» fulltiltuksetup.exe
Overview
Analysis
File Details
Downloads (1)

fulltiltuksetup.exe

Rational FT Enterprises Limited

This is a self-extracting archive and installer. The file has been seen being downloaded from download.uk.fulltilt.com.

File name:

fulltiltuksetup.exe

Publisher:

Rational FT Enterprises Limited (signed and verified)

MD5:

df8e57d11ca01cd6fbf0511984fa6ac4

SHA-1:

cb89fd2ecb522fc36d70c947f165e92b968629ba

SHA-256:

bc2da6a68a2a000ddda61a0a249c21cecb5c1b745ae67c55a110447e61a24150

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

12/29/2024 1:12:15 AM UTC (today)

File size:

67.4 MB (70,629,776 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\fulltiltuksetup.exe

Digital Signature

Signed by:

Rational FT Enterprises Limited

Authority:

DigiCert Inc

Valid from:

10/24/2014 1:00:00 AM

Valid to:

12/30/2015 12:00:00 PM

Subject:

CN=Rational FT Enterprises Limited, O=Rational FT Enterprises Limited, L=Douglas, C=IM

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0768C0E0E1A19FD328731882540CA810

File PE Metadata

Compilation timestamp:

5/26/2015 7:51:42 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1572864:3XyVO/TX1Y3/c4XkB/DuQorDjT9U2eLG1xdrRpvf:3XiQlYvVi/SQI/9UxGdrbvf

Entry address:

0x3C81

Entry point:

81, EC, E8, 03, 00, 00, 55, 56, 6A, 20, 5E, 33, ED, 68, 10, 01, 00, 00, 8D, 44, 24, 30, 55, 50, 89, 6C, 24, 20, C7, 44, 24, 14, 20, A3, 40, 00, 89, 6C, 24, 18, C7, 44, 24, 34, 14, 01, 00, 00, E8, E3, 4B, 00, 00, 83, C4, 0C, 8D, 44, 24, 28, 50, FF, 15, A4, 90, 40, 00, 83, 7C, 24, 2C, 04, 77, 1B, 6A, 10, 68, DC, A4, 40, 00, 68, 68, A4, 40, 00, 55, FF, 15, 78, 92, 40, 00, 6A, 01, FF, 15, 64, 90, 40, 00, 53, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, CC, 90, 40, 00, 55, FF, 15, DC, 92, 40, 00, 6A, 08... 
[+]

Entropy:

8.0000 (probably packed)

Code size:

30.5 KB (31,232 bytes)

The file fulltiltuksetup.exe has been seen being distributed by the following URL.

https://download.uk.fulltilt.com/.../FullTiltUkSetup.exe

Scan fulltiltuksetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.