home

setupcasino_db4ea0_ja.exe

Playtech Software Installer

Playtech Software Limited

This is a setup and installation application. This is the uninstaller utility registered in the Windows Control Panel for the program William Hill CASINO CLUB. The file has been seen being downloaded from www.casinogames.pl and multiple other hosts.
Publisher:
Playtech  (signed by Playtech Software Limited)

Product:
Playtech Software Installer

Description:
William Hill CASINO CLUB

Version:
13.2.0.0

MD5:
0f2ac45696fc504cd44b2fd709bf3c19

SHA-1:
f92ea19dd5a5b1fb1a00d698ee0209968abfad02

SHA-256:
d1474dbfaf2065904e46859c0dae04b765ef7aedf6efe645ea8044b4d03538df

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 9:18:33 PM UTC  (today)

File size:
792.8 KB (811,832 bytes)

Product version:
13.2.0.0

Copyright:
Copyright (C) 2001-2009 Playtech

Original file name:
CasinoDownloader2.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setupcasino_db4ea0_ja.exe

Digital Signature
Signed by:
Playtech Software Limited

Authority:
VeriSign, Inc.

Valid from:
10/22/2012 9:00:00 AM

Valid to:
10/27/2015 8:59:59 AM

Subject:
CN=Playtech Software Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Playtech Software Limited, L=Douglas, S=Douglas, C=IM

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7584CAA2377ED24D26D91034E6DE0EBB

File PE Metadata
Compilation timestamp:
1/15/2013 12:03:28 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:HQBTSw4vHf2RyV0L3M2OPZIOjXFljcu3L00pgt:eTSwXgalsLrr00pO

Entry address:
0x348BC

Entry point:
B8, 00, BD, 78, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, E0, 85, 45, 64, B7, 4F, 38, DE, A4, 1A, 5E, 8B, 52, 57, 19, 17, F6, 97, 2B, 84, F8, BF, E6, 4F, 03, E9, 1B, 89, A1, 45, C5, 2D, 3B, 20, AF, D5, A8, 59, FA, D9, C3, 10, 2F, 32, 9C, F1, D8, F9, 5C, AD, 79, EE, 03, 9B, E4, 3F, 4A, 66, 85, AE, FB, C7, 65, 97, 84, B2, 51, 31, B2, 5D, 7C, BE, F8, 13, B0, 4A, F7, 25, 36, D6, DA, 42, B3, 88, 4B, BC, A8, 1F, 84, A8, 14, E2, B6...
 
[+]

Entropy:
7.6378

Packer / compiler:
PECompact v2

Code size:
335.5 KB (343,552 bytes)

Program Uninstaller
Program name:
William Hill CASINO CLUB

Uninstall string:
"C:\Casino\William Hill CASINO CLUB\_SetupCasino_db4ea0_ja.exe" /uninstall


The file setupcasino_db4ea0_ja.exe has been seen being distributed by the following 3 URLs.

http://www.casinogames.pl/pobierz-kasyna

http://serve.williamhillcasino.com/promoRedirect?internal&default_zone=1472811546&lp=1233959665&var4=doc_DownloadCooltool&var7=noSteps-en

http://serve.williamhillcasino.com/promoRedirect?internal&default_zone=1472811546&lp=1233959665&opt_lang=en&var4=free_1_LeftMenuButton&var7=noSteps-en

Scan setupcasino_db4ea0_ja.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.