billiardartsetup.exe

Billiard Art

MyPlayCity, Inc.

The application billiardartsetup.exe, “Billiard Art Setup ” by MyPlayCity has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.gamegratis33.com and multiple other hosts.
Publisher:
MyPlayCity, Inc.   (signed by MyPlayCity, Inc.)

Product:
Billiard Art

Description:
Billiard Art Setup

MD5:
c18b20ca391339f1ca1ffaf6f6e2a1d4

SHA-1:
bf804bdcdc39670a9929b67ba18187e9700b64b8

SHA-256:
95c2e952069a5019db4dcc63e1997009b3dc1a50d3d873e748904922584d53b6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 10:38:20 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MyPlayCity.Installer.Installer.Meta (M)
16.2.18.17

File size:
11.8 MB (12,411,288 bytes)

Copyright:
Copyright © 2011 MyPlayCity, Inc.

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\billiardartsetup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/30/2011 7:00:00 AM

Valid to:
3/30/2014 6:59:59 AM

Subject:
CN="MyPlayCity, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="MyPlayCity, Inc.", L=Alexandria, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7406B01F1EBD2B530DC35D133A04B51E

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:PMv6ztPM0cJ4+zttH+p4P7Cb6CkWPJz1V/dRICo9BMBOnebuE8FKLN4:0CztE40ttH+cmb6nWP51V//UGOe6v24

Entry address:
0x9B24

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, A2, 95, FF, FF, E8, A9, A7, FF, FF, E8, D4, C9, FF, FF, E8, 1B, CA, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, DB, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, A4, A1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 04, D0, FF, FF, 8B, 55, F0, B8, E4, CD, 40, 00, E8, 53, 96, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E4, CD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file billiardartsetup.exe has been seen being distributed by the following 20 URLs.

http://www.gamegratis33.com/take_out.php/b1b47f1e09140fb3969c7f612bb7e65c/5269385a6a48796b3371726948502f636d652f7a53792e7961442e764e332e3233/.../billiardartsetup.exe

http://www.gamegratis33.com/take_out.php/1e983951a4c63f454fb4904fa6c181e6/526938596947796a33736e68474f2f636d652f33562e707a2e61382e774c43/.../billiardartsetup.exe

temp:billiardartsetup.exe

http://www.gamegratis33.com/take_out.php/71cb68ff6f332b7be17573d3ada89409/5269385969487a6a31796e674c472f636d652f7a526e2e7963442e6d472e3232/.../billiardartsetup.exe

http://www.gamegratis33.com/take_out.php/ecb44c7c62eacf83f45ec42e2c8af1ea/5269385969487a6a3371706a4d4f2f636d652f33562e70752e59466e2e4a3032/.../billiardartsetup.exe

http://www.gamegratis33.com/download.php/93ae671fde/0d4479/7ff1af0bc/.../billiardartsetup.exe

http://www.gamegratis33.com/take_out.php/317a541c971e4fc979f367a9d08feb86/526938596948796c30796d6747542f636d652f33562e6f712e58387a2e4f30/.../billiardartsetup.exe

http://www.gamegratis33.com/take_out.php/8a1d9c8289d6f3db8b6923460343bee0/526938596948326b31716f694e562f636d652f7a4f6d2e7959382e7650442e307263/.../billiardartsetup.exe

http://www.gamegratis33.com/take_out.php/b3c5af9ffa1c5ec1c5d5da702b3bc05d/526938596a4f32583173716a4b4f2f636d652f7a4f6e2e7964352e764f312e307759/.../billiardartsetup.exe

http://davinci.dccircle1.com/therealfolder/71287f431d428f93501492acb42a90373f232ff7/fc6767505076da9dd26ab7d81dd26e0914a4a77f/20160508223843/2016/02/.../billiardartsetup.exe

Remove billiardartsetup.exe - Powered by Reason Core Security