home

virtual poker setup.exe

Ultra Internet Media S A

The application virtual poker setup.exe by Ultra Internet Media S A has been detected as a potentially unwanted program by 21 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.
Publisher:
Ultra Internet Media S A  (signed and verified)

MD5:
52f6556ed088efbce567342250fa3ec8

SHA-1:
8759f69423c581c5173afb545f317ee185dd06b6

SHA-256:
44b999ec41270f2b08b19b46ccf97ca571b0657e287b923fe3982ef79ea076e9

Scanner detections:
21 / 68

Status:
Potentially unwanted

Analysis date:
1/9/2025 4:39:20 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.Dropper.W32.Agent.ltZL
2.1.4+

AhnLab V3 Security
Win-AppCare/Casino.249104
2016.05.01

Avira AntiVirus
GAME/Casino.Gen
8.3.3.4

Bkav FE
W32.HfsAdware
1.3.0.7400

Clam AntiVirus
Win.Adware.Casino-10
0.98/21511

Comodo Security
ApplicUnwnt.Win32.Adware.CasOnline.12
24894

Dr.Web
Adware.Casino
9.0.1.0143

ESET NOD32
Win32/Casino potentially unwanted (variant)
10.13418

Fortinet FortiGate
Adware/Casino
5/22/2016

F-Prot
W32/Adware.DIO
v6.4.7.1.166

IKARUS anti.virus
AdWare.Win32.Casino.t
t3scan.2.0.9.0

K7 AntiVirus
Adware
13.223.19465

McAfee
CasOnline
5600.6392

NANO AntiVirus
Riskware.Win32.Casino.dacaud
1.0.30.8136

nProtect
Trojan/W32.Agent.248560.B
16.04.29.01

Panda Antivirus
Application/MonacoGoldCasino
16.05.22.11

Rising Antivirus
Trjoan.Generic-TAE4yntfoSK (Cloud)
23.00.65.16520

Trend Micro House Call
ADW_CASINO
7.2.143

Trend Micro
ADW_CASINO
10.465.22

ViRobot
Adware.Casino.248560[h]
2014.3.20.0

Zillya! Antivirus
Adware.Win32.3E708928
2.0.0.2833

File size:
242.7 KB (248,560 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\virtual poker setup.exe

Digital Signature
Signed by:
Ultra Internet Media S A

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
6/29/2006 4:03:10 AM

Valid to:
7/19/2007 4:23:36 AM

Subject:
CN=Ultra Internet Media S A, OU=Ultra Internet Media S A, O=Ultra Internet Media S A, L=Charlestown, S=Saint Paul Charlestown, C=KN

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
09DA0BBA350B766614380DB5F6C5CE41

File PE Metadata
Compilation timestamp:
4/21/2006 12:12:06 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:OxHtllecTfrKm/wvNUuwYVB0lMdStbJnvSaWA17:O9Zec3K+d0QMdWnvSaD17

Entry address:
0x9C57

Entry point:
B8, 64, B4, 44, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 44, 0C, B9, 71, 8C, 8C, A7, 92, AB, F2, 6A, 4B, 03, 4E, C6, D4, 36, 82, 37, 62, 16, 2C, 65, 2A, FA, 89, 28, AE, 57, CB, D6, 88, 2F, BC, 8D, 93, DE, CF, 99, 9E, 7F, B9, 04, 90, 57, 0A, CA, 83, 34, 7C, 26, E5, C4, 9D, 01, 62, 87, 64, 28, 00, 37, 6B, A5, 96, 4C, 1B, 6D, 30, E4, A1, 17, 41, 83, 95, 29, 98, 91, E5, C5, 37, 39, 07, F4, F2, 82, B8, 70, 04, D1, 25, BA, 33, 53...
 
[+]

Entropy:
7.9133

Packer / compiler:
PECompact v2

Code size:
108 KB (110,592 bytes)

Remove virtual poker setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.