» camstudio.exe
Overview
Analysis
File Details
Downloads (19)

camstudio.exe

Path Quality (Alpha Criteria Ltd.)

The application camstudio.exe by Path Quality (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.giftcapitalbyte.com and multiple other hosts.

File name:

camstudio.exe

Publisher:

CamStudio (signed by Path Quality (Alpha Criteria Ltd.))

Product:

CamStudio

Version:

2.0.5.a0.1_61161

MD5:

5c56088f954489415d4a64efdc53fd4d

SHA-1:

e6e97247dd8b93844201870535aeec3e6a20e0ed

SHA-256:

efab336c26106e0d19e14f6d193f8973ba9565e1c8aeaf48f573a97e3bc2e18f

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/28/2024 12:45:54 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.AC (M)

16.7.17.8

File size:

988.6 KB (1,012,368 bytes)

Product version:

2.0.5.a0.1_61161

CamStudio

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\camstudio.exe

Digital Signature

Signed by:

Path Quality (Alpha Criteria Ltd.)

Authority:

GlobalSign nv-sa

Valid from:

12/31/2015 12:09:15 PM

Valid to:

8/3/2016 3:53:56 PM

Subject:

CN=Path Quality (Alpha Criteria Ltd.), O=Path Quality (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121865442A968BACB1F4EC1956476A3AE8D

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:mTfX+OUopkvQikg+G0uJpX8rv6Wa3BmVTf/XvQyMBTlP0QjcpMXVJoa:mD1pkvqkKCWaYzGpfL

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file camstudio.exe has been seen being distributed by the following 19 URLs.

