home

setup.exe

Plenty Jackpot

Hastings International B.V.

The application setup.exe by Hastings International B.V has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.dlhsetup.eu.
Publisher:
RealTimeGaming Software  (signed by Hastings International B.V.)

Product:
Plenty Jackpot

Description:
RTG Installer

Version:
11.2.0

MD5:
4a5ed9f1c01fd8d40bf36aa5d4bed10d

SHA-1:
b434f95ca9518c9d0cf029964e8a450f76418ce0

SHA-256:
5a6370e835db6aa1f3fdef2b10e11befd8b45dc3f95188095707b79bb330d5a8

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
11/25/2024 8:26:14 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
GAME/Casino.Gen2
7.11.30.172

AVG
Skodna.GameDownloader.B
2016.0.2925

Bkav FE
W32.HfsAdware
1.3.0.7383

Clam AntiVirus
Trojan.Casino
0.98/21061

ESET NOD32
Win32/CasOnline potentially unwanted application
7.0.302.0

F-Prot
W32/Casino.V.gen
4.6.5.141

K7 AntiVirus
Trojan
13.212.17855

Quick Heal
PUA.Hastingsin.Gen
11.15.14.00

File size:
1.4 MB (1,434,264 bytes)

Product version:
11.2.0

Copyright:
Copyright (c) 2011 RealTimeGaming, Inc.

Original file name:
InstallShield Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Hastings International B.V.

Authority:
VeriSign, Inc.

Valid from:
1/15/2012 6:00:00 PM

Valid to:
2/11/2015 5:59:59 PM

Subject:
CN=Hastings International B.V., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Hastings International B.V., L=Willemstad, S=Curacao, C=AN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4586B3E3A9F359A11587856D255E3FE0

File PE Metadata
Compilation timestamp:
4/13/2012 6:32:59 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:Hnn/S5jSrx4F43yKxS1ZVqEPWCuu7ZkZR3TxNgPyL5DiM+LBea6JBp/3EYaN9/aK:fS9SN6iSZ1kv4g05LB63NAE1Fy

Entry address:
0xA100

Entry point:
8B, FF, 55, 8B, EC, E8, 26, 94, 00, 00, E8, 11, 00, 00, 00, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 6A, FE, 68, 78, 74, 42, 00, 68, 40, F7, 40, 00, 64, A1, 00, 00, 00, 00, 50, 83, C4, 98, 53, 56, 57, A1, 48, 94, 42, 00, 31, 45, F8, 33, C5, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, C7, 45, 90, 00, 00, 00, 00, 8D, 45, A0, 50, FF, 15, 14, 10, 40, 00, 83, 3D, 0C, BE, 42, 00, 00, 75, 0E, 6A, 00, 6A, 00, 6A, 01, 6A, 00, FF, 15, 10, 10, 40, 00, E8, 8E, 01...
 
[+]

Entropy:
7.2618

Code size:
156.5 KB (160,256 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://www.dlhsetup.eu/dl/.../TrackSetup.aspx?DID=1066476&RTGURL=http://www.dlhsetup.eu/dl/.../TrackSetup.aspx?DID=1066476&CASINONAME=plentyjackpot

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.