installscreencastomatic-v1.4.exe

Big Nerd Software, LLC

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.filescleanbyte.com and multiple other hosts.
Publisher:
Big Nerd Software, LLC  (signed and verified)

MD5:
ca5657d6444057f3390327a9a73899ea

SHA-1:
0db69c431803374b5c818fdfc2868196a0869290

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/23/2024 2:24:05 AM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
TROJ_GEN.F47V0228
7.2.79

File size:
27.3 MB (28,609,640 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\documents and settings\administrador\escritorio\nueva carpeta \installscreencastomatic-v1.4.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
8/14/2012 9:00:00 PM

Valid to:
9/13/2013 8:59:59 PM

Subject:
CN="Big Nerd Software, LLC", OU="BIG NERD SOFTWARE, LLC", O="Big Nerd Software, LLC", L=Seattle, S=Washington, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0409251A795A5F5D8DF948530AFD7548

File PE Metadata
Compilation timestamp:
12/5/2009 7:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:3otNH0dTjbQt5ow9OW44qo3WJ9Y+rxGRFTcMr:3oAVjbooql5GvdYRd

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file installscreencastomatic-v1.4.exe has been seen being distributed by the following 50 URLs.

http://www.filescleanbyte.com/H6hjmGFJawdBp8Iz5TTjW3AWcaUvdua7pLxDHxtEqT3p4eFGeR9zmJvuWUp6bAnuZ1P0iC_tVxQI9QlhjGmUT5xN2zw4EoTlofJq1NMwbbHtmbgUO8kWbyWqv6H6HO3bSzZZMeIZVDpGZtdGYjZsMv394DFgaTZbQMhpmqAA30pBtCwGTH Y2GFFMW2X efHDb C7EcLBBy16z9GtHF0YpENEPTVUg==-G0YAAMTyFtO_oQhVMEFIP7uNYuZ_gA04cEvkacBAcNgYO1fQaMNsX6IauVnkqRBoy4bLS dV6wdYpX8tYrPTDeQ5MT4A

http://www.capitalvaultsbits.com/WVl6OTRQVzV4Vmt0cGVsRk5Xa1pMVVc0eWVXUmhRWG8xTmpGRVZDVXlRamhJV2lVeVFsUlJSME40ZEZCWFZqUXlZMmxWSlRORUptTTlTbFJKTjJKM2VFaE9KVEpHVm1aelYzWkdVMHBIVFRVbE1rSkllSFp6ZWtZMmNsbEllV1ZIUlc5b1VrUkJNMmhEWW5aTVREQlZNV2xITXpodFNIbHNTR1ZrZUc4Mk16TjBWSGRVY3pWSk5WVjFXVE5rWWxCNmN5VXlRbHBqYWtzMVpXUnVKVEpHTVc5eFpEbFlUa0o0Um5WSUpUSkdSRTFTSlRKR0pUSkdSbFZGWXpabk5EWWxNa1pNY25OcUpUSkNNRXdtWkc5M2JteHZZV1JCY3oxVFkzSmxaVzVqWVhOMExVOHRUV0YwYVdNclUyVjBkWEF1WlhobEptWmhiR3hpWVdOclgzVnliRDFvZEhSd0pUTkJKVEpHSlRKR2QzZDNMbVJ2ZDI1c2IyRmtabkpsWlRjdVkyOXRKVEpHYVdNbE1rWnpZM0psWlc1allYTjBiMjFoZEdsakpUSkdhVzVrWlhndWNHaHc=

http://www.filehorse.com/download/file/.../

https://doc-0o-80-docs.googleusercontent.com/docs/securesc/c8m4ulum6l6o84f4rdl2c9oi5q3d3g98/j0gf44f8mk93qvrag000dci56p95m73t/1472839200000/01728611682721437414/.../0B9ZjIPKN8EJicmhjZXRJaWhLN2M?e=download

