home

pokersetup.exe

Playtech Software Installer

Playtech Software Ltd.

This is a setup and installation application. The file has been seen being downloaded from banner.pokerplex24.com.
Publisher:
Playtech  (signed by Playtech Software Ltd.)

Product:
Playtech Software Installer

Description:
Pokerplex24

Version:
11.2.38.0

MD5:
74fb51933e8fc1a178d9ee4f21efce6d

SHA-1:
bcdf0b4fee255768c3ad7683e32c57b9917a1790

SHA-256:
5c731e8ff5bbc5307ef3026c8732e5027aeef58302448ff317534e3534a5abfa

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/15/2024 6:30:44 PM UTC  (today)

Scan engine
Detection
Engine version

Panda Antivirus
Generic Suspicious
16.01.29.11

Vba32 AntiVirus
Downloader.AdLoad
3.12.26.4

Zillya! Antivirus
Downloader.Agent.Win32.284512
2.0.0.2496

File size:
304.8 KB (312,160 bytes)

Product version:
11.2.38.0

Copyright:
Copyright (C) 2001-2009 Playtech

Original file name:
CasinoDownloader2.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\pokersetup.exe

Digital Signature
Signed by:
Playtech Software Ltd.

Authority:
VeriSign, Inc.

Valid from:
10/22/2014 2:00:00 AM

Valid to:
10/22/2017 1:59:59 AM

Subject:
CN=Playtech Software Ltd., O=Playtech Software Ltd., L=Douglas, S=Isle Of Man, C=IM

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4BCCAA7A2D896D3B2B5214ECAEE92EEA

File PE Metadata
Compilation timestamp:
12/13/2012 3:21:50 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:LjvW/yjqTTO+USXSL5WquIed8jhbHjjfnnbNvxqxLv1xZaCEadh42:LjQBTTO+USClWquIed81HjjPJxS3dh42

Entry address:
0x348BC

Entry point:
B8, 70, A6, 57, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, A5, C4, CF, BB, 1B, F0, 1D, F9, D2, 12, F8, 14, 97, 3A, 77, 25, 4D, A0, FD, 71, 68, 2A, 7A, E1, 65, 4C, 02, 7A, EA, 3E, 25, 3B, E7, EC, D7, 07, 13, E2, 3F, DB, D0, D4, CF, D5, F0, 23, DC, BC, B6, F1, 6B, 64, 13, 52, 15, 59, 23, 00, 0F, 5D, 5C, 00, C7, 45, AE, 2E, 9E, 54, 99, 4A, D1, BB, 2E, 48, BE, 12, 98, EF, FD, 88, 25, 9E, 22, 6B, 1B, E4, AC, 7F, FB, 69, ED, 00, BA...
 
[+]

Packer / compiler:
PECompact v2

Code size:
335.5 KB (343,552 bytes)

The file pokersetup.exe has been seen being distributed by the following URL.

http://banner.pokerplex24.com/.../SetupPoker.exe

Scan pokersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.