home

sam_cast_studio_v3_4_5.exe

CHUTCHAI KIEWNOY

The application sam_cast_studio_v3_4_5.exe by CHUTCHAI KIEWNOY has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.torntv-dl.net and multiple other hosts.
Publisher:
CHUTCHAI KIEWNOY  (signed and verified)

MD5:
1345df8ba88028f35567e1c4b0749630

SHA-1:
378e66dc956e1b1e6b49fd0fdd45199b7fe5a523

SHA-256:
7160d2bce34131b370cf3d53cdcd31a4e1fc6a0f9e63f645e677bbded8c93603

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
6/16/2024 1:53:34 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/CoolMirage.Gen
7.11.177.6

Comodo Security
Application.Win32.CoolMirage.AS
19729

G Data
NSIS.Application.OneClickDownloader
14.10.24

Malwarebytes
PUP.Optional.OneClickDownloader.A
v2014.10.07.06

NANO AntiVirus
Trojan.Nsis.Yotoon.deckrr
0.28.2.62483

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.CHUTCHAIKIEWNOY.W
14.10.8.13

File size:
433.3 KB (443,696 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\sam_cast_studio_v3_4_5.exe

Digital Signature
Signed by:
CHUTCHAI KIEWNOY

Authority:
Thawte, Inc.

Valid from:
9/30/2014 2:00:00 AM

Valid to:
10/1/2015 1:59:59 AM

Subject:
CN=CHUTCHAI KIEWNOY, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
70CF135290F3FC7E7BD27C7B350CF722

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:kjOAb6mQ4IcafLSG7+bT4lVkxxm71mLfVUMBno:6nbPPaXlSm71mRfo

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9043

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file sam_cast_studio_v3_4_5.exe has been seen being distributed by the following 9 URLs.

https://www.torntv-dl.net/.../Dr_John_Chung_s_SAT_Math_Full.exe

https://www.torntv-dl.net/.../Into_the_Storm_(2014)_720p_DvDRip_x264_AAC_Hon3y.exe

https://www.torntv-dl.net/.../nero_8_Full.exe

https://www.torntv-dl.net/.../381_.exe

https://www.torntv-dl.net/.../Dawn_Of_The_Planet_Of_The_Apes_2014_720p_HDTS_800MB_ShAaNiG_com_mkv.exe

https://www.torntv-dl.net/.../unibomber.php?pub=trze7--search&file=&name=opy rnflpbairegre qrfxgbc 3 jbeq irefvba Shyy

https://www.torntv-dl.net/.../Martin,_George_R._R._-_Lied_Van_Ijs_En_Vuur_02_-_De_Strijd_Der_Koningen.epub.exe

https://www.torntv-dl.net/.../Star_Trek_The_Original_Series_S01e02_Charlie_X_Youtube_C.exe

https://www.torntv-dl.net/.../Game.of.Thrones.S03E10.Mhysa.720p.HDTV.x264-CtrlHD.exe

Remove sam_cast_studio_v3_4_5.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.