home

enetpoker.exe

Enet NV

The application enetpoker.exe by Enet NV has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from cdn.enetpoker.com and multiple other hosts.
Publisher:
Enet NV  (signed and verified)

MD5:
5b6970e251af5fc0112b1651d461bb70

SHA-1:
06a69acd7d48eb769405852e46be60dfabc1ba53

SHA-256:
a7fcc9f5f04beacfa3f2666b6381ddce8044eb9e40fc31b1749b0f4f41493f8d

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Uses the Solimba installer to bundle adware offers.

Analysis date:
4/16/2024 6:02:20 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
WIN.Adware.Solimba-3
0.98/21511

Reason Heuristics
Threat.Win.Reputation.IMP
16.12.4.14

File size:
15.7 MB (16,418,536 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\downloads\enetpoker.exe

Digital Signature
Signed by:
Enet NV

Authority:
GlobalSign nv-sa

Valid from:
6/5/2012 8:26:05 PM

Valid to:
6/6/2015 8:26:05 PM

Subject:
CN=Enet NV, OU=IT, O=Enet NV, L=Curacao, S=Curacao, C=AN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11213A68850E379A5FD0D51959267AA867E4

File PE Metadata
Compilation timestamp:
8/30/2011 5:46:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.21

CTPH (ssdeep):
393216:eFtRWH+c4KIUJpOQ2AuJTNoR5XNBlrp7OsHt4ppaXYOLGlgL9LgA6Qs0kcfU:6k+c4K973ulkp9qppaXYOlLxgNt0kcM

Entry address:
0x4131

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 33, 43, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 34, 43, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 34, 43, 00, 56, A3, F4, 17, 43, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, 50, 18, 43, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 34, 43, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7...
 
[+]

Code size:
33.5 KB (34,304 bytes)

The file enetpoker.exe has been seen being distributed by the following 2 URLs.

http://cdn.enetpoker.com/installer/36_Poker2875/EnetPoker.exe#http://test.pkr.bet2875.com/.../

http://cdn.enetpoker.com/installer/.../EnetPoker.exe

Remove enetpoker.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.