» unibetpoker.exe
Overview
Analysis
File Details
Downloads (2)

unibetpoker.exe

Unibet Poker

Relax Gaming Ltd

The application unibetpoker.exe, “Unibet Poker Setup ” by Relax Gaming has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from mcdnf.relaxg.com and multiple other hosts.

File name:

unibetpoker.exe

Publisher:

Relax Gaming Ltd. (signed by Relax Gaming Ltd)

Product:

Unibet Poker

Description:

Unibet Poker Setup

MD5:

8d8618c1c531bb305da2b60f0e3b7975

SHA-1:

3d79fd613689ab63afb80030625f5bdefd8a3915

SHA-256:

88e38459b561141abffb51ec358eaf041ec4dcea5464591a649a663333553299

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

5/2/2024 9:44:22 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.CSH (L)

16.12.6.15

File size:

52.7 MB (55,257,408 bytes)

Product version:

2.0.6

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\downloads\unibetpoker.exe

Digital Signature

Signed by:

Relax Gaming Ltd

Authority:

DigiCert Inc

Valid from:

2/5/2016 1:00:00 AM

Valid to:

4/12/2017 2:00:00 PM

Subject:

CN=Relax Gaming Ltd, O=Relax Gaming Ltd, L=St. Julian’s, C=MT, PostalCode=STJ3153, STREET=St. Julian’s Business Centre, STREET="Office 3 Level 3, Elia Zammit Street", SERIALNUMBER=C 48994, OID.1.3.6.1.4.1.311.60.2.1.3=MT, OID.2.5.4.15=Private Organization

Issuer:

CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

09F41F43203BF1B5BA56B507C6AAAE88

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

1572864:OTVaUCLNec8K74Vmfq5Jd4e/NVdjPdmyvI:OMec8tmfqJ2e/LFP4yvI

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file unibetpoker.exe has been seen being distributed by the following 2 URLs.

http://mcdnf.relaxg.com/chew/clients/unibet/.../UnibetPoker.exe

http://mcdnf.relaxg.com/sw/clients/.../UnibetPoker.exe

Remove unibetpoker.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.