https://universitice.univ-rouen.fr/mod/.../view.php?id=85798

http://www.capitalvaultsbits.com/pmONqD2tHTcOIynLtaAbZGDOidykKrqxFqEMmSNRuQn_pDUQWCW1iU0 Aq0JJofLvdJ2OWn9gM4Ceg4Q1YrRS5arBwToCHl1khdKLKpsBEsYOz7ivb0YNtq_q26hp_RWmQX1o3Mwb5n1sLbA 191dKxpAe63pZM6_ ZAwS99uP6WjRCDIUeHhAnZhaZzGZnJRzPCJKPWc1ZB7R6S6dzYxspIm7kQHZgHOEIHZEYmN2zdIGHioTE=-GzQAAEQnh9YhpHbp0H4IHHLA_u0JJJ4FG2Nn6pDINyZ ZNdFQwRC2PHNi8NsNg==

http://www.filehorse.com/download/file/.../

http://www.capitalvaultsbits.com/jYf_7H_9eF6oYPsQtAxhB2sCI6Z9TS3mcCz7DQV35axkimXqyoRmZp0WcchsEyTZIFHsiJHvb9wT2bJm0L1mJAsCuhCqNW3d1skHkMVDdcWVFDd5yfqe1JBpKtuqjjmDfZ9tKcJqMmUo oA2b6Z14dg2SggO7LJbKZGbD2QqrwZAWqcZxWHkh K26hZq2TC_uKIG6idXULYpatx_ajUT tSKAWbQJA==-GzQAAEQnh9YhpHbp0H4IHHLA_u0JJJ4FG2Nn6pDINyZ ZNdFQwRC2PHNi8NsNg==

http://www.filehorse.com/download/file/.../

http://www.capitalvaultsbits.com/32hXbfHCgw2ZTDLK3ttDz51Hw4IOzE NOE8Yo_zE4jF2d20dS47fstfVS48wmop80vnGEfZ0GoaVDyvxfXHFgde2PBUX_nsrrL JpQ1 k3BCzFdW7wE1Gsiu0XSVDCoKek6yUHOXX85_7yXftLoZztSfUl10Ekd9Frpm_cc5G60knCVC1iX450ETWX_ckQKbIlzxn72Fv8jFJvzKU3pgxycFTk3E3g==-GzQAAEQnh9YhpHbp0H4IHHLA_u0JJJ4FG2Nn6pDINyZ ZNdFQwRC2PHNi8NsNg==

http://www.capitalvaultsbits.com/Z2eRbu4eJLNiP1iL9 cmtVR0gDzONKxtie_45WjnpdJ043mTACUfRs9HswxxT nvjL1qB5YzWrHUl98WcVJFPauE7QqbbNi9ei9bVty3QJNE_zhaHmvPW2CRo_AR0rr31u7wwTsau8rII0NXc PYXZ16XAoGl7FH1V6hGyx0HJO_MaiXO1GkbEwo7UMwMe29Gk2S3w9 zSBBLUYY7ZjBAcw_nYrtw0SYxSi_1Uo9mj6MJc1A6Yb1Jiy4aM_efEuRE9ejhet_gtT3mHDMpaCzhrSHJ wXuPkK3u L3An5cBK5B0PLEze0AlbW9mX yBRov117kQuQTKAehVVrJMTCl4hK9ojpBBX7qNJoL5i3LHNh_luPCzAjNPJd2TB4b0gFeojjPA4smMUzLxFxyUmsQYQJI7s_1Gb_7ZAi53ui61XMHhIx7916TmhggUcmA2bLFuJsqYUXPeHUxzzvfE J51mh57sANsBTPnfwpbNpu25cmShmY8ccAmXYREbUpduJM7RDeMaQrp74rGK8IFiLWU5_UCm6utiTyDTuNWcKMJ5jSbdK9uFqEbSp5j4 EuLlDNOVpYyB-GzQAAEQnh9YhpHbp0H4IHHLA_u0JJJ4FG2Nn6pDINyZ ZNdFQwRC2PHNi8NsNg==-e

http://cdn.pureinstallersstage.com/c?x=mFvFWtA076U VygkE2X2XwWAqqnFfnmDrnrdcc7yB70=&c=4TlIAsI75EkUP9q4HN3dLUTytQEd 5zrQvj2vbtwxtO4 DnEtcRIU0kUJsqjRTTOXupTrzFuqtoFIaWpSdlVFQ==&downloadAs=Screencast-O-Matic Setup.exe&fallback_url=http://www.onlyfreedownloads.com/landing/bing3/.../download.php

