» camstudio.exe
Overview
Analysis
File Details
Downloads (84)

camstudio.exe

SpeedyInstall (Alpha Criteria Ltd.)

The application camstudio.exe by SpeedyInstall (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.giftcapitalbyte.com and multiple other hosts.

File name:

camstudio.exe

Publisher:

CamStudio (signed by SpeedyInstall (Alpha Criteria Ltd.))

Product:

CamStudio

Version:

2.0.5.a0.1_63980

MD5:

401a77e40ae42dfdd17c9b5ef0891853

SHA-1:

e40aeabc999edacfc547b4f17a5be32addf6953b

SHA-256:

690cdc23d1ca4c4219570456bc38b3c2b4e8550582b68954c3f30f0205fc3443

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/28/2024 6:59:31 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC (M)

16.8.6.10

File size:

1.6 MB (1,640,088 bytes)

Product version:

2.0.5.a0.1_63980

CamStudio

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\song\new mp3\camstudio.exe

Digital Signature

Signed by:

SpeedyInstall (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

1/6/2016 9:05:52 PM

Valid to:

8/20/2016 8:15:01 PM

Subject:

CN=SpeedyInstall (Alpha Criteria Ltd.), O=SpeedyInstall (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121A6DC69485443ADA37B28455486E38F93

File PE Metadata

Compilation timestamp:

10/13/2013 1:49:32 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:3ElbYOS5l07fR0j/tHeByNcdHzhsq9rS7hkd:OMqZ0TtHuyubsB9kd

Entry address:

0x113BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86... 
[+]

Entropy:

7.9240

Developed / compiled with:

Microsoft Visual C++

Code size:

63.5 KB (65,024 bytes)

The file camstudio.exe has been seen being distributed by the following 50 URLs.

