» tropezsetupuninstall1376117128790_c8c439_en.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (2)

tropezsetupuninstall1376117128790_c8c439_en.exe

Yuna Software Limited

The application tropezsetupuninstall1376117128790_c8c439_en.exe by Yuna Software Limited has been detected as a potentially unwanted program by 4 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program Casino Tropez. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from banner.casinotropez.com and multiple other hosts.

File name:

Publisher:

Casino Tropez (signed by Yuna Software Limited)

Product:

Casino Tropez

Version:

1.1.1.17

MD5:

586d1c4c0500ed5b5a2b794933801c50

SHA-1:

e1181dbf3c636bd990d2ae4d3e7248dad65a1c69

SHA-256:

0a08ab37083f000156ff0c2f374f8956c38ce6de73ac22445dea1ad27b183325

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

1/6/2025 9:38:05 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic.YunaSoftware.Installer.Meta

15.12.2.2

Trend Micro House Call

TROJ_GEN.F47V0808

7.2.336

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

VIPRE Antivirus

Crossrider

22436

File size:

908.4 KB (930,160 bytes)

Product version:

1.1.1.17

Original file name:

installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\casino tropez\tropezsetupuninstall1376117128790_c8c439_en.exe

Digital Signature

Signed by:

Yuna Software Limited

Authority:

VeriSign, Inc.

Valid from:

9/1/2012 10:00:00 AM

Valid to:

10/20/2015 10:59:59 AM

Subject:

CN=Yuna Software Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Yuna Software Limited, L=St. Helier, S=Jersey, C=GB

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

56EC82195199D735AD6E704B1B712CB5

File PE Metadata

Compilation timestamp:

8/6/2013 1:46:01 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:zT3+sBwn9pl3tI1nLPjz/jTJePYBlOxFY4pJu:u3tI1LPbT4AMFY4pJu

Entry address:

0x6F0A8

Entry point:

E8, 77, B5, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 54, 2A, 4B, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, A1, 43, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 30, F2, 46, 00, 8B, C7, BA, 03, 00, 00, 00, 83... 
[+]

Entropy:

6.7616

Code size:

570 KB (583,680 bytes)

Program Uninstaller

Program name:

Casino Tropez

Uninstall string:

"C:\users\{user}\appdata\local\casino tropez\tropezsetupuninstall1376117128790_c8c439_en.exe" \prepareuninstall \trafficsource='joaus' \userid='c7b494897bb54b7885be91cfc1bad427ui' \skinid='new'

The file tropezsetupuninstall1376117128790_c8c439_en.exe has been seen being distributed by the following 2 URLs.

http://banner.casinotropez.com/.../SetupCasino.exe

http://links.mkt2840.com/ctt?kn=10&ms=NDI0MjIyMjYS1&r=NjU2MjUxNjMyOTIS1&b=0&j=MjAwODQzMzc3S0&mt=1&rt=0

Remove tropezsetupuninstall1376117128790_c8c439_en.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.