× Cookies zijn uitgeschakeld! Voor een goede werking van deze website moeten cookies zijn ingeschakeld
SHA256: afb23549aad7633353428b6611d700179e15d9e14eb422fc56d697f901a4ddcf
Bestandsnaam: camstudio.exe
Detectieverhouding: 25 / 56
Datum van analyse: 2015-10-21 10:27:49 UTC (3 jaren, 7 maanden geleden) Laatste weergeven
Virusscanner Resultaat Versie
Yandex PUA.InstallCore! 20151020
AhnLab-V3 PUP/Win32.InstallCore 20151021
AVG Generic.CB8 20151020
Avira (no cloud) PUA/InstallCore.Gen4 20151021
AVware InstallCore (fs) 20151021
Baidu-International Adware.Win32.InstallCore.ACQ 20151021
Bkav W32.HfsAdware.E9F2 20151020
Cyren W32/Application.PFFF-5491 20151021
DrWeb Trojan.InstallCore.864 20151021
ESET-NOD32 a variant of Win32/InstallCore.ACP.gen potentially unwanted 20151021
Fortinet Riskware/InstallCore 20151021
GData Win32.Application.Agent.B1TE5U 20151021
K7AntiVirus Adware ( 004c98031 ) 20151021
K7GW Adware ( 004c98031 ) 20151021
Malwarebytes PUP.Optional.InstallCore 20151021
McAfee Artemis!433C4D902C8E 20151021
McAfee-GW-Edition Artemis 20151021
Panda PUP/Multitoolbar 20151021
Qihoo-360 Win32/Virus.548 20151021
Sophos AV Install Core Click run software (PUA) 20151021
SUPERAntiSpyware PUP.InstallCore/Variant 20151021
Symantec Adware.Eorezo 20151020
VBA32 Malware-Cryptor.InstallCore.gen 20151020
VIPRE InstallCore (fs) 20151021
ViRobot Adware.Installcore.1004048[h] 20151021
Ad-Aware 20151021
AegisLab 20151021
Alibaba 20151021
ALYac 20151021
Antiy-AVL 20151021
Arcabit 20151021
Avast 20151021
BitDefender 20151021
ByteHero 20151021
CAT-QuickHeal 20151021
ClamAV 20151021
CMC 20151021
Comodo 20151021
Emsisoft 20151021
F-Prot 20151021
F-Secure 20151021
Ikarus 20151021
Jiangmin 20151020
Kaspersky 20151021
Kingsoft 20151021
Microsoft 20151021
eScan 20151021
NANO-Antivirus 20151021
nProtect 20151021
Rising 20151020
Tencent 20151021
TheHacker 20151020
TrendMicro 20151021
TrendMicro-HouseCall 20151021
Zillya 20151020
Zoner 20151021
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
CamStudio

Product CamStudio
File version 2.0.5.a0.1_44806
Description CamStudio
Comments This installation was built with Inno Setup.
Signature verification Certificate out of its validity period
Signers
[+] MaxPlatform (Fried Cookie Ltd)
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - G2
Valid from 03:42 PM 04/27/2015
Valid to 03:42 PM 04/27/2016
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 1EA0BD67C2E32B9B303036242D2B6FC1349D4501
Serial number 11 21 50 7E 6B DD 04 38 A3 C1 58 F8 73 DC AA 10 63 4D
[+] GlobalSign CodeSigning CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 09:00 AM 04/13/2011
Valid to 09:00 AM 04/13/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9000401777DD2B43393D7B594D2FF4CBA4516B38
Serial number 04 00 00 00 00 01 2F 4E E1 35 5C
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000A5F8
Number of sections 8
PE sections
Overlays
MD5 facdd53920bf14f3bfb6c55b876e13f1
File type data
Offset 86528
Size 917520
Entropy 7.95
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 5
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 8
NEUTRAL 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
CamStudio

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Unicode

InitializedDataSize
45056

EntryPoint
0xa5f8

MIMEType
application/octet-stream

LegalCopyright
CamStudio

FileVersion
2.0.5.a0.1_44806

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.0.5.a0.1_44806

UninitializedDataSize
0

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
CamStudio

CodeSize
40448

ProductName
CamStudio

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
File identification
MD5 433c4d902c8eedf3e6ae4b0c7a076d1f
SHA1 8204dd1acbc39f92c9dddf5823765460044abb7c
SHA256 afb23549aad7633353428b6611d700179e15d9e14eb422fc56d697f901a4ddcf
ssdeep
24576:lnBS3SNu2ljjW9Y4hycIUlNflYd/B20ilVXsItf2:lBfu2l/ihycidIVXsq+

authentihash 493aa3e544733185a3c37b777f95308510cfbc9aec4b642dd11f844331887ad0
imphash 884310b1928934402ea6fec1dbd3cf5e
Bestandsgrootte 980.5 KB ( 1004048 bytes )
Bestandstype Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-09-11 12:48:43 UTC (3 jaren, 8 maanden geleden)
Last submission 2018-05-10 00:04:56 UTC (1 jaar geleden)
Bestandsnamen icreinstall_camstudio.exe
CamStudio_Setup_Manager.exe
camstudio.exe
Geen reactie. Er heeft nog geen VirusTotal-communitylid gereageerd op dit item. Wees de eerste!

Laat een reactie achter...

?
Reactie plaatsen

U bent niet ingelogd. Alleen geregistreerde gebruikers kunnen reacties plaatsen. Log in en discussieer mee!

Geen stemmen. Er heeft nog niemand gestemd op dit item. U kunt de eerste zijn!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Runtime DLLs