home

__setupcasino.exe

Playtech Software Installer

PLAYTECH LIMITED

This is a setup and installation application. This is the uninstaller utility registered in the Windows Control Panel for the program 12Win. The file has been seen being downloaded from 12win12win.com and multiple other hosts.
Publisher:
Playtech  (signed by PLAYTECH LIMITED)

Product:
Playtech Software Installer

Description:
12Win

Version:
13.2.11.0

MD5:
3d11698b4ae04e80f5f48ed3fcf1c3b5

SHA-1:
21b91f42eee4389aa222f70a9c1221b19c1ae66b

SHA-256:
d82325136ed2e0cfc63b84d46045fab6163209b1bb709278caa1d13722d4c9e8

Scanner detections:
1 / 68

Status:
Inconclusive  (probably just a false positive detection)

Analysis date:
11/24/2024 6:39:15 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.PLAYTECH
15.5.14.16

File size:
287.6 KB (294,512 bytes)

Product version:
13.2.11.0

Copyright:
Copyright (C) 2001-2009 Playtech

Original file name:
CasinoDownloader2.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\12win\__setupcasino.exe

Digital Signature
Signed by:
PLAYTECH LIMITED

Authority:
VeriSign, Inc.

Valid from:
3/4/2015 8:00:00 AM

Valid to:
4/3/2018 7:59:59 AM

Subject:
CN=PLAYTECH LIMITED, O=PLAYTECH LIMITED, L=Douglas, S=Isle of Man, C=IM

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
41DE65AB6CE64F53DF33BDC37E67E284

File PE Metadata
Compilation timestamp:
1/17/2014 6:14:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:ZCv889gvgQ33+UiKRXuJ1QDLLukTyD3X8fpYnNkmcef4aaaaX1ha:Ev/gg6zhXiQDfHyOpYNkmcsoDa

Entry address:
0x3533C

Entry point:
B8, 54, A4, 54, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 1D, 53, 9B, C3, 5E, 77, 18, 99, 6F, 7C, 77, A1, 65, F4, AF, FF, 6C, 10, 43, 4E, A0, 7F, 17, 37, 63, 76, 03, 95, ED, 40, BA, 09, 1C, 05, C9, 1D, CB, 56, 33, F7, 40, 63, 7E, F8, B4, 54, 4C, 12, 51, FB, A8, 78, 2A, 08, 2D, 3C, AC, 43, 89, DB, 9E, 8E, 30, 2B, 04, 00, 2F, 16, 3C, 23, C0, 33, EE, 1B, 5D, D4, 56, 8A, AB, 55, 8B, FF, 13, 3C, CD, 6F, C5, 97, 49, 32, 07, 0B, 74...
 
[+]

Entropy:
7.8310

Packer / compiler:
PECompact v2

Code size:
338 KB (346,112 bytes)

Program Uninstaller
Program name:
12Win

Uninstall string:
"C:\users\{user}\downloads\12win\__setupcasino.exe" \uninstall


The file __setupcasino.exe has been seen being distributed by the following 4 URLs.

http://12win12win.com/Setup-12win.exe

https://banner.otwin12.com/.../SetupCasino.exe

http://banner.otwin12.com/.../SetupCasino.exe

http://12wincasino.net/Setup-12win.exe

Scan __setupcasino.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.