× Cookie が無効になっています。 このサイトを正しく動作させるには、Cookie を有効にする必要があります
SHA256: a199d27557e07a76d61c667665f36c2687865ebf29d8e4b082935eec96f47b60
ファイル名: CamStudioSetup_v2.7.2.exe
検出率: 14 / 55
分析日時: 2014-08-23 04:12:59 UTC (4 年前) 最新を表示
ウイルス対策ソフト 結果 更新日
AntiVir ADWARE/InstallCore.Gen9 20140822
AVG Generic.953 20140823
AVware InstallCore (fs) 20140823
Comodo ApplicUnwnt 20140823
DrWeb Adware.InstallCore.386 20140823
ESET-NOD32 a variant of Win32/InstallCore.PK 20140822
Fortinet Riskware/InstallCore 20140823
K7AntiVirus Trojan ( 0049c6751 ) 20140822
K7GW Trojan ( 0049c6751 ) 20140822
Malwarebytes PUP.Optional.StmSetup 20140822
Qihoo-360 Win32/Virus.Adware.f22 20140823
Sophos AV Install Core Click run software 20140823
TrendMicro-HouseCall Suspicious_GEN.F47V0718 20140823
VIPRE InstallCore (fs) 20140823
Ad-Aware 20140823
AegisLab 20140823
Yandex 20140822
AhnLab-V3 20140822
Antiy-AVL 20140823
Avast 20140823
Baidu-International 20140822
BitDefender 20140823
Bkav 20140821
ByteHero 20140823
CAT-QuickHeal 20140822
ClamAV 20140822
CMC 20140822
Commtouch 20140823
Emsisoft 20140823
F-Prot 20140822
F-Secure 20140823
GData 20140823
Ikarus 20140823
Jiangmin 20140822
Kaspersky 20140823
Kingsoft 20140823
McAfee 20140823
McAfee-GW-Edition 20140822
Microsoft 20140823
eScan 20140823
NANO-Antivirus 20140823
Norman 20140822
nProtect 20140822
Panda 20140822
Rising 20140822
SUPERAntiSpyware 20140823
Symantec 20140823
Tencent 20140823
TheHacker 20140822
TotalDefense 20140822
TrendMicro 20140823
VBA32 20140822
ViRobot 20140823
Zillya 20140822
Zoner 20140822
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright

Product
File version
Description
Comments This installation was built with Inno Setup.
Signature verification Signed file, verified signature
Signing date 9:09 AM 7/18/2014
Signers
[+] STMSetup
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO Code Signing CA 2
Valid from 1:00 AM 4/28/2014
Valid to 12:59 AM 4/29/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint C6E181103B63DD34FA7D244A62B1B2977CF17EF8
Serial number 4C C8 AF 2C 05 7F C3 2A 3F A7 F4 4E AA DD 7E EA
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network™
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT INNO
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009C40
Number of sections 8
PE sections
Overlays
MD5 69deb577abe9103f9cffc84358b5cd39
File type data
Offset 83968
Size 682016
Entropy 7.92
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 5
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
NEUTRAL 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

InitializedDataSize
45056

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
37888

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x9c40

ObjectFileType
Executable application

File identification
MD5 5df395792497eb6219805bcb55db1da9
SHA1 c05ebcc71e23a454cb2760a32e37d69e98bc4d0f
SHA256 a199d27557e07a76d61c667665f36c2687865ebf29d8e4b082935eec96f47b60
ssdeep
12288:CdFadrdvwGtkNpcrisyMTt0xYDddQOwLlS1MeV5fOPWDc3sbjL6FDzWQPeWc:CdF6djkrYp06DdCPLI2WPc3sbjiXWWc

authentihash ac76c14aa50ec29bdbe92d69943c3afdb9f8e43beebe83eb15f1075e5cb8c827
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 748.0 KB ( 765984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (42.4%)
Win32 Dynamic Link Library (generic) (19.7%)
Win32 Executable (generic) (13.5%)
Win16/32 Executable Delphi generic (6.2%)
OS/2 Executable (generic) (6.0%)
Tags
peexe overlay signed via-tor

VirusTotal metadata
First submission 2014-07-18 20:08:49 UTC (4 年, 2 ヶ月前)
Last submission 2018-08-26 10:40:26 UTC (3 週間, 3 日前)
ファイル名 0sbutsjw.iif
vsjl1ujm.82j
CamStudioSetup_v2.7.2 (1).exe
g0njauq1.tbp
pde4116.tmp
t0nn4fau.cjw
vsg608u0.c94
vsgu01kd.k9o
CamStudio.exe
pibwtx0l.ntc
vsii0jj2.c2n
vs4v0evq.42m
pde9c9e.tmp
pdef652.tmp
pyou4kzh.jou
vs441t7p.t88
ueyk3q3t.5nk
jv2cl050.sff
pde4de8.tmp
gy2v3nt3.emu
m0beb4pr.kdq
2rkns3fh.l5t
pded515.tmp
lzumqxbj.5ch
k0uewk3n.afy
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

コメントはありません. この項目について、VirusTotal コミュニティのメンバーはまだ誰もコメントしていません。是非、コメントしてください。

コメントを投稿してください...

?
コメントを投稿

サインインしていません。登録ユーザーのみがコメントを投稿できます。サインインして意見をお聞かせください。

投票はありません. この項目に対してまだ誰も投票していません。是非、投票してください。
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs