home

gutspoker.exe

install.exe

Microgaming Software Systems Limited

The application gutspoker.exe by Microgaming Software Systems Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from gaminginnovationgroup.blob.core.windows.net and multiple other hosts. While running, it connects to the Internet address bam-8.nr-data.net on port 443.
Publisher:
Microgaming Software Systems Limited  (signed and verified)

Product:
install.exe

Description:
Install Program

Version:
16.6.2.11243

MD5:
b97d65cb6457a2e8b82693a44aeb7d4d

SHA-1:
3611816b3f3964966b1524cfab3df03a648e27e8

SHA-256:
3fe715eb81b45d3b39310cd8a88c3a757f291914cac7551588c667b4bd7a5eff

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 3:56:47 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MicroGaming.Installer.Meta (L)
16.2.13.13

File size:
669.9 KB (685,992 bytes)

Product version:
16.6.2.11243

Original file name:
install.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\gutspoker.exe

Digital Signature
Signed by:
Microgaming Software Systems Limited

Authority:
Entrust, Inc.

Valid from:
3/21/2013 12:41:17 PM

Valid to:
3/21/2016 7:35:03 PM

Subject:
CN=Microgaming Software Systems Limited, O=Microgaming Software Systems Limited, L=Douglas, S=Isle of Man, C=GB

Issuer:
CN=Entrust Code Signing Certification Authority - L1D, OU="(c) 2009 Entrust, Inc.", OU=www.entrust.net/rpa is incorporated by reference, O="Entrust, Inc.", C=US

Serial number:
4C17409A

File PE Metadata
Compilation timestamp:
4/25/2012 2:54:01 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:iH57IcJYi0AqhXWiVGT2LknaYWgu9/16PYiuZcb9mnei6982f9wEs:iH5Ec1qhXWsGTSkntWgu9/EAiuuJ9js

Entry address:
0x43168

Entry point:
E8, F8, 86, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C...
 
[+]

Code size:
335 KB (343,040 bytes)

The file gutspoker.exe has been seen being distributed by the following 2 URLs.

https://gaminginnovationgroup.blob.core.windows.net/guts/poker/.../gutspoker.exe

https://az714347.vo.msecnd.net/guts/poker/.../gutspoker.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to cache.google.com  (91.245.214.181:443)

TCP (HTTP SSL):
Connects to bam-8.nr-data.net  (162.247.242.20:443)

Remove gutspoker.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.