tropezsetup_c7ea4c_de.exe

Playtech PLC

The application tropezsetup_c7ea4c_de.exe, “Casino Tropez Installer” by Playtech PLC has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from online.casinotropez.com and multiple other hosts.
Publisher:
Casino Tropez  (signed by Playtech PLC)

Product:
Casino Tropez

Description:
Casino Tropez Installer

Version:
1.1.1.28

MD5:
581b002168f6c657801b95b74000ec78

SHA-1:
8c1461fffac4789e1a9bb8b4ab826680805fc211

SHA-256:
744af40d963551c161d4b5b7f888272aa9f1fa616ab7a94f394d669e3056f3e9

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/24/2024 2:57:01 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Adware.Agent-6597
0.98/21411

IKARUS anti.virus
PUA.PlusHD
t3scan.1.6.1.0

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1015

Reason Heuristics
PUP.Crossrider.PlaytechPLC.Installer.Meta (M)
15.12.30.16

File size:
917 KB (939,048 bytes)

Copyright:
Copyright 2014

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\downloads\tropezsetup_c7ea4c_de.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
2/20/2014 1:00:00 AM

Valid to:
1/16/2015 12:59:59 AM

Subject:
CN=Playtech PLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Playtech PLC, L=Douglas, S=IM, C=IM

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
764E6DB88B018BFEBD8F7B533DC3A6D3

File PE Metadata
Compilation timestamp:
12/4/2012 2:55:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
24576:7Y2ZZx2Fc4K/oshimC7YLIc2cSYd2YqLV/nXc:7Q24m4mv8c+Yd7InXc

Entry address:
0x4323

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The file tropezsetup_c7ea4c_de.exe has been seen being distributed by the following 10 URLs.

http://online.casinotropez.com/promoRedirect?key=em9uZUlkPTE0MTQ5NTY1JmxhbmRpbmdQYWdlSWQ9MTM1MTAxNTMmcHJvZmlsZUlkPTI3OTQw

Remove tropezsetup_c7ea4c_de.exe - Powered by Reason Core Security