http://www.giftcapitalbyte.com/c?x=BQUY5qRl6Ap4hdCk9y1tn8QMnvAjNDV2ZTbHCJhcPVM=&e=0&c=WtYbtThZS1XZDZ20H75a1m9B C5urj0KR3T1Hs8h0hblitWTDHXO1ydvH6C5efgDhLYu7nrn5X32Nd9g6w9ZNFhKiM9l/lZWgnHOm4aNRm0/oA71mcGdZFiplBm3vOSgmQS6APQg8j0tMSArE397dIv55C1h 3bX2Aw9wqYEZjI=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=eyZuhe5auJ9JgXbXNpYn6UzesocfEpKLAat529T5 5E=&e=0&c=ZbqbmK24te59h73Yl3dZY0gCwi 0PS0PArIDASVqXsVoI7OphU4cIRqDFYoWRbwC/Ywj8aTYASJiYc6DfnC5NfeXGu3x0D8okTCG1 0LxUjnIhKP9CCpfU0 rE9oqd6zoKz7Hcf7ZcQlqN3oiPoSRFBbCoPHaJYAMm5BdmkV02Q=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=ywf3ZUqLBGm2LKGnluynp ukYtC40HufH71y0A/NuNg=&e=0&c=AWewyTimYrGVQXSoIf1OO28vvMnUiHhoYh3HC nZVT8yv3K5nXppNfVZeHmaceVtlGy6 6BOc1ct06Pfax8l8MlHxE8SFYwU1aYbssflZtRimtWDSWkPcHT4ydgdsf6bjlv37L0cAajwwFajrOXe8hqRwfzYaAhqRHiVGFvejBs=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=Wvqp154Fu1kVvUGDv0dtRgG7ZvB4eLSTUNnt65bNnkU=&e=0&c=AT CEEg5oUpt47omdtCR22CY2nU/EDTtGH0SpBOoeWPKwCC1R3UNwwNuhozjBQmVsrFjjaBIhKEUL9/Wkwm Y72x5/cGcTc4suFsfpobzYoeSHzVkGRd2VJxDj/PMsQGFxNNdodLEx1c6KvSuF2JW5WJ 13I02EkOl MWWl6hV4=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=7sy7/5VxHGUADA Al9tTsPNX92L253huMuaJcUp2VS4=&e=0&c=CGZJJBCymFVt8do6lqDgzlFIQcm0KOJXoipFwGwm6efyB6RRPNEIHXTHTBi3CkAO8liQbbFxoFuN6R6Vc9ZG9iC6L6MPMrEJ5xfu4KV82G 4k2iJnz3xLjvuFK2Po0841Y0Fqb7nUIFDHhZ9WcB7kFXpNotxkjLm15W0E2igAQ=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=m0bJBB5DtVIeXBxjMpUJdq6ZY96 gRSKeRCd8aCXFFE=&e=0&c=hFkpd/jruAGSg4GeAxn9fPitLsxZhrQVwrHbhH6KTlrXbRCt SknJ8UNX7nizHG1tbIl3QXz3CCXOAN0rBNUKfzCCbkPCTxVNMV8Y5/YpovtmevVxmC7PRt6i2VrFjye8Dz7y19qF cDw zGb6gasM2gWs b4XkTgE gScw zog=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=6OHrynMsiC1Yl/ZwvIoodYyU/CWjcI88g6MY/rgTPgE=&e=0&c=knKMxAUN5Qaz54IEDq6M8CLgxjjlr rGngIfFnakXc FC0epzvwEZnWsbYOYZmd4MUGN3c25VOtXimcqehNCZTPRf5NwHcy BIcBV5o8SS1njx8ufCcWSJEHAleRz7uU/p/tRwD2uksb8hq7u1OScN3lazjQEQeFIIEVuXQIuBE=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=NMPJ7MDdtPJCGNEldB7lTegueKg azlirjR8dcQqZ2Q=&e=0&c=W3BStMqvYK4g h6I9XKn UJDCoQQdhEk0UlZvohy6B8SRbbO9wibMAQSImUza1LYW/CI5dhBTHrr0ywLVwKZ3VIsqzzf8sjOK9O58oCd1blMZYx4cp6O r3JsJrw7he5Ar/TdCHiiYwwGOR xsf8TRDEEQ3WrZ9WlvmRqqTnRkg=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=GdaL0/ftUM4hAJqCEdog 6F8yEi9Kymz IFn/u7XduY=&e=0&c=c4rWEvZJGb2rPbTmO0YTXkOVGb3dm086q XCrDER7T9hVZ00Hy48TuC7JdajzQkA4TSKGiV7NbOymqVgELvlV MqOj4xv2yQl/x43I0D7UbC19INUy3bMJzR0OMtzOzc3iLgQI6obJUHE1nqRcHtzMj2gaRQ30EJj1kHPGdxIaU=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=fownUaak418jiS dekCRF Z2G5jU5zu fqA JPeZt9M=&e=0&c=vuxfPG9wKZTpHNTGDks5GXg74KYLP4FI24EDaP5BZVG6r7y1HuU0WT5umYvAxPr7EA6Ji1ZMSvrkL3Pxtr86bIMV7REOZphqOdIi4na5e83dJN0Q5JXWyTyEmAumzN9QicHPDMznxKTPn0FhUdzKNoPB8CqxqPuqXZTTUsH1sN4=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=Adq6rSYFk