home

ptu76_tmp.exe

Playtech Software Installer

PLAYTECH LIMITED

This is a self-extracting archive and installer. The file has been seen being downloaded from banner.poker.williamhill.com.
Publisher:
Playtech  (signed by PLAYTECH LIMITED)

Product:
Playtech Software Installer

Description:
William Hill Poker

Version:
9.4.20.0

MD5:
ff04d02afa370561dbe2820d3055e26b

SHA-1:
ce23830b3ce5666e27de2358d2ef9aedc0c5d0c0

SHA-256:
d9648c7ccd4bcf78fd34f8610c66b75d1dcf2bba94dd3204a9820af890708489

Scanner detections:
1 / 68

Status:
Inconclusive  (probably just a false positive detection)

Analysis date:
11/15/2024 12:46:18 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.PLAYTECH.Installer
16.2.14.0

File size:
404.8 KB (414,464 bytes)

Product version:
9.4.20.0

Copyright:
Copyright (C) 2001-2009 Playtech

Original file name:
CasinoDownloader2.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\ptu76_tmp.exe

Digital Signature
Signed by:
PLAYTECH LIMITED

Authority:
VeriSign, Inc.

Valid from:
3/13/2009 1:00:00 AM

Valid to:
3/13/2012 12:59:59 AM

Subject:
CN=PLAYTECH LIMITED, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=PLAYTECH LIMITED, L=Douglas, S=Isle of Man, C=IM

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
19A52BD0FFBF33D2D2ED2030B214DBA6

File PE Metadata
Compilation timestamp:
9/2/2009 1:54:43 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:JBS9eZX9w2/8UcH01UDSJxluh1ha8+/30x:TSkZ+a8UcHbD2/Ka8+/Ex

Entry address:
0x2DDDB

Entry point:
B8, F8, 97, 58, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 80, CC, 15, 74, B4, 3D, D1, 83, 8A, 93, B0, A8, 82, 56, ED, F3, 7E, 24, 21, 74, 2A, 1C, E8, 04, 11, E9, F6, 4A, 4A, F8, B5, 34, ED, 66, E7, C6, 51, D7, E5, 29, 50, 69, C0, C7, E3, 74, C7, 30, 61, A2, FD, D4, 09, CD, D3, E4, ED, 4F, 9A, 0D, A6, 0E, 2A, EB, 0E, 80, 4E, A7, 0F, D1, D0, 0A, BF, 91, 54, 64, 94, 0C, 29, A9, A6, C5, B4, E0, 03, 32, 4B, 39, 52, CE, 18, BD, 6E...
 
[+]

Packer / compiler:
PECompact v2

Code size:
260 KB (266,240 bytes)

The file ptu76_tmp.exe has been seen being distributed by the following URL.

http://banner.poker.williamhill.com/installer/.../SetupPoker_2620d_en.exe

Scan ptu76_tmp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.