home

Setup.exe

Playtech PLC

The file Setup.exe, “Casino at bet365 Installer” has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the Nullsoft Install System installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from banner.bet365casino.com and multiple other hosts.
Publisher:
Casino at bet365  (signed by Playtech PLC)

Product:
Casino at bet365

Description:
Casino at bet365 Installer

Version:
1.1.1.31

MD5:
87ae628920c1fd7b5569393f626ab0f9

SHA-1:
66be4741e86ea250cc86f0cc1f1b5adeb5656c54

SHA-256:
98d857a49ccb2967209f3f9c7a3720a06890147fb1334078730c28ff57da026f

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/24/2024 10:17:28 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.12.1.9

File size:
2.6 MB (2,752,304 bytes)

Copyright:
Copyright 2014

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Playtech PLC

Authority:
VeriSign, Inc.

Valid from:
2/20/2014 12:00:00 AM

Valid to:
1/15/2015 11:59:59 PM

Subject:
CN=Playtech PLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Playtech PLC, L=Douglas, S=IM, C=IM

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
764E6DB88B018BFEBD8F7B533DC3A6D3

File PE Metadata
Compilation timestamp:
2/19/2012 3:01:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
49152:xqTfM/Ljr7c9AcnZf/LFDyskhBDhYhFFwJyVuqGhAuj65Lhc1mQneCEd55sN8HYt:IzM/LXg9Pf/LFGskj9Yy84qGOu0LK1nd

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9914  (probably packed)

Code size:
34.5 KB (35,328 bytes)

The file Setup.exe has been seen being distributed by the following 3 URLs.

http://banner.bet365casino.com/.../SetupCasino.exe

http://download.c365download.com/installer/.../SetupCasino_a616b8.exe

http://download.c365download.com/.../SetupCasino.exe

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.