http://www.giftcapitalbyte.com/f0Lns0TsEKM65wl4GQjxg6iR6g qQqI XUbUMjVZoLIZuFSAwDa1uTmU6XcDU6N_mrtXuydrz5zZCv7cZdO5HzqPNd9sJ1naYYq89CxChMgYyhDigLYE9Vbxi 4mevsX4ZGHnSw6ijFl3KO6wtoI795hJp1DbDBP78mjVettxmHbKfg7Q6sCyTV0x8L5wHxzzfbXkH5f-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/GC0hIf4m9NXNvIbCLtGtrDKamwm6TeJCp8pWnldFW76g7iwAoLh0YhRDFhJx5OF_ NxEip8jhUiD377frJVeAEI9pFPcX3h6geGn4CyVgTUFJyxJqyhB6MtzfCk8vANO09puEBnIwAl1B4xfU3xhf2wG8vC3c1GoaW0Cy2t9okVP054vs e7oash8cZvlxTs0J_JE0H-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/rrH4H4P_8WvRz2bibZlFXQFX4t2OXev8DFvvBD05JKmaUnY2AGi2NR45sUGA6VpQaAzOzwwUwmWC5bDHHZFBKK_Q7R01QtE1428c5CFDwWWQ9_OunZTRB3yywddsCyEntroSEfBYd5n7PaJaOrhWrEzgM4MegSdk2aNMivBLiqG8KVlzcILcoUMgnKk3Pb965HkjXPTm-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/f2XcS b8zxOVDa24JnFKkVXRR9GI04JawfjK7vlQy1s5sh1BMiKh_z7FZn_Sxr8x9vENQv2Y1fqON9Dpln8ayMacdahCwWrKDKzSpNrRaQ9oTqmN1Z26a9635pJSuMFd6k1eX1oVOka0YjYQky0WPIoqjjOqdm1JyT0WRTfCB_CRtysvfRsxGIMgZmcznB3qm4j2Zq4Y-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/esZWZRCdEVftzCy9bD0RM_mBD DGQMuOWv1VXcT0XaCOW5MAPrwT3rdPb4pFhln3Gin62DVzQ QHxPOOx2LKTE_IbRcgOR7G6biLsPhaw__Ivz4pcq6JcNj8N9YpqXoaPbdQt5Wss2 z1Lq4iq_5W0ebhFMB8yqVYL alSZ_E1hBNIjrTl1yah6xfUEtKi8DjAx8 A8b-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/dC16gzBZ2y330JN8WeVr5NPiADEilxz1lesfmEHrk2AJuKah8YP_dn0idQHpnUhFKeTAxX5qiLR7HCuEmVOteXNjaUZ1tj3UYpvPSjFOm9OKPi7_WW2pBK1DILiXevvQr6p5Eo7RVCG_EBCdDYvvSvMt0_m_MFLv537ekfRa cuuFZETjL6yvremAFLFWpT_bbXMSLAK-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/InC9fZjSejBOJ6A4SNGLc3JdnjSG2i4dQ0ZYnmP8d4mnNrg2GuOSoCQjgBQejabJQhfwAu1RQEYPQTGEMP3l7nOgRpjukEQkfgoHC okM_AXQucDosvp7SmLrGGLmiarah78gZhdI5a_r6HAf9HzGToToXjITMFdlDDTUWg0QmwIRVElgjyKKJeTUUPcasMWAJVCEUbj-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/KOzmO3J6gP3tQ2mM4k4R2sM9OYtbNUyJO9COIe_qBSoE8GpdCiR4z2e3ku9FWWKLQDi1mL8x6aCFVsedEvA3rHXIx7Ks8NOhbOKT7cOCypT2N1Iw4jzWcIB4Nujr1NR_gct_FNcx5kLQ9T6BrGJfDtSfthSWWEqbJUaEAoU5cDfyjHmW5 ifhrUYe6HK35sNpNq7YVUw-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/ZXcMi0U5AlqgeKms6Kx3yMrZ7IS6DlIoS1lFlNADzlIkqMz1FgrEiopX8rx9zU48ewfO4m0C_femefc6Lc1mPaLsFbJX9vb85vdc8D Ni5aOSDXMb2amXK96BETmU8TYdT4YZTiCjrOR5BZSMFUZ8YjfYVkiJGrjO9X7zGBsh6fbOhXwowlhzt60po3bL8YVCHqAHb7J-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/PaSCQbu YB2WtymgJjhCUtOjcGLZ_BMHkgUvQIdRXRvxxcUzvL7JJ7yQrI8o 0uWS6iSIcT3zWvuXsUMozi2SqdHifia7u7S6OvvCFtJQ0hSPQzI2h5kYqTZbUnlc7Y9BQBkzy8qzs859lK1htiTWztpbppTMDn9D C9X9PtdofvJMaoHluwydeuRl5soCI0hM0O Ijv-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/ W3JZXp3EfAN5Cd4LssOD3HQRX9777JmTJME8FdAEznpBNGm_MNTUAy2PlrW44kItLqwPKiTDohveyloggG8un6CY1SgaGPTZ62IoS66rrE3lf9Y_4b3ZsBnuxlTYEn5K7JZvGigoaIEsLvakjHHT9AIJ3nZZMWe3_K3HySnkgZv VN6hM1s_wvdSKVmJjEFDZEjpMdq-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/BSrmUXhd0CQheyqTSBr7ESSfZoyRC8znskIl_aT9Aj moOP9OxsBaGivsLv6F9FRPlUhK565gw9s5sc9CiAotnQXnco 6jajEpbnTAVIcge55l_BxB9woofSVUIrHxOo5LFCk_srV_c528NNGmjxKLqsbQm5LrGoHOMwpv9gU1kE2IWmpSXuAOHk1GA2hNKYhtjhDd6O-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/1FN87FM CZo_UI9Wm8wwhIWlBv5EZ4T_XP4zMry3N9 _n4fzXnbY6wQBCAwBTJreB5nf9Rmy5YTnXEwRONFPkgHCOAQs hJVyJ6ghZU3s9NMpr0oZF8uDEORYlK0k9vM_GxTbea3qL1vtHMi3H04WixkeiwAHOtcJ7q0kC3KmpjwdnTWsP0R_XaYjZHEEW_EqnzLh68m-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/r2R41y657KIXAHkfeXBguWJXarQdnQrZkER_g_1227jGNKjs56GmpQcyiz_g0kq9iQoQgEY4eg4xtW_eFxUI0DLPInDElWCourd20OpVFZM0u530W6uUhbESd7KL_Y0kIRgJu3OXjzXtUcv4E1JX1czW6DLySSkUJIcwYy56ESyjn9LcqAX5z3aeRKbkydEQcIx1q LS-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/JJTmvefTVUcrWW0bFE zDwQiITDF5Eid6tD76sLABphH3oPulbc6cHKJ3OgGAWMwiLfGcLVL2H0maiByp7AETu4TiYMveuvLgdR_5oj71toO1uoxnyMkAv2563uoaMeFhpx4I_9Jnnz0II cS0p4g_cgHEc_zJ8Aj2aMc1jIxpBSSQfpFDI5oMB_EUI7V3Xn3PJfK7MS-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/ip84gXPU f80iN VUOgzUVo6JBOOsgGk1CKr9cFIfc5SwVb4L3lINIB0mm9pAY0lnozh310Gu8TM1B0mhbQkUoWlbRMpnXmIRaK18e63WD1YwWMaAoHhOP830OfblxTndCfjSJ8FChKsM5fz8RM02kIvXfptPYHxvobC7d2fHAZynnO8ZwtzmbxjP0bzmV89OOICsBXo-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/bLdbna3ZeEF1U_UxWqP0ojAK dc38CV7nXas3vUsrGqMHZhqrwLR PjglFcw7RI11fifXQWuq3iOE6m2EMm4ASK9eOg 7j7DbMCzcD5mQZMSaJEh9qsdXmKO_vODslqpOdVxhA8LJGzdPve0TGRp_bB7PLOr5Te0gFMqF6ogy992KtA6PVWEDUMDGJfL2vmSHDoLghWq-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/DLQIpItiCOZsg aBcMme8KbRtq8BmSbgFss8fDt7ZHyqMTNpBV1NedleZsdg1cBnZwaNil1KbwVu5kUgewK13Z9cUBuNrEoy06KISuNA_8FkAy9JfmJ5Rt3s9bVrybyhOpj2W ScoFt2Em2nu2Fbvs4vzH4oxxXMRSsvNfaGLaOPccOjWjBhd9UpOBCToxQlKUL9xw7u-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/6YxdjMQV02riANSyLWyOOaQBuVEuOvuutniKj_KI5jluLC5iVq IpsxdjKfPd oadH0KCfG5izozPW8TdWSseUrf7gAMGxHzriAi74mfIYhwzY_zzdKo8B2dxS4Ot8iaTP7EwxVi7X E tAC7hapAl_XRfbDGgWoVFebjmwM02Og65KNafyFfncx_AHBgTxGnu2Jfn9g-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/oJFMZJlxqhYfBbosEx1iHSoVMs1iCJPoaacO_Ogb352qYagSq8iNwqHTvX8sB1 8cBENBMkFfRU_EATUim wjHPjTz_KxGzEiy1U6OVBHG8NYM3ibdE_3DY3 fEtHo7nIoCdNicnowGh6_ve50XcYojr3sE8 CZp3HjQLY_eCgRSDenf1ZYeN2VA01N5JUUn0F_b0diE-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/uOpELg3q_gQl_pfm2ENfJRp CME5uvC1w09IwgkN8b89vf3K4CNlpg84at7huGY5JN3BkcA2mv3GdU