home

setupcasino_f621d3.exe

Playtech Software Installer

Playtech Software Limited

This is a setup and installation application. The file has been seen being downloaded from serve.prestigecasino.com and multiple other hosts.
Publisher:
Playtech  (signed by Playtech Software Limited)

Product:
Playtech Software Installer

Description:
Prestige Casino

Version:
1, 0, 0, 1

MD5:
408ffe6e9a714d4c0994c1b3e56259fa

SHA-1:
85803be32b69fb1765037502e445daa8fb702550

SHA-256:
8e025d0f7133e9d72fc377440a64ad62fac8c35d0c23b3d662f461f3c39595df

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 9:10:10 AM UTC  (today)

File size:
470.9 KB (482,176 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2001-2009 Playtech

Original file name:
CasinoDownloader2.exe

File type:
Executable application (Win32 EXE)

Language:
Swedish (Sweden)

Common path:
C:\users\{user}\downloads\setupcasino_f621d3.exe

Digital Signature
Signed by:
Playtech Software Limited

Authority:
VeriSign, Inc.

Valid from:
10/22/2012 2:00:00 AM

Valid to:
10/27/2015 12:59:59 AM

Subject:
CN=Playtech Software Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Playtech Software Limited, L=Douglas, S=Douglas, C=IM

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7584CAA2377ED24D26D91034E6DE0EBB

File PE Metadata
Compilation timestamp:
10/27/2012 9:00:35 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:sppJQwsvDZ/8ZfmjNQYoUmJZqwg+02mNroRAah8O6IpgV1cD5mYiHm:9xEmjCcl/PGZ8oqcVmFHm

Entry address:
0x33B7C

Entry point:
B8, 30, 87, 67, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, CA, 28, 91, 9F, D4, FB, 4F, 2F, 20, 61, DC, D6, 66, 52, 63, E7, 2C, 5C, 94, 06, 23, AE, A9, 00, 2B, 93, B5, 8A, C3, 6D, 02, 80, A9, 41, 00, 58, D9, 55, 2C, 9D, 05, AC, 43, 2F, D7, 31, FB, 3F, 54, 80, 24, 0E, 24, 6B, 7D, 47, C1, B9, 9E, F1, DE, A9, 48, 57, A9, 5C, F8, 38, 22, F3, E7, CA, 49, 30, 24, 6F, 19, 25, 6A, 92, 78, C0, 1F, 5B, 35, FC, D3, 64, 0D, 62, A6, 6F, F2...
 
[+]

Packer / compiler:
PECompact v2

Code size:
331.5 KB (339,456 bytes)

The file setupcasino_f621d3.exe has been seen being distributed by the following 3 URLs.

http://serve.prestigecasino.com/promoRedirect?internal&default_zone=1476859745&lp=1477442115&opt_lang=en&var4=doc_HP_DownloadGameofM2&var7=noSteps-en

http://serve.prestigecasino.com/promoRedirect?internal&default_zone=1476859745&lp=1477442115&opt_lang=uk&var4=Onlineslots_ctaSlots_Download&var7=noSteps-uk

http://banner.prestigecasino.com/installer/.../SetupCasino_f621d3.exe

Scan setupcasino_f621d3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.