» ptu2858_tmp.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (4)

ptu2858_tmp.exe

Playtech Software Installer

Playtech Software Limited

This is a self-extracting archive and installer. This is the uninstaller utility registered in the Windows Control Panel for the program Titan Poker. The file has been seen being downloaded from banner.titanpoker.com and multiple other hosts.

File name:

ptu2858_tmp.exe

Publisher:

Playtech (signed by Playtech Software Limited)

Product:

Playtech Software Installer

Description:

Titan Poker

Version:

11.2.38.0

MD5:

eff64a065aa9cc8bd2c28539af991c0a

SHA-1:

3eef594d7b443c92bf6ce6bdce3f1ee2b3efc7a9

SHA-256:

4f63d674d7473cdf131e48f275e33cce42c1b15edcbaa1bad8c03814e11cd48e

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/24/2024 11:09:14 AM UTC (today)

File size:

512.3 KB (524,600 bytes)

Product version:

11.2.38.0

Original file name:

CasinoDownloader2.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\ptu2858_tmp.exe

Digital Signature

Signed by:

Playtech Software Limited

Authority:

VeriSign, Inc.

Valid from:

10/21/2012 9:00:00 PM

Valid to:

10/26/2015 8:59:59 PM

Subject:

CN=Playtech Software Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Playtech Software Limited, L=Douglas, S=Douglas, C=IM

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7584CAA2377ED24D26D91034E6DE0EBB

File PE Metadata

Compilation timestamp:

12/13/2012 11:21:50 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:wjQBTTO+USClWquIed81HjjPVhn2jgSGO4nG4yCfDHI6o/yf1hkZN:cQBTSw4vHfdh2jgNZpy6V+N

Entry address:

0x348BC

Entry point:

B8, 50, 88, 67, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 5C, BE, 5F, 30, 23, 62, B0, 64, 44, 66, 77, 90, 39, 5B, 8C, 41, CD, FA, 15, BE, 97, 41, 2A, 4C, 2F, 96, 80, 4B, 74, 06, C6, 48, 9A, BF, 47, 3B, 33, 4B, 17, FD, 23, 70, 1E, 7C, 9C, E7, 57, C9, 75, 10, 28, DE, 65, 2A, 0D, 3B, E2, A8, 78, 15, 23, E0, 05, 56, E0, CB, F1, 10, 3E, 2A, 7B, 0E, 00, 2F, EF, 23, D7, 2A, 39, 62, 60, 9F, 3E, 7A, 4E, A8, 98, 4E, 4E, 3E, F0, A1, F6... 
[+]

Packer / compiler:

PECompact v2

Code size:

335.5 KB (343,552 bytes)

Program Uninstaller

Program name:

Titan Poker

Uninstall string:

"C:\Poker\Titan Poker\_TitanPSetup_616855.exe" /uninstall

The file ptu2858_tmp.exe has been seen being distributed by the following 4 URLs.

http://banner.titanpoker.com/installer/.../TitanPSetup_df3cb0.exe

http://pl.pokerstrategy.com/titan-poker/link/download/.../

http://banner.titanpoker.com/.../SetupPoker.exe

http://banner.titanpoker.com/installer/.../TitanPSetup_3b05e0.exe

Scan ptu2858_tmp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.