farm frenzy 2.exe

MyPlayCity, Inc.

The application farm frenzy 2.exe by MyPlayCity has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address 31.b5.adb8.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
MyPlayCity, Inc.  (signed and verified)

Version:
2.0.1.201

MD5:
ee06b4f908db8b06104195f9481b8cf0

SHA-1:
0e28e7488181f39d1e2710de15020e96d15e8409

SHA-256:
46851885aecddbd68ee0e50397587cb37b51b4a8eb966e78702862665e9dbc18

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:51:37 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MayPlayCity.Toolbar
16.2.18.17

File size:
1.7 MB (1,770,112 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\Program Files\allgameshome.com\farm frenzy 2\farm frenzy 2.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/30/2011 3:00:00 AM

Valid to:
3/30/2014 2:59:59 AM

Subject:
CN="MyPlayCity, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="MyPlayCity, Inc.", L=Alexandria, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7406B01F1EBD2B530DC35D133A04B51E

File PE Metadata
Compilation timestamp:
9/12/2011 2:06:21 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:9cyg3/Af5804vZdOn/tMOcsBtSKxsILoKC5QyXMe3dntjvwtHh0h7xaE3:yq5V4LOKuPS5ILoKiNtjth7xl3

Entry address:
0x167690

Entry point:
55, 8B, EC, 83, C4, F0, B8, AC, EB, 55, 00, E8, 20, 2E, EA, FF, A1, 40, C8, 56, 00, 8B, 00, E8, AC, 40, F4, FF, 8B, 0D, D8, CA, 56, 00, A1, 40, C8, 56, 00, 8B, 00, 8B, 15, 78, F8, 53, 00, E8, AC, 40, F4, FF, A1, 40, C8, 56, 00, 8B, 00, E8, F0, 41, F4, FF, E8, 73, E8, E9, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5042

Developed / compiled with:
Microsoft Visual C++

Code size:
1.4 MB (1,467,904 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 31.b5.adb8.ip4.static.sl-reverse.com  (184.173.181.49:80)

TCP (HTTP):
Connects to li310-193.members.linode.com  (178.79.173.193:80)

TCP (HTTP):
Connects to www.tvigle.ru  (79.142.100.44:80)

TCP (HTTP):
Connects to host-41.222.131.60.etisalat.com.eg  (41.222.131.60:80)

TCP (HTTP SSL):
Connects to static.yandex.net  (178.154.131.216:443)

TCP (HTTP):
Connects to host-197.199.253.140.etisalat.com.eg  (197.199.253.140:80)

TCP (HTTP):
Connects to 264.bm-nginx-loadbalancer.mgmt.sin1.adnexus.net  (103.243.221.51:80)

TCP (HTTP):
Connects to 150.bm-nginx-loadbalancer.mgmt.sin1.adnexus.net  (103.243.221.112:80)

TCP (HTTP):
Connects to bs.yandex.ru  (213.180.204.90:80)

TCP (HTTP):
Connects to awaps.yandex.ru  (87.250.250.131:80)

TCP (HTTP):
Connects to 154.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net  (37.252.172.70:80)

TCP (HTTP):
Connects to 151.bm-nginx-loadbalancer.mgmt.sin1.adnexus.net  (103.243.221.87:80)

TCP (HTTP):
Connects to sof02s21-in-f174.1e100.net  (172.217.17.174:80)

TCP (HTTP):
Connects to 265.bm-nginx-loadbalancer.mgmt.sin1.adnexus.net  (103.243.221.17:80)

TCP (HTTP):
Connects to 246.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net  (37.252.172.39:80)

TCP (HTTP):
Connects to 238.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net  (185.33.220.10:80)

TCP (HTTP):
Connects to 229.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net  (185.33.220.26:80)

TCP (HTTP):
Connects to 201.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net  (185.33.220.199:80)

TCP (HTTP):
Connects to 175.bm-nginx-loadbalancer.mgmt.sin1.adnexus.net  (103.243.220.231:80)

TCP (HTTP):
Connects to 174.bm-nginx-loadbalancer.mgmt.sin1.adnexus.net  (103.243.221.109:80)

Remove farm frenzy 2.exe - Powered by Reason Core Security