlcnkb2iVNWT9AW8Nw=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=MDpt1VPtbOE6jRspJbipoN7Pd4t AN 90AswGIIxB78=&e=0&c=jdVCYK2R5C4U2F0YL/x 0/KjcDqlNGfcOBu/XrUr30WQ04 nq6K87YBIpYR5arxDhRCTAlahKZLiuD2zis4UHyO08tjoAEwlCuQxv1k90XHCWnzKd0YbNYvjMGD/JQCzmOsYkDol6U3l/DdyH94wjmStq/xzLpVlZ7OfCgneDVc=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=/7Gsz//NWFM9LIWedcNmgAZGis/b2S1XsqDiAn/yMX8=&e=0&c=OgbTFXwDXQBdTx0smHjfp4wu6oyu/KeZge64JR3D8YR6ZcCMQmnETeXAA0r5Z1 WtmuhPCZfRBO4Y5 pTRcs5NbdjksgYbvvJTuw n0q1j//v6dqsPpln81YcUuriTATT11lGMn688Tc/NzCWsOa43X/B2Rzw7h5P 4NWrPGDWY=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=mzLHkoO1Q491v//w/B68fg uQCFEZd4Qgi LSxKS1c0=&e=0&c=l ZJeoYt4ygWAUu53vnUA1B4UpaJEUkTdTUQuqVFbpGPqju hpqaGYWLlFF364TI4ZGRuUqgWbY/YXjTLu5QqA7o 7Y zhLuB3HoWXDeMWXwvaZUny6rp MTCRH4ZDSlEhrvYT7evALDB2JqZxfA2WqtLZYbfiICsDQ2xwqqSk=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=N5wROYjOx5H/otdZ/6rj1AbcioGv9LvQbMgiEA5Lc/I=&e=0&c=PDFGEcdNdeCOTcdg kod2eHyA3yJUKcEhc /TmwFe7c0hGEiwnhZXGpq9lo2nOEwwQS2BISHpEZCM05F NMxMnEpalu1stYbjIdz9lDnNJAwtHoRdLSTY7OyrC3GOAvv81mVxbL 4iWuEbwPwMbSclhpi5mhzP65LMWhcxjcqHI=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=w82eMC42xTSDfrc pxPo83MIsDBU1Zno2dQxXuTiKC4=&e=0&c=P5VUb89MArwvFTHO76gJuf2kT7vWJ9kfi3bulNNvCDiU1LlB1rsBpDKLcSZ1SFTb/0MEz0FmTcbxiKlyQOTMA2 TptG rGpzH/YiRKZ04djm0HZNArSUQ3PruNbnhxR0BfhVWRyoYy1d/5u4d3CBzvr7PybsCnnjrf4X8pheiiA=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=fB9hs5EIadhLRPsbW0xQkUQRNM1qB3P9EeQfL8kCnrE=&e=0&c=z2VkBXdgtvHU430mBINwFy7og37sng/oWprfNQ6Aia8sJvjwZUz2EVvQWvJAyYGZTz50FqkwC8xiVzIbF/W7PuEQwcmye3 Er6mTZIPZ6Td1XdTcN5hRDdnDNZGizyMeFfeJFGZLXKsj0s7JzsbYX P1RAs0J8xXUcDiC7NTn30=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.conceptspresentmeta.com/c?x=nc2dlM5Fev19fRGR3wca4uNAgfZVGCWdaWS6j5UL3r8=&e=0&c= 6Wre592k pPywkqXSJQ/4q1SgF2Tlbcih6A3drvwmJh44gWcCC9/k3sFDY6rXU2FAXH CDDqMPRgfv600GHhZoKOYVbZSq6GEL8sHMFNxnsXJxhJfdPy9y7hlSe8 GuJfVH40lCDNfnhrvmSql jLaPs8K9R9I6ks0AtjjI3hM=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

Latest 30 of 49 download URLs

Remove camstudio.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.