home

casinosetup.exe

Playtech Software Installer

Playtech Software Ltd.

This is a self-extracting archive and installer. The file has been seen being downloaded from banner.grandreefcasino.com and multiple other hosts.
Publisher:
Playtech  (signed by Playtech Software Ltd.)

Product:
Playtech Software Installer

Description:
CROWN EUROPE

Version:
13.2.11.0

MD5:
4a67b0f62124b31d5efba6417406a3d3

SHA-1:
1f0377afe9e4974ededaf2c98b376d4e8ab621f0

SHA-256:
65b58a2a1559228fcca8c0a7cb5d95877c7f9f44c7a0aa778a4108268bc115c8

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/26/2024 11:06:13 AM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
Downloader.AdLoad
3.12.26.4

Zillya! Antivirus
Adware.AdLoad.Win32.7347
2.0.0.2557

File size:
448.3 KB (459,104 bytes)

Product version:
13.2.11.0

Copyright:
Copyright (C) 2001-2009 Playtech

Original file name:
CasinoDownloader2.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\casinosetup.exe

Digital Signature
Signed by:
Playtech Software Ltd.

Authority:
VeriSign, Inc.

Valid from:
10/21/2014 8:00:00 PM

Valid to:
10/21/2017 7:59:59 PM

Subject:
CN=Playtech Software Ltd., O=Playtech Software Ltd., L=Douglas, S=Isle Of Man, C=IM

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4BCCAA7A2D896D3B2B5214ECAEE92EEA

File PE Metadata
Compilation timestamp:
1/17/2014 5:14:13 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:lv/gg6zhXiQDfw8uUJYLCXsjrSru8Jt+oXcpjmEchd0/f:hggqnD4yYssSrLJt+UcJmn23

Entry address:
0x3533C

Entry point:
B8, 50, 8B, 62, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 2E, 4A, 63, D3, C2, 38, BA, D4, 76, 9D, 11, 1D, EC, BD, 0C, EA, 30, FF, 95, ED, 1F, 29, C6, 89, 54, 11, 40, 80, 43, CA, 1D, F4, 0C, 72, 0F, B1, CD, 85, 2B, C5, E0, EC, 55, 13, CA, 08, 17, 4B, 39, BB, 26, 01, BD, 22, AB, CE, 7B, 2A, 50, D7, FF, A9, 49, BA, 18, 33, BC, 4F, 79, 06, 03, 29, 8E, AD, 20, 93, BE, 32, 0C, 2C, D8, 11, 32, 6C, 26, B9, D8, C5, FB, DE, AF, EB, 21...
 
[+]

Packer / compiler:
PECompact v2

Code size:
338 KB (346,112 bytes)

The file casinosetup.exe has been seen being distributed by the following 2 URLs.

http://banner.grandreefcasino.com/.../SetupCasino.exe

http://www.crowneurope.com/.../

Scan casinosetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.