home

setuppoker_62792e.exe

Playtech Software Installer

Playtech Software Limited

This is a setup and installation application. This is the uninstaller utility registered in the Windows Control Panel for the program Gala Casino Poker. The file has been seen being downloaded from pt.pokerstrategy.com and multiple other hosts.
Publisher:
Playtech  (signed by Playtech Software Limited)

Product:
Playtech Software Installer

Description:
Gala Casino Poker

Version:
11.2.38.0

MD5:
7c8f7a681f6f46e59b4bf5815e0fca0d

SHA-1:
73d4b887e7aab610e31a45f8f8bcf2e67e915c63

SHA-256:
0775f2423d98efb37d1a010a2fe5d711ecea979b53e584b1be70386fd343ea08

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 6:11:06 AM UTC  (today)

File size:
205.8 KB (210,744 bytes)

Product version:
11.2.38.0

Copyright:
Copyright (C) 2001-2009 Playtech

Original file name:
CasinoDownloader2.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setuppoker_62792e.exe

Digital Signature
Signed by:
Playtech Software Limited

Authority:
VeriSign, Inc.

Valid from:
10/22/2012 4:00:00 AM

Valid to:
10/27/2015 3:59:59 AM

Subject:
CN=Playtech Software Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Playtech Software Limited, L=Douglas, S=Douglas, C=IM

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7584CAA2377ED24D26D91034E6DE0EBB

File PE Metadata
Compilation timestamp:
12/13/2012 6:21:50 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:BjvW/yjqTTO+USXSL5WquIed8jhbHjjfnnHtDVS48:BjQBTTO+USClWquIed81HjjPNDV58

Entry address:
0x1000

Entry point:
B8, E0, 03, 4C, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 6F, 09, A0, BE, C1, CE, D2, B7, 25, 23, 96, AC, C2, 69, 7B, 59, 1D, FC, 83, E1, 6C, B8, CB, 8C, 64, 75, 6C, F6, 16, AF, D7, 70, 60, A7, 2D, 00, 97, AB, 02, A6, 55, 38, CC, CF, 3D, 74, 80, C9, 5A, AE, 4C, D9, 50, 88, BF, 6E, C9, BA, 37, A2, E4, 41, B7, D2, D4, 24, DB, A4, ED, B7, 0C, 67, A0, C1, 0D, 98, BC, 23, CF, 20, F1, 43, 75, 4D, 74, D5, E2, B0, 6B, 97, C2, 03, 44...
 
[+]

Entropy:
7.7660

Packer / compiler:
PECompact v2

Code size:
335.5 KB (343,552 bytes)

Program Uninstaller
Program name:
Gala Casino Poker

Uninstall string:
"C:\Poker\Gala Casino Poker\_SetupPoker_62792e.exe" /uninstall


The file setuppoker_62792e.exe has been seen being distributed by the following 3 URLs.

http://pt.pokerstrategy.com/gala-poker/link/download/.../

http://cs.pokerstrategy.com/gala-poker/link/download/.../

http://banner.galacasino.com/.../SetupPoker.exe

Scan setuppoker_62792e.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.