Setup.exe

Playtech PLC

The file Setup.exe, “William Hill Casino Installer” has been detected as malware by 3 anti-virus scanners. The program is a setup application that uses the Nullsoft Install System installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from wingatemedia.go2cloud.org and multiple other hosts.
Publisher:
William Hill Casino  (signed by Playtech PLC)

Product:
William Hill Casino

Description:
William Hill Casino Installer

Version:
1.1.1.32

MD5:
5d4b214ccfc545dc5d93c42cb5658993

SHA-1:
452c6915c3ebe3811e534751d7fc685c3ee98d17

SHA-256:
11c774ccbbdf20ed9cfe7d0b41dee4dec7bea7c96cedbe8fdb3fb03c18c1b35f

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
11/8/2024 3:37:57 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.DownLoader11.50208
9.0.1.086

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.6.0

Reason Heuristics
Threat.Win.Reputation.IMP
16.12.3.14

File size:
851.2 KB (871,584 bytes)

Copyright:
Copyright 2014

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/14/2014 12:00:00 AM

Valid to:
2/12/2018 11:59:59 PM

Subject:
CN=Playtech PLC, O=Playtech PLC, L=Douglas, S=Isle Of Man, C=IM

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6B5F59AF1247A2E7A051034FF79F008A

File PE Metadata
Compilation timestamp:
2/19/2012 3:01:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
24576:dtXQPFtSuDTpzq4f/DuoijTvHDkdb1En9/Cz:dYhDTpl/Duoij7Hkb1E4z

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9542  (probably packed)

Code size:
34.5 KB (35,328 bytes)

The file Setup.exe has been seen being distributed by the following 2 URLs.

Remove Setup.exe - Powered by Reason Core Security