http://www.capitalvaultsbits.com/JuB3kiOtmQ4h1oh2AyjADUXh1OWO7vB8YDhtgfYnbPT08oATLWyZXnYkZjZ90NFtTB1xUV56oTDMvcTKt2tirvTJs5aV0rz _38aEqcfsFeJtMdyBZ57SAXF_VXA8nbGxQunFMeLDac4QFsX5ZYDnPBN1gfkKFTIXVT3vir58al0MGYaWca0Er2RCE344IdoL_gwZQCirWgysqFcpyN6Yqxn805WNA==-GzQAAEQnh9YhpHbp0H4IHHLA_u0JJJ4FG2Nn6pDINyZ ZNdFQwRC2PHNi8NsNg==

http://www.capitalvaultsbits.com/Q_Zcs3GjWCDXQCDTGTn7ozpBJgPyD8GMGUT6RWr i2vV6w5l87vUZqTjGIwDZ4IJNO5Ik3UEBoHJ4NFbqjj 1JJ9pamAJS7MOBnqMXm2La7Dw0QK x0V7DxweRa392O88Mx2ZvZFLPw fSQG9pcE7H95ZJj4Eg61PzHYtVNDVZL3EOmpKt6Ct83ApVCgpyBLnmdELnsIciiSJIkoDPBfMkDH 95gJOkc9d2Gvg5GRYtoS F_zr8=-GzQAAEQnh9YhpHbp0H4IHHLA_u0JJJ4FG2Nn6pDINyZ ZNdFQwRC2PHNi8NsNg==

http://www.capitalvaultsbits.com/dhOQNX9Lr2h3gm4uPqoWkApSXyRerd10 t_IbTRAWbh3J2KSCWrGGRbHWwT6tx9yMLhnl8cjLKpMvJ1B2RU6qF42CvUAFEU_K4RzExM0BV_pFfi2E hL1ha986lANaXRf_CPWy8cDWUnRhnqh1_7voEedozU8vE_QOQaCP6Ob9yjN4Th5J65e3C4h_u9gKc1ZsWK9AmKF8wS7UT4KfbN_WAhtB6WAA==-GzQAAEQnh9YhpHbp0H4IHHLA_u0JJJ4FG2Nn6pDINyZ ZNdFQwRC2PHNi8NsNg==

http://www.filehorse.com/download/file/.../

https://universitice.univ-rouen.fr/mod/.../view.php?id=169563

https://doc-0c-ac-docs.googleusercontent.com/docs/securesc/0iu93ic16lmo972kgi9u5v4eofikbuh3/ku2n3c57pn9651ejndcfcbbi3i8j44oi/1479988800000/.../02279749841594243945/0B0FVWQLLXv_GbnNpM3Rzbjk5NUU?e=download

http://www.capitalvaultsbits.com/dM810Xua5laEj6 xaYLyD n8wkpaS7RAlhr_dLqXSiDyDrIBgAuzIpH10j5Pwk62wXvZqbdym6JFg0v9htK5R0HBc2XKl LCyoGsMoGLdZqJOF3XufiKikorEKhZdWc7Aw0m3WUxuXfubsBGFO30nTQhjvvEsQVi2BXFF6QZ7EFtLqiunCezRCCVqhokq9jE uxBCbF9iyesbxV5i54qKT3tigvgHw==-GzQAAEQnh9YhpHbp0H4IHHLA_u0JJJ4FG2Nn6pDINyZ ZNdFQwRC2PHNi8NsNg==

http://www.capitalvaultsbits.com/c?x=BpEw29oEx2fN4JW5ihWBFyAF7DsAQeUdfjMxY9Cv6kg=&c=58l9Za qCV3kKt3A0LN7lhPxGz3OoEU7FF59JMpL8AFedUjKiwwUkqjIihxoOBsP7G SA/AvwGQJ/4CH8lIC/XF Tr7l6mdcM5p/ h1qYCq31aq7N iCKAW1tV/b8xsmgyBCDdQu3Or0j5b5 2dQyAU8HRS7QT81WkLeLGmrcNw=&e=0&downloadAs=Screencast-O-Matic Setup.exe&fallback_url=http://www.downloadfree8.com/ic/.../index.php

http://www.filehorse.com/download/file/.../

https://docs.google.com/uc?export=download&confirm=yy45&id=0Bz_It0ig2ozRUEQ0eGtlN2lGdHc

