home

ptuef2f_tmp.exe

Playtech Software Installer

PLAYTECH LIMITED

This is a self-extracting archive and installer. The file has been seen being downloaded from banner.poker770.com and multiple other hosts.
Publisher:
Playtech  (signed by PLAYTECH LIMITED)

Product:
Playtech Software Installer

Description:
Poker 770

Version:
9.4.20.0

MD5:
6554d4b01fc022e6fbbe32fc15d00c1d

SHA-1:
ca4d92915a4769c946b4a7478a2ed1abe2705af5

SHA-256:
1459802076a56e44562820ab430a5221c52c0ed5f5d082c9f2d3156f1bc598c2

Scanner detections:
2 / 68

Status:
Inconclusive  (probably just false positive detections)

Analysis date:
11/15/2024 9:31:25 AM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
not-a-virus.Casino
t3scan.2.2.29

Reason Heuristics
PUP.Installer.PLAYTECH
15.3.18.1

File size:
464.8 KB (475,904 bytes)

Product version:
9.4.20.0

Copyright:
Copyright (C) 2001-2009 Playtech

Original file name:
CasinoDownloader2.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\ptuef2f_tmp.exe

Digital Signature
Signed by:
PLAYTECH LIMITED

Authority:
VeriSign, Inc.

Valid from:
3/13/2009 1:00:00 AM

Valid to:
3/13/2012 12:59:59 AM

Subject:
CN=PLAYTECH LIMITED, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=PLAYTECH LIMITED, L=Douglas, S=Isle of Man, C=IM

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
19A52BD0FFBF33D2D2ED2030B214DBA6

File PE Metadata
Compilation timestamp:
9/2/2009 1:54:43 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:FBS9eZX9w2/8UcH01xGjYZyO8lSUDapQcdH8RcD:/SkZ+a8UcHIxTuYUZOH8CD

Entry address:
0x2DDDB

Entry point:
B8, 14, 7E, 5A, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 9D, B7, 1F, 22, D0, A6, 62, 40, 91, 41, B8, EA, 39, A1, 13, E2, 42, A7, A0, CF, 30, 4E, 26, F3, A7, DC, 0F, 76, 60, C6, BE, FC, 90, 51, 57, B6, 25, B7, C9, F2, 36, AB, 90, 21, EE, 91, AD, E6, 50, 75, C3, 46, C1, B1, 0E, 3F, AF, EE, 84, 80, B0, 3E, 02, 6D, F7, 93, ED, 66, C9, AB, 0A, 3E, DB, 66, B5, A3, B0, F0, 63, 39, 82, 57, 62, E4, BB, 70, A4, 05, C1, A9, D4, CF, 72...
 
[+]

Packer / compiler:
PECompact v2

Code size:
260 KB (266,240 bytes)

The file ptuef2f_tmp.exe has been seen being distributed by the following 4 URLs.

http://banner.poker770.com/installer/.../SetupCasino_cf77a2.exe

http://banner.poker770.com/installer/.../SetupCasino_a84b4d_de.exe

http://banner.poker770.com/installer/.../SetupCasino_296830.exe

http://banner.poker770.com/installer/.../SetupCasino_215b37.exe

Scan ptuef2f_tmp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.