home

setup.exe

Playtech PLC

The application setup.exe, “fun88prod Installer” by Playtech PLC has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from cdn.jackpotmatrix.com.
Publisher:
fun88prod  (signed by Playtech PLC)

Product:
fun88prod

Description:
fun88prod Installer

Version:
1.1.1.35

MD5:
3f88c2198804170a7417bd2b4d02075e

SHA-1:
8c701b9a046d8b0bbc79995c18ca7c0a452a6c99

SHA-256:
3c799edef58483bd7abcf8d8b68de50d37239c8c2feb34e94e2be1723f686447

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/24/2024 10:14:40 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.12.9.10

Zillya! Antivirus
Adware.OutBrowse.Win32.62577
2.0.0.2591

File size:
1.3 MB (1,367,984 bytes)

Copyright:
Copyright 2015

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\downloads\programs\setup.exe

Digital Signature
Signed by:
Playtech PLC

Authority:
VeriSign, Inc.

Valid from:
11/13/2014 4:00:00 PM

Valid to:
2/12/2018 3:59:59 PM

Subject:
CN=Playtech PLC, O=Playtech PLC, L=Douglas, S=Isle Of Man, C=IM

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6B5F59AF1247A2E7A051034FF79F008A

File PE Metadata
Compilation timestamp:
2/19/2012 7:01:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
24576:MtL1HScK7/9qtCMbMIAD7V+WVN7y9tAYTxOdS/aNRYjNxQAtn+8NCmPNmRYXbq:MrScK7eCMbMI6V1Hit3TxOdQaNRYxxvG

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9732  (probably packed)

Code size:
34.5 KB (35,328 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://cdn.jackpotmatrix.com/fun88prod/.../setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.