» capturino.exe
Overview
Analysis
File Details
Downloads (2)

capturino.exe

Capturino

CAPTURINO SOFTWARE(Bellenger Jean Paul Henri)

The application capturino.exe, “Capturino Setup ” by CAPTURINO SOFTWARE(Bellenger Jean Paul Henri) has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.capturino.com and multiple other hosts.

File name:

capturino.exe

Publisher:

Capturino Software - Jean-Paul Bellenger (signed by CAPTURINO SOFTWARE(Bellenger Jean Paul Henri))

Product:

Capturino

Description:

Capturino Setup

MD5:

5cc6ca0d371292bd92326e4c362d49ba

SHA-1:

be8b694a95fa4c4f7edb26e374da79c254c0e6d6

SHA-256:

c9edff406b515acc25606d3ab9f46c92510712b5061f7e2e778744c8e4d7092a

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

4/25/2024 4:53:55 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Sality.AT

7.11.30.172

ESET NOD32

Win32/InstallMonetizer.AU potentially unwanted application

7.0.302.0

Reason Heuristics

Adware.Bundler (M)

16.3.10.21

File size:

4.5 MB (4,717,120 bytes)

Product version:

2.43

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\capturino.exe

Digital Signature

Signed by:

CAPTURINO SOFTWARE(Bellenger Jean Paul Henri)

Authority:

GlobalSign nv-sa

Valid from:

6/15/2012 11:27:24 AM

Valid to:

6/16/2014 11:27:24 AM

Subject:

E=capturino@gmail.com, CN=CAPTURINO SOFTWARE(Bellenger Jean Paul Henri), O=CAPTURINO SOFTWARE(Bellenger Jean Paul Henri), L=Herouville Saint Clair, S=Calvados, C=FR

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121EF8FF39FA608A58660572803CDBE9D67

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:vnkXDxKOxCIcz9BIko7MSgVGAI/JYA00imf2MIHHONztgozwInVoKxbB:/OxKOcNz9B+YSgVGfBYA00RLqHiztgtg

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file capturino.exe has been seen being distributed by the following 2 URLs.

http://www.capturino.com/capturino2.exe

http://gsf-cf.softonic.com/be8/b69/.../file?SD_used=0&channel=WEB&fdh=no&id_file=73575&instance=softonic_fr&type=PROGRAM&Expires=1456925487&Signature=LlztZ2qiJS8s9QQwpkg~EN3n7Bdwhnuc4b-SzpPnr5wyLcRCcc1K8A6Zh1WdNQaICnOkPD26Y3mpWzzE~o5lVbUc~cHmnI2Rd-i1mOUZ18hH2MEpUCbSVFfQJRsJygBTWd3XlalY78SKwqnRYTnJzQcmtLgvbK4SiUnGk4H~Z8M_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=capturino2.exe

Remove capturino.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.