home

setuppoker_c63c57.exe

Playtech Software Installer

Playtech Software Limited

This is a setup and installation application. This is the uninstaller utility registered in the Windows Control Panel for the program BetclicPoker.fr. The file has been seen being downloaded from banner.betclicpoker.betclic.fr and multiple other hosts.
Publisher:
Playtech  (signed by Playtech Software Limited)

Product:
Playtech Software Installer

Description:
BetclicPoker.fr

Version:
11.2.38.0

MD5:
91bd6a2f24c9790253588ea7570713fa

SHA-1:
f92f5238edc9f64750efed3ee5492d684739efc3

SHA-256:
d5b3c5582d1c80dafdcfa195709e8870575948c564d963351194ee89eabdb4bb

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/26/2024 11:09:47 AM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
Backdoor.Win32.IRCBot
t3scan.2.0.127

File size:
268.8 KB (275,256 bytes)

Product version:
11.2.38.0

Copyright:
Copyright (C) 2001-2009 Playtech

Original file name:
CasinoDownloader2.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setuppoker_c63c57.exe

Digital Signature
Signed by:
Playtech Software Limited

Authority:
VeriSign, Inc.

Valid from:
10/22/2012 2:00:00 AM

Valid to:
10/27/2015 12:59:59 AM

Subject:
CN=Playtech Software Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Playtech Software Limited, L=Douglas, S=Douglas, C=IM

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7584CAA2377ED24D26D91034E6DE0EBB

File PE Metadata
Compilation timestamp:
12/13/2012 3:21:50 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:MjvW/yjqTTO+USXSL5WquIed8jhbHjjfnnqD0q0+thep+SvRW/:MjQBTTO+USClWquIed81HjjPqDX0+tqg

Entry address:
0x348BC

Entry point:
B8, CC, 0A, 53, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 37, F2, B5, 4C, BD, FF, E2, 83, AB, 84, FA, 3A, C0, 83, 85, D7, 5F, D3, A6, 86, 00, 32, 00, D6, EE, 07, BE, 8C, 5F, 3C, CA, 72, 86, 65, 97, 16, DB, E1, 2F, 3F, B8, C8, 30, D3, 8C, 0F, A8, 18, EC, 6D, B3, 94, B4, 17, C9, 99, F6, 7D, 48, 34, 47, 92, 5E, 4F, BC, 6E, 76, DE, 3E, F6, FD, F6, 91, 27, 6D, A7, 84, 44, D4, 44, AD, 02, 87, E4, 0B, E2, 82, 2D, 89, 49, 78, EC, 26...
 
[+]

Packer / compiler:
PECompact v2

Code size:
335.5 KB (343,552 bytes)

Program Uninstaller
Program name:
BetclicPoker.fr

Uninstall string:
"C:\Poker\BetclicPoker.fr\_SetupPoker_c63c57(1).exe" /uninstall


The file setuppoker_c63c57.exe has been seen being distributed by the following 2 URLs.

http://banner.betclicpoker.betclic.fr/.../SetupPoker.exe

http://banner.betclicpoker.betclic.fr/installer/.../SetupPoker_c63c57.exe

Scan setuppoker_c63c57.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.