home

livedealer_a9fa25.exe

Playtech Software Installer

Playtech Software Limited

This is a setup and installation application. The file has been seen being downloaded from banner.ladbrokes.com and multiple other hosts.
Publisher:
Playtech  (signed by Playtech Software Limited)

Product:
Playtech Software Installer

Description:
Ladbrokes

Version:
13.2.8.0

MD5:
ee86b3de640d77304726ae1db45deff7

SHA-1:
e05111504fd02a232d213859a9e2d84451016500

SHA-256:
7909c1742aaee637029351f90e3e53ee11eddf8810901cd0087717fbbe2152df

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 5:17:21 AM UTC  (today)

File size:
593.3 KB (607,544 bytes)

Product version:
13.2.8.0

Copyright:
Copyright (C) 2001-2009 Playtech

Original file name:
CasinoDownloader2.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\livedealer_a9fa25.exe

Digital Signature
Signed by:
Playtech Software Limited

Authority:
VeriSign, Inc.

Valid from:
10/22/2012 1:00:00 AM

Valid to:
10/26/2015 11:59:59 PM

Subject:
CN=Playtech Software Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Playtech Software Limited, L=Douglas, S=Douglas, C=IM

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7584CAA2377ED24D26D91034E6DE0EBB

File PE Metadata
Compilation timestamp:
7/8/2013 1:50:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:lRmdpzcfZ4m+pGqvPHNfaEJj5d8XOqk1XjeQdJ8kDJ1pAUO:lycmm+NRaOYOFFyUb1pAUO

Entry address:
0x348DC

Entry point:
B8, A0, 8D, 72, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 6C, 1E, 88, 7E, D3, 6A, 9E, D8, 83, F1, E8, D0, 0D, EB, B6, 86, 06, 39, B4, DE, F8, DC, 14, BB, C8, E0, 85, 38, CF, CD, 44, 40, E8, 0D, 74, DB, 92, 73, 48, C2, 8B, 03, F0, B3, D2, E4, 39, CD, 3F, 95, 42, 7A, C2, A3, B8, DA, E7, F5, 54, D0, 68, 96, DE, F6, B2, 0F, 0A, 24, DF, BC, 4D, 2D, A0, 61, 42, 2F, 9C, 24, F5, A9, BD, 55, 2C, 50, FA, E4, 71, 18, 96, E0, DC, AF, 5A...
 
[+]

Entropy:
7.5991

Packer / compiler:
PECompact v2

Code size:
335.5 KB (343,552 bytes)

The file livedealer_a9fa25.exe has been seen being distributed by the following 2 URLs.

http://banner.ladbrokes.com/installer/.../SetupCasino_c53703.exe

http://banner.ladbrokes.com/.../SetupCasino.exe

Scan livedealer_a9fa25.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.