home

setuppoker_8bc8ff.exe

Playtech Software Installer

Playtech Software Limited

This is a self-extracting archive and installer. This is the uninstaller utility registered in the Windows Control Panel for the program William Hill Poker. The file has been seen being downloaded from ro.pokerstrategy.com and multiple other hosts.
Publisher:
Playtech  (signed by Playtech Software Limited)

Product:
Playtech Software Installer

Description:
William Hill Poker

Version:
11.2.38.0

MD5:
97e6784ed6347b096ed5bdbe8e3d291c

SHA-1:
1a956a2be031a0cb15e03cf010ce3f89bdca0c06

SHA-256:
3e2ec673e8cb02a9975d3c25d0be01ab2b7f56e60eef585b77b371ea13e2671a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 9:50:19 PM UTC  (today)

File size:
489.3 KB (501,048 bytes)

Product version:
11.2.38.0

Copyright:
Copyright (C) 2001-2009 Playtech

Original file name:
CasinoDownloader2.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setuppoker_8bc8ff.exe

Digital Signature
Signed by:
Playtech Software Limited

Authority:
VeriSign, Inc.

Valid from:
10/22/2012 1:00:00 AM

Valid to:
10/26/2015 11:59:59 PM

Subject:
CN=Playtech Software Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Playtech Software Limited, L=Douglas, S=Douglas, C=IM

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7584CAA2377ED24D26D91034E6DE0EBB

File PE Metadata
Compilation timestamp:
12/13/2012 2:21:50 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:kjQBTTO+USClWquIed81HjjPO62OBKpb7iQpLUYpz07ezf4:oQBTSw4vHfm62O67rLUOY24

Entry address:
0x348BC

Entry point:
B8, B0, 2F, 62, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 0D, D9, 32, 10, A5, 17, 93, F1, 4C, EE, 1B, 2A, 1E, 9C, 77, CE, EB, 38, B3, DF, 89, 56, B6, 99, C9, 9E, 26, 53, 7A, 58, DC, 52, 59, 95, 77, 1F, 8E, F2, 95, 00, 07, A0, AB, 3E, C9, 61, 85, 58, 5E, E2, 76, B8, F6, AC, 33, 13, FE, AD, BD, E5, 93, EA, 8B, C3, A8, 5E, CB, BE, 97, DE, DE, 10, B4, E8, 82, CE, B2, 73, 7D, C4, F1, B4, 7F, 22, E5, 61, 4F, CF, DB, 27, 19, 1E, EB...
 
[+]

Entropy:
7.5761

Packer / compiler:
PECompact v2

Code size:
335.5 KB (343,552 bytes)

Program Uninstaller
Program name:
William Hill Poker

Uninstall string:
"C:\Poker\William Hill Poker\_SetupPoker_8bc8ff.exe" /uninstall


The file setuppoker_8bc8ff.exe has been seen being distributed by the following 3 URLs.

http://ro.pokerstrategy.com/william-hill/link/download/.../

http://banner.poker.williamhill.com/installer/.../SetupPoker_8bc8ff.exe

http://banner.poker.williamhill.com/.../SetupPoker.exe

Scan setuppoker_8bc8ff.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.