adventuregame_setup.exe

MyPlayCity Inc

The application adventuregame_setup.exe by MyPlayCity Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from files.myplaycity.com. While running, it connects to the Internet address SRV.QVFF001.local on port 80 using the HTTP protocol.
Publisher:
MyPlayCity Inc  (signed and verified)

MD5:
5401c369d27426299c50a675d132e435

SHA-1:
2376609d0fe3747f7f5fbb8145dc235b0b18c341

SHA-256:
99e67d0e24250481ccb24366cdb31c6beb76c6ff8acd8451f13ce53455c0577e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 5:07:24 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MyPlayCity (L)
16.8.4.14

File size:
1.9 MB (1,988,016 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\adventuregame_setup.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
7/8/2015 2:00:00 AM

Valid to:
9/6/2018 1:59:59 AM

Subject:
CN=MyPlayCity Inc, O=MyPlayCity Inc, L=Alexandria, S=Virginia, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
20D4740D43CF48A9A8582DA77C404F18

File PE Metadata
Compilation timestamp:
8/1/2016 12:51:35 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:RINYUIAbyIWHd4p8xR+BMSusN4/vKl/agLd/ozrsKMWPjNTzTsXAJSgv74k:RKZxWafeSq/yld7KMWPpTzTfJSu1

Entry address:
0x158070

Entry point:
55, 8B, EC, 83, C4, F0, B8, D8, 0A, 55, 00, E8, 50, 2B, EB, FF, A1, D8, 43, 56, 00, 8B, 00, E8, D0, D7, F6, FF, A1, D8, 43, 56, 00, 8B, 00, B2, 01, E8, FE, F4, F6, FF, 8B, 0D, 78, 45, 56, 00, A1, D8, 43, 56, 00, 8B, 00, 8B, 15, 8C, B5, 54, 00, E8, C2, D7, F6, FF, A1, D8, 43, 56, 00, 8B, 00, E8, 06, D9, F6, FF, E8, AD, E4, EA, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.3 MB (1,404,416 bytes)

The file adventuregame_setup.exe has been seen being distributed by the following URL.

http://files.myplaycity.com/.../adventuregame_setup.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to SRV.QVFF001.local  (37.58.60.225:80)

Remove adventuregame_setup.exe - Powered by Reason Core Security