» setuppoker.exe_2dbcf3.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (2)

setuppoker.exe_2dbcf3.exe

Playtech Software Installer

Playtech Software Limited

This is a setup and installation application. This is the uninstaller utility registered in the Windows Control Panel for the program Paddy Power Poker. The file has been seen being downloaded from banner.paddypowerpoker.com and multiple other hosts.

File name:

Publisher:

Playtech (signed by Playtech Software Limited)

Product:

Playtech Software Installer

Description:

Paddy Power Poker

Version:

11.2.38.0

MD5:

586973e0070880a7ff57bcda952cab88

SHA-1:

e1ebdf28d68e8e4b8e889ecf376f271f4ce1a5d2

SHA-256:

9ecd5e56097e310c396f928d2e1f593e4cafc0513fed892e90cbc74c1c850ef0

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 6:08:09 PM UTC (today)

File size:

260 KB (266,192 bytes)

Product version:

11.2.38.0

Original file name:

CasinoDownloader2.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setuppoker.exe_2dbcf3.exe

Digital Signature

Signed by:

Playtech Software Limited

Authority:

VeriSign, Inc.

Valid from:

10/22/2012 1:00:00 AM

Valid to:

10/26/2015 11:59:59 PM

Subject:

CN=Playtech Software Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Playtech Software Limited, L=Douglas, S=Douglas, C=IM

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7584CAA2377ED24D26D91034E6DE0EBB

File PE Metadata

Compilation timestamp:

12/13/2012 2:21:50 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:EjvW/yjqTTO+USXSL5WquIed8jhbHjjfnnCebyMjR6LA3SvCyS6pb:EjQBTTO+USClWquIed81HjjPjyMNFyb

Entry address:

0x348BC

Entry point:

B8, 3C, FC, 52, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 34, 6E, DD, 53, 5D, B6, 1B, B3, 81, 08, 10, BB, 12, 98, F3, DD, FE, 0C, F5, 66, 21, 33, 82, E1, 1C, 1C, DF, 41, 84, 78, 8A, 2C, CD, 16, 67, B7, 58, 9D, 0E, A5, D1, A6, B4, 5D, 40, A5, 39, 92, A4, 6E, 37, B2, EA, 55, 43, 7F, DE, D3, 7B, 80, 67, CF, 24, 1B, 4A, 7C, C5, 25, DC, C6, 8A, BF, AE, C5, 5F, 77, A6, 63, A4, AC, E2, B9, B7, CC, 32, 38, 24, DE, F8, 65, ED, 37, 7F... 
[+]

Entropy:

7.8831

Packer / compiler:

PECompact v2

Code size:

335.5 KB (343,552 bytes)

Program Uninstaller

Program name:

Paddy Power Poker

Uninstall string:

"C:\Poker\Paddy Power Poker\_SetupPoker.exe_2dbcf3.exe" /uninstall

The file setuppoker.exe_2dbcf3.exe has been seen being distributed by the following 2 URLs.

http://banner.paddypowerpoker.com/installer/.../SetupPoker.exe_2d5610.exe

http://banner.paddypowerpoker.com/.../SetupPoker.exe

Scan setuppoker.exe_2dbcf3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.