home

internalpokersetupuninstall1419355874264_90fae9_en.exe

Coral Poker

The executable internalpokersetupuninstall1419355874264_90fae9_en.exe has been detected as malware by 9 anti-virus scanners. This is the uninstaller utility registered in the Windows Control Panel for the program Coral Poker. While running, it connects to the Internet address vip154.ssl.hwcdn.net on port 443.
Publisher:
Coral Poker

Product:
Coral Poker

Version:
1.1.1.32

MD5:
de2a6bf38bab9d50b172ffeddc4cae07

SHA-1:
f4dd63a2756f6f620e9acb761bd01db29d2dfeb3

SHA-256:
cbc0cfc417429b7e996830df14f9d3c627738a4cfe715243a31708e63f70c0db

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
4/24/2024 8:53:53 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.12353188
773

Agnitum Outpost
Trojan.DownLoader
7.1.1

Bitdefender
Trojan.Generic.12353188
1.0.20.1785

Dr.Web
Trojan.DownLoader11.50208
9.0.1.0357

Emsisoft Anti-Malware
Trojan.Generic.12353188
8.14.12.23.04

F-Secure
Trojan.Generic.12353188
11.2014-23-12_3

G Data
Trojan.Generic.12353188
14.12.24

MicroWorld eScan
Trojan.Generic.12353188
15.0.0.1071

nProtect
Trojan.Generic.12353188
14.12.19.01

File size:
1.8 MB (1,842,176 bytes)

Product version:
1.1.1.32

Copyright:
Copyright 2014

Original file name:
installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\coral poker\internalpokersetupuninstall1419355874264_90fae9_en.exe

File PE Metadata
Compilation timestamp:
11/17/2014 9:32:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:rc4u49CbNSFXVJUtSH9zaTRpSWabzjQWLtm5YXld:rz4GFJUtYf

Entry address:
0xEF775

Entry point:
E8, E0, D7, 00, 00, E9, 7F, FE, FF, FF, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 30, B2, 57, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 60, 53, 57, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 30, B2, 57, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00...
 
[+]

Entropy:
6.5607

Code size:
1.1 MB (1,154,560 bytes)

Program Uninstaller
Program name:
Coral Poker

Uninstall string:
"C:\users\{user}\appdata\local\coral poker\internalpokersetupuninstall1419355874264_90fae9_en.exe" \executeuninstall \trafficsource='default9c' \profile='aff9c' \userid='d8668574c0e94b8897818985f


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to vip154.ssl.hwcdn.net  (205.185.208.154:443)

TCP (HTTP SSL):
Connects to ec2-52-3-176-101.compute-1.amazonaws.com  (52.3.176.101:443)

TCP (HTTP SSL):
Connects to ec2-52-201-97-156.compute-1.amazonaws.com  (52.201.97.156:443)

TCP (HTTP SSL):
Connects to ec2-52-55-195-249.compute-1.amazonaws.com  (52.55.195.249:443)

TCP (HTTP SSL):
Connects to ec2-52-29-208-110.eu-central-1.compute.amazonaws.com  (52.29.208.110:443)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.