A4PlKdoZ6rsqFje9atumTeylPt7uWbIcJIkaZ81OPpw358jeEDTRR9u4kcdze6cm6FISgyuCD9VOjM7 AoDf5gNAP34jJ_wSfY k 1Ux31UyJcSNwYGK7cMif-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/cB5c0mWRLA6TrRd52HkqQfUY7H5PhH02BDkPzPmTmljKP3XDnUGxJ3Ln_oRIbe4l8SsHdrkCpOYIIwtWiQ9t4Wt1Kg0u fhRmaiLBleyHkNeFyOWkjLav_83ynIpwmNWZwgR6AJFD35TVz0eF6bjQ5J4r0q6Pl58qCX1Sfzo1eV6mwcJLr29aizOIeOQSLupjiS108d1-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/ZZzTEeI1sdkb TYBiNSXlnAjy ihL 4Z_8eMk3y13_eP65UXj2RaOcrNu5S 5F7MU7GSxFlIzOWDZzo8gVsWty7s3srYnUW39b0hHm3E34Ea78r5Kg7NGPwiDiS64jgyMCGAZuulwz9kPIIqfFAYRR5oQ0Ciu0XS5oguqtnma_u1MmREjCYNOSEkvLGjO_tRQcIqTRm1-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/MOCPuIIYIHQbfR0NKucmwIb91YSkVQHH9xiUNj9yiQN_LRuAXEN8e1i6eoqLw8YaSEv0qc_p60VXNcKr0i9wiOT48 ChIeQ3y5FiyDWyTynHgmpjbJTaBj4HPNpIjbDQrROlFFklUajm5ipkmsrlcrzm iQjir9mslspGRNRt05gxSk0oy6ij4Dh2zd94b0bK4v7z1N0-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/xUQpxMH8qr2LCXTDP8DmOfX_8b9eMOrkA7j_Rzt NeS0LiQDZsTQED3hBHZMNb76Clggyq O r1LhXacM4VUvS88n3ololry1YZyFcMpiN60DIXUP8zbaC1o87L5tXCxt9WumwfR2IFiA5kT51uh7IDKu8BSjnpOPSxXvQlcMuNFa12BZ3Ka5DQWLyCu22q_Sa8UeEp4-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/0ssCaAJX2fmAzyNG2xOn6Dsoop1u6uJSD0DFatPGPRYuPhQZ3PBXCPrxSwRd hCqYqP6k944dP8MMaOQkZcE0Oy5iq4CKtmI0RuRV9BiFotYwOXFRQhqRw57nEpXCSw8F_Vy_MLQCiV7kCjyrlPCXPGocr3LAewpaEZUOJeGhAgSCrD0e3pkiNy7JlKwkd_9velkTo65-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/g1KsHnC00P3Joafo7ODZoL7cKDujMGfXwfEhnH6Eavss0OHVW1wTBpaZ4nFatPNiKffp7UyXQGr_gNWh5m8HOWbGxFkQQBjSP67vHpyhH_IvddSHK704Y9KZMNLzVilCnHFEwnRucCNHbqcm0tBKZPxw50D 5bJL1IJgN0jys5v2NoZOVNDEu0LDt_NTeShj8DBL_EDC-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/Z0 anvkSSPsaDWblyLvmPGm8tjttsTDFGAz vd_BGCmpYKvEHXH0fP2WlSJGgrqTz8R6A42exk2pfVqBJBDEpM8v9amQrq5W8gS_rpLYEpxFqz6fRmylFuGtvOVmORj04yZYFjNL35ZchY87FRSi9ZLMZOhhlhRp1wRyuwgC OWzo6pCZG9DOH9qFDXVqoGJPQ8Ei2Vy-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/QQYTVvPlS5GFK_xC5TKo128K1BanmaN0qdXUl4qdD4bVVmnhSYZnbZaDWIbxCiC6KJENUNJt6EdCL3j50EC8Ks_3f 1xB5YA5haqr00PDN9cp2HC J79eoZqANLEa_UodX939 6S88kIgAXmLD ZAkFpXtr78pnHqe580fV6X2FF7JzzkkbnCZNHzTlZoH1xhqJ2oUt0-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

http://www.giftcapitalbyte.com/krKmKr2oxON3wFUdOxgt26U4xTCWvoBofGeleEI XSkrUOW4sJAFSaJLUn3YA3i7rFcgZc8iNaxszDZn47ljQ8XEO83L9PAw6zRbH q1inIvRP3MpoFjYYSAy7qETtTtuGHCoJfweojZhC3tt80NcrUMd6nE0Pq9oeEDYe9D_WKbMOY1gahEmIQ190xIRL1e_gPlP 19-GzAAAMRtbD7PaUzHinBGEQXBRA4cWkRd6E1tHcgbYzSEZ7dGXVqZJ lTew29AA==

Latest 30 of 84 download URLs

Remove camstudio.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.