http://www.capitalvaultsbits.com/VnkPSsiAwBI_Ibgs9sghA_lwCqgl5u87dBNU5sQenFyvAC_BOtusUpSjaOSiDtM1uRllpx7JikzP7c1q oSQvXW3Fh3bvhvPQFZePPbt9SbnQyWTKRbrEAix4arwkQvyNvBRxtjeAzAk3Q dD5fr3nbU3b8QesfZfCrDf F9W86SgI IpfWXe3ptzfrkwA_NehEk3kvs_byady37pPUBCo0JmPaCnQ==-GzQAAEQnh9YhpHbp0H4IHHLA_u0JJJ4FG2Nn6pDINyZ ZNdFQwRC2PHNi8NsNg==

http://www.capitalvaultsbits.com/yuJhWMQbbQ3RJil1mJVN25k73UhQLIk1oOwkPpe7kzNxTpsZ5YNPV5FoFU4fYfy8uRQYvnoIgNDEcFpdD4cG39k485pg1vG3x7YGiCobV3lIFLPADVTqxgdMgraRBoT4lyiYihy8wLPCFfCF xGLuDL89rINL 0sTCaMPhFELmyucwIxw8TWxUtCVRt_WmRxOLkgdPF0J Y3WSKst6qbn9MD1ZO7hQ==-GzQAAEQnh9YhpHbp0H4IHHLA_u0JJJ4FG2Nn6pDINyZ ZNdFQwRC2PHNi8NsNg==

http://www.capitalvaultsbits.com/iPNrBN9_FJvovNI7t6gg9yXA3EU1Z7CpC49oLCx rQ8pPxno4wRQ_Q8PeSuRvxrkCIP7 7exhxnEKaqCpzmjVy41UHwrJoW1CT5KXLXlP0FK2eHzeebnoFLZbeHxXNYaDHOMFHnVhOud0TIZAwiPkJfQqFb60ajyKOGfPcDj30_kCWK7TkF6WV7Drre7tAe2DRD5LKypGQYS2lM4Y4_aTmUFbxX1jA==-GzQAAEQnh9YhpHbp0H4IHHLA_u0JJJ4FG2Nn6pDINyZ ZNdFQwRC2PHNi8NsNg==

https://docs.google.com/uc?export=download&confirm=pfQO&id=0Bz_It0ig2ozRUEQ0eGtlN2lGdHc

https://docs.google.com/uc?export=download&confirm=9vHc&id=0B7Nrz6dTg4c9R0NjbXZtQU04Uk0

http://www.capitalvaultsbits.com/Hrg3rpIj41GSLcJZpoP3RsQN4NFSIZPF R7LY4V ugB8ncYpMm8blXmsH0lLLMQIWH 69Z_4JosphE_fNl6crhGZtY5qFtj6gq_gJRgELlawrtHgPGePebMH6ETmdUvXKLONdHRWQ_ M3s3AWbMxXbQMMF36IhZUbPffSRzkhapwuCTcwg8awPSpegkPu_YuPEuwJqinoSyqNCVLjkcYrgrFjyPbbA==-GzQAAEQnh9YhpHbp0H4IHHLA_u0JJJ4FG2Nn6pDINyZ ZNdFQwRC2PHNi8NsNg==

http://www.todaycapitalbyte.com/0DW8Rsk59DT6zdYnBihU0PG5j2DF 7LfPprVOeDPYpf0c6sSXPm_OQj6mk6 qMsRGzOjD Dv4bpPL7GWQkP E 6Hq85VfU1T3HSZTB 9nSH G5TkNJ1cUpLZ1d3WwEqcedVpSHMDpRODa84w4IJBbOgsbQRlGre6FOR_ZG4340qxLGK9chXNHHqqIxgLN_uVyET00wYDuMKY42dmLHUOEkKMUkGmPw==-G0YAAMTyFtO_oQhVMEFIP7uNYuZ_gA04cEvkacBAcNgYO1fQaMNsX6IauVnkqRBoy4bLS dV6wdYpX8tYrPTDeQ5MT4A

https://docs.google.com/uc?export=download&confirm=5pnl&id=0B7Nrz6dTg4c9R0NjbXZtQU04Uk0

Latest 30 of 110 download URLs

Scan installscreencastomatic-v1.4.exe - Powered by Reason Core Security