home

setupcasino_14a025_de.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from banner.joylandcasino.com.
MD5:
c379aeafa7396bc9e6de0686b4e4757f

SHA-1:
ce4178b38974e167ead8f6dae16a6be7bd813b58

SHA-256:
38eb7f79cedb1158811b1175c24ea52114221a8362fa1ce7c91b557f052c97eb

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
2/26/2025 4:56:51 AM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/SuspPack.N.gen!Eldorado (generic, damaged, not disinfectable)
4.6.5.141

File size:
242.7 KB (248,480 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setupcasino_14a025_de.exe

File PE Metadata
Compilation timestamp:
11/17/2010 3:43:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:IW2fZnURdwGUZdp6fmsK94sR0MvSbUtOMk:Ota4wfpKusR0MtOMk

Entry address:
0x32321

Entry point:
B8, FC, FA, 56, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 35, 28, B7, 3B, 8F, 43, 24, 10, 84, 42, 2D, D6, 48, 14, 68, 51, F5, 66, B9, D1, E4, 36, 52, 41, E0, 6C, 49, F9, 2F, 78, FB, 6F, 64, 16, D6, 80, 19, 9A, 76, 9A, 03, F7, 47, FA, 62, C7, 90, 57, C6, C3, 91, E2, 4A, A9, F8, 9C, AC, 1C, D6, 8D, 79, 2E, D9, 80, D3, 71, 01, 36, E4, DC, 94, A6, 55, 1B, 64, F3, DF, E0, 22, 79, 37, 85, 3D, 3A, ED, 67, 7F, B2, 1E, A2, 3F, D9, 9D...
 
[+]

Packer / compiler:
PECompact v2

Code size:
322 KB (329,728 bytes)

The file setupcasino_14a025_de.exe has been seen being distributed by the following URL.

http://banner.joylandcasino.com/installer/.../SetupCasino_14a025_de.exe

Scan setupcasino_14a025_de.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.