» farmfrenzy3_setup.exe
Overview
Analysis
File Details
Downloads (2)
Network (1)

farmfrenzy3_setup.exe

MyPlayCity Inc

The application farmfrenzy3_setup.exe by MyPlayCity Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from files.myplaycity.com and multiple other hosts. While running, it connects to the Internet address SRV.QVFF001.local on port 80 using the HTTP protocol.

File name:

Publisher:

MyPlayCity Inc (signed and verified)

MD5:

44dc41941a7b3577cf2828b7972bf4f6

SHA-1:

c38af77ae19299af04783c2a949fc765638d448f

SHA-256:

856a514b318d69505afb11efb1a95dae70c5741a9c2e9ff78e7d2657351a477e

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/5/2024 3:37:29 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.MyPlayCity (L)

16.12.31.11

File size:

1.9 MB (1,995,520 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\farmfrenzy3_setup.exe

Digital Signature

Signed by:

MyPlayCity Inc

Authority:

Symantec Corporation

Valid from:

7/8/2015 5:30:00 AM

Valid to:

9/6/2018 5:29:59 AM

Subject:

CN=MyPlayCity Inc, O=MyPlayCity Inc, L=Alexandria, S=Virginia, C=US

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

20D4740D43CF48A9A8582DA77C404F18

File PE Metadata

Compilation timestamp:

11/30/2016 1:30:44 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x158044

Entry point:

55, 8B, EC, 83, C4, F0, B8, 24, 0C, 55, 00, E8, 7C, 2B, EB, FF, A1, D8, 43, 56, 00, 8B, 00, E8, FC, D7, F6, FF, A1, D8, 43, 56, 00, 8B, 00, B2, 01, E8, 2A, F5, F6, FF, 8B, 0D, 78, 45, 56, 00, A1, D8, 43, 56, 00, 8B, 00, 8B, 15, 0C, B7, 54, 00, E8, EE, D7, F6, FF, A1, D8, 43, 56, 00, 8B, 00, E8, 32, D9, F6, FF, E8, D9, E4, EA, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.7443

Developed / compiled with:

Microsoft Visual C++

Code size:

1.3 MB (1,404,928 bytes)

The file farmfrenzy3_setup.exe has been seen being distributed by the following 2 URLs.

http://files.myplaycity.com/.../farmfrenzy3_setup.exe

http://files2.myplaycity.com/.../farmfrenzy3_setup.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to SRV.QVFF001.local (37.58.60.225:80)

Remove farmfrenzy3_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.