fgWuSrXaFYhxwCSQbEw4TGxpnGJVRRv7k=&e=0&c=5x /pKpGaQRAqzEOU8p1Tq5qK1TUtgjyxKJFA/xJYymYDWqWK6aII4eN6Nd85KdUj khfYVO7mTIxjpv5l4bPeHOGg/hm9aC7IEDrXZDmuu2eznK9ScftXBkVpNNlpFVmgviIwr6 V6lwAggEbbKTf3psIY2V5OWMbIxQ2Rj4=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=rI9 /cL4du94FYoRw5QjSP0hdlAuj7iea pmbM0CY4k=&e=0&c=GTscliqu8aTly XQP/ftHF1JM1Fy7cmnAH2432SaSa1jcrbMXkP703NH3gM5MSdxLXOIWdW4t/Bb9 ywOhHEnjtSlBWQzKPh1MN/EwnZUCjz4WqT759h9nmJI1MJeZzvXvUMO01frvxdssqdGWhWbflCZLtOdvOiYxCHQtb2/wo=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=yh/LAdxX2QevG/Ad6uPTGBP29xw2vR5JgjSV4Si7sEo=&e=0&c=x5i49m7JTo ybWdhTpg2zCUB3imf/zc1MkiMl 1b5PSTQ7ZOU//L1lbfkcF3N9nV05ROY2wpOTKiZYtZnzVB uwpjL2uGerVB2nDEMcDRasFdewyGHzD5R9FvWRrH8SnIatl0n6urBoqM3DdH xU/xThpGm6TtWJkqSIXNmc1Z0=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=r7TftWSp9cyxufd9msseQm6q2gNtzo/ mSV5rvtRLNc=&e=0&c=tWzApFuFCUoR44KSrpoG6K8exu71zroF HALyXd3qfyt6ZX8PN9Eb5akJQk8MWRwacqP7z6q/W6qUSUnMRZkTDqMip3oRy/imRq7Eye8jgj96jqmL7nO0iVcWC9Jt54SC xfhmczcSPo7GHq6ur7wK3Xn8FCv1EKJ8w10cAaqao=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=CDd9lpOL6bP2dAig3XGzpcW7pmbKUIkOMLE3dvWGCdQ=&e=0&c=L7FwYjhlTQVpRu7/Cd2mOb8c9YVlfzOY24wrasM8vxkCOXwqgnSGjCSOTu3TnSNcNPllSc0JKISH1iWJGEips0zCo0G2mpgExDfRU5UosLtgbSej2GdDVNxj1 vrXmd78h HgrIya58KEFSr4mnyAJda3FlBZ2zmka/Xs/7Wlyw=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=8XuFm74T 9dLBELmtOrGl65TgerHRoRAbe7P3/8OKNw=&e=0&c=cX8tMMm4pjmKzo yTkWsQ0J0p9FCE/kGcwhNeTMMhA5jcKwPG 8dXEM68rNlYm3thy 6LCbxpDjUKN8upuPF4aKIRj7Ke rm/0oFJkZrfCBa6hK3Sc7vZCx1cP2hQFPqlZSBayMurrRU5fbj5g696iP TAlY7Yrp2QtqtpFedGo=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=z3Aqm42 sVZVpyQpyKYVhkqatPVLFyCQUwLXrpkFo0A=&e=0&c=bT6P yxsE2HxSlFYN4z8 uBZx95gfsUSgJxejTTx3qY702KWBOX77xj82wiHeA0oEN12OF5TWqvxdbouwUBRGdY8UXTB/ekSg/PRTRuG5MH0XaIy0fzEfVQEB6B2ZWyvimMa42mblZsUXaCicjCVmImtVzWaE7WT/ SexQEMQ8E=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=hURd9Jeo80rHxMVSmtYztT/ifeQjFWPyi1P6jjN7Y/4=&e=0&c=rzJDs5XX8Yje6ULuopfqo2Jh3cF rTGpFKYQOQKmH8MLHjn7/2jS8l3BoDxfv4p8apINmYa7xJfu3iUMfmZ7lPeHjvidj7jrln9Z7BvNUQ1BApKUGzazxzFhakZ MuZRivtLQcRyPeHb3pua0KpskTFYAAvGr pemRpmPDCWX14=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

http://www.giftcapitalbyte.com/c?x=K9LOSoo78VlUl9v78opJ8dIrL0 iiHDUdfdANxVsmf8=&e=0&c=9s1nWjXCXU agn3LV8p4wPGY5xra66jH9Y cWADFR1gO5eKHEyEOxTqAs3cmaHGyYQ0nvB0oVT7l2BXKYCjqdu6pPgahSO4BqOG7YYz/5prHAFwMybLu7lvfaC/8xYBdqi/jgB8 Xia4Z7oGdR29gVxzmYJApLJhEeTiPPqEkZQ=&downloadAs=camstudio.exe&fallback_url=http://.../CamStudioSetup.exe

Remove camstudio.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.