» camstudio.exe
Overview
Analysis
File Details
Downloads (8)

camstudio.exe

Path Quality (Alpha Criteria Ltd.)

The application camstudio.exe by Path Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.giftcapitalbyte.com and multiple other hosts.

File name:

camstudio.exe

Publisher:

CamStudio (signed by Path Quality (Alpha Criteria Ltd.))

Product:

CamStudio

Version:

2.0.5.a0.1_61161

MD5:

e9107f96584f7075b86c8a10e1e10ff3

SHA-1:

9dedc77dd98bde5461f16c269795df619a9bddfb

SHA-256:

126b7fb1de85c521c9e5ee976c014219353a7ac61a38d440f5cc56df6b58c540

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/28/2024 12:23:53 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC (M)

16.7.17.8

File size:

988.6 KB (1,012,368 bytes)

Product version:

2.0.5.a0.1_61161

CamStudio

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\camstudio.exe

Digital Signature

Signed by:

Path Quality (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

12/31/2015 4:09:15 PM

Valid to:

8/3/2016 6:53:56 PM

Subject:

CN=Path Quality (Alpha Criteria Ltd.), O=Path Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121865442A968BACB1F4EC1956476A3AE8D

File PE Metadata

Compilation timestamp:

6/20/1992 3:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:jTfX+OUopkvQikg+G0uJpX8rv6Wa3BmVTf/XvQyMBTlP0QjcpMXVJoa:jD1pkvqkKCWaYzGpfL

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9327

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file camstudio.exe has been seen being distributed by the following 8 URLs.

http://www.giftcapitalbyte.com/c?x=oAqH9Vh3 tHYD3pFrugspCpc8bwNEUhpJvDW7IHd9/s=&e=0&c=cN /F2fOdDthu2xCsYAZtMWpWECM0RyC1cbwtRWS7uSq4SUTiXSRdzBeAWkfPOSFI/ duXgvbJLyHBxf3GXhi0glyhgWq4530QfHoFzO5BX89EFPwsrGwpuZFjziYZ56An WQAHJHbfJOvbupbvy//ZAiQXCwuC9XF 3edz2ods=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=8wLKBUjdLNmC65nM/v0bp6/12b92PP pBEc52xu1PFg=&e=0&c=Nx4YRgsju3CWwg1TC/dhTbHDJzFBDTjeZS44p7y0hIZT LtjEPVcqE2Zq1cMFd99AdDybW2bz8P6z/LY8h7KltLV8h3 NM2WCc99Lrx6HY46JxrWo k8kaJugoLSwvqng5M01B/jUIhytrC8IMeem5AKvZvK75bj8f4JGlNnXUQ=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=fx8r SZQ03qYe1muLXMGe8bhVyZCxUwnS/hStzNmV4=&e=0&c=qt4MKNeTMLxXWOD/XAxiZmNK3iagakhZ fO3lyC8 JvC6edM/VgW087Rlvl26YxuqAj1ZRpgFNM ljeFLs/N8qDVX02drCsjXaUZ8L0ZbhFU/seSKFatv9YgiZ0DFpftZropMpiShh888KNJrx/8fCoWgr3X2 vi4y4wjbaIWBA=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=lEYptyBpiNPCjJBFdpLnxL6Udeqs5MguvqaaJD6UBCE=&e=0&c=xcxtHvUZ2bf08poOl/cKbv1VO1XHETXYzy4OPI HC ArEf4y2equY/V/bssg4QGWU7omj80qX07/WvWGxcHYA8deYgIydS08eACgUQmanq10vJmEkOhSLVg6K tYf9hOMckIdq25kGlsDWp9yBLBPKPKoyviyWqeFgOxCDF pDo=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=z/UldKaEqkZ1VuhYbCpgR29hOYEv8SnnY3f/K 0HLuE=&e=0&c=lXVk7ocv/V1D adJbB0gqjG0XZfpXtTXgg5d1oFO/VlYFvRDfiZOgHS2YAmnsbdvHIwPPFgovM11og84DqK9O/ACjnWhnaD8d5y5UN8FEcNnucLgHoEAT/DWWkZctG2oRkbmACXal/xeN6Bh40WZd4OvuMAeV5jTojiZVdjdX s=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=WlnwzrT8KvHuZ L4r3Dtrj77pa3VY 3YwZSm8J4czTk=&e=0&c=tO0vsFGVxGgXrSuizg8fxdt9 ALpacyoJJKpuhjDUzVHghz8V6B9H1CENUM8QLxmEA4BzH3ex50DCH7n7ZyiFbWHNa3Y 1nJp/oTHcfw7VmGblRJ44FZ9WI6cW4XxG1K2pWk5HexjqCx4zq91FijRvnQdCI/jqBmrCmFL3BTKyI=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=B5jtFixV sQi9H4S74jexU6ccpkFSFa8SyZ5Y80tb2I=&e=0&c=NMK9 mymWkLROQDvx8m7lYBWNh/V903v/ZM0GNY7j1/ZSBnxR9EQ7APmnfoaiaaG3p9Jce3IrRlJbXT8wnEyo2cl2cz4047NK5jJAFmwm3Wl3xe50xXDJZzSHV7T7qAJ4fhRX7zvVFGGZuQ66FTv/0pxdC uAgI8 RCQCTlFtAg=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=o6eWX7sWMWRP8pM6FcrSB4Gnml38WkqXO24TBafoX8E=&e=0&c=4vZpETBzz8VqxG6PjuvgvDE4YUI8Ot2joiKvDL8hj R/WdwwWvgfDD4j3BDH33QjcWp57Rw9EhZ4TzRkUCQeggfedj0Gr4DF2YW2NRAUuptlyNzu3XDKNFvqcZo1PvRCoFl 6XTzyp8KTv4v0oCOOiQtrHOdVLRt5hT3nbH7ZJ4=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

Remove camstudio.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.