» pokerstarsinstall.exe
Overview
Analysis
File Details
Downloads (2)

pokerstarsinstall.exe

PokerStars Installer

Rational Services Ltd

This is a self-extracting archive and installer. The file has been seen being downloaded from dl-mail.ymail.com and multiple other hosts.

File name:

Publisher:

PokerStars (signed by Rational Services Ltd)

Product:

PokerStars Installer

Version:

4, 7, 8,

MD5:

b2ea05c8848cec6f5c28058345cf698b

SHA-1:

6b202d14a06e4878c11d31a1cb2756ef7b97afb0

SHA-256:

d35b4043c5eb793700caea6794f0296681329966b79353b7634cc4a0a9565ee3

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/29/2024 2:01:45 PM UTC (today)

File size:

1.4 MB (1,430,872 bytes)

Product version:

4, 7, 8,

Original file name:

PokerStarsInstaller.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\pokerstarsinstall.exe

Digital Signature

Signed by:

Rational Services Ltd

Authority:

VeriSign, Inc.

Valid from:

8/13/2010 2:00:00 AM

Valid to:

8/14/2011 1:59:59 AM

Subject:

CN=Rational Services Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=dev, O=Rational Services Ltd, L=Onchan, S=Isle of Man, C=GB

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

75C1B3A43DD7458E5020D421DD36C6E3

File PE Metadata

Compilation timestamp:

4/20/2011 8:29:32 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

24576:8lDwXPKWOpHXuKUTM2R1yY8GJrVpWDQ+5e6dhTsa5hp8Oeo4PIPH7emeZ6C:Bw+3YE1T8GJ5pW/5eoTsyhhN4A/77k6C

Entry address:

0x56B01

Entry point:

E8, BC, A0, 00, 00, E9, 16, FE, FF, FF, CC, CC, CC, CC, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56, 53, 8B, D9, 8B, 74, 24, 14, F7, C6, 03, 00, 00, 00, 8B, 7C, 24, 10, 75, 0B, C1, E9, 02, 0F, 85, 85, 00, 00, 00, EB, 27, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 83, E9, 01, 74, 2B, 84, C0, 74, 2F, F7, C6, 03, 00, 00, 00, 75, E5, 8B, D9, C1, E9, 02, 75, 61, 83, E3, 03, 74, 13, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 84, C0, 74, 37, 83, EB, 01, 75, ED, 8B, 44, 24, 10, 5B, 5E, 5F, C3, F7, C7, 03... 
[+]

Code size:

536 KB (548,864 bytes)

The file pokerstarsinstall.exe has been seen being distributed by the following 2 URLs.

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-GSI8B7SUPiKfEGnfPGOsLdcBRF2ANiOrfNnZ-R4IkqG2yPDiKjWyCsFB1F4UpKPRpXSQPIt7834jXjyRXCwNNg/messages/@.id==AI6niGIAAKw0TqhyHQKugUuX23s/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=7f9fc618-d9f1-3f40-019f-e9000d010000&token=TH_BEOpcG9lbhKAxrKFs1T3Uro6snVWTwVyXddKF3QInBNw9BwzbfelC7fDOrE4hBsskUEbZM7TrbvRJZYWQUWEg9ewAU--xU0UghlwYVbj-2ZtlT9A_pt3lDMkvO-73&error=https://mg.mail.yahoo.com/.../iframemsg?id=701b3b31-05ab-71ab-bd0f-59e71a5db9bd

http://update.pokerstars.com/PokerStarsInstall.exe

Scan pokerstarsinstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.