oddlyenough_