File name:

CamStudioPortable_2.7.4_English.paf (2).exe

Full analysis: https://app.any.run/tasks/22af5566-ded1-45e9-8eb0-035011b68d12
Verdict: Malicious activity
Analysis date: March 30, 2024, 01:44:19
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

21E5E16A4B259110BF1C2E32B5916192

SHA1:

FDD7086711B8CA193BAB0C059BBA6C14A41CA34A

SHA256:

8739BCB2C2288799AC47AFECFD1079CF2B8A5AE8BB57F7DBC07A5D16B5EFA451

SSDEEP:

98304:iaXYU/cfRkkUCgQxDTmi8XQWvWFHMCHb3Gqt1dJ3PZ7A399tT10SAUJ4id7YOkUT:iUF3c7DpoucqZ+BW2j

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • CamStudioPortable_2.7.4_English.paf (2).exe (PID: 3936)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • CamStudioPortable_2.7.4_English.paf (2).exe (PID: 3936)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • CamStudioPortable_2.7.4_English.paf (2).exe (PID: 3936)

    • Creates file in the systems drive root

      • CamStudioPortable_2.7.4_English.paf (2).exe (PID: 3936)

  • INFO

    • Reads the computer name

      • CamStudioPortable_2.7.4_English.paf (2).exe (PID: 3936)

    • Create files in a temporary directory

      • CamStudioPortable_2.7.4_English.paf (2).exe (PID: 3936)

    • Checks supported languages

      • CamStudioPortable_2.7.4_English.paf (2).exe (PID: 3936)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2020:08:01 02:52:49+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 428544
UninitializedDataSize: 16384
EntryPoint: 0x35d8
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.7.4.0
ProductVersionNumber: 2.7.4.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
Comments: For additional details, visit PortableApps.com
CompanyName: PortableApps.com
FileDescription: CamStudio Portable
FileVersion: 2.7.4.0
InternalName: CamStudio Portable
LegalCopyright: 2007-2020 PortableApps.com, PortableApps.com Installer 3.5.19.0
LegalTrademarks: PortableApps.com is a registered trademark of Rare Ideas, LLC.
OriginalFileName: CamStudioPortable_2.7.4_English.paf.exe
PortableAppscomAppID: CamStudioPortable
PortableAppscomFormatVersion: 3.5.19
PortableAppscomInstallerVersion: 3.5.19.0
ProductName: CamStudio Portable
ProductVersion: 2.7.4.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start camstudioportable_2.7.4_english.paf (2).exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3936"C:\Users\admin\AppData\Local\Temp\CamStudioPortable_2.7.4_English.paf (2).exe" C:\Users\admin\AppData\Local\Temp\CamStudioPortable_2.7.4_English.paf (2).exeexplorer.exe
User:
admin
Company:
PortableApps.com
Integrity Level:
MEDIUM
Description:
CamStudio Portable
Version:
2.7.4.0
Modules
Images
c:\users\admin\appdata\local\temp\camstudioportable_2.7.4_english.paf (2).exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
Total events
3 657
Read events
3 651
Write events
6
Delete events
0

Modification events

(PID) Process:(3936) CamStudioPortable_2.7.4_English.paf (2).exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3936) CamStudioPortable_2.7.4_English.paf (2).exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:@C:\Windows\system32\NetworkExplorer.dll,-2
Value:
Access the computers and devices that are on your network.
(PID) Process:(3936) CamStudioPortable_2.7.4_English.paf (2).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:Browse For Folder Width
Value:
318
(PID) Process:(3936) CamStudioPortable_2.7.4_English.paf (2).exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:Browse For Folder Height
Value:
288
Executable files
2
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
3936CamStudioPortable_2.7.4_English.paf (2).exeC:\Users\admin\AppData\Local\Temp\nsj3083.tmp\System.dllexecutable
MD5:
SHA256:
3936CamStudioPortable_2.7.4_English.paf (2).exeC:\Users\admin\AppData\Local\Temp\nsj3083.tmp\modern-header.bmpimage
MD5:
SHA256:
3936CamStudioPortable_2.7.4_English.paf (2).exeC:\Users\admin\AppData\Local\Temp\nsj3083.tmp\modern-wizard.bmpimage
MD5:
SHA256:
3936CamStudioPortable_2.7.4_English.paf (2).exeC:\Users\admin\AppData\Local\Temp\nsj3083.tmp\nsDialogs.dllexecutable
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CamStudioPortable_2.7.4_English.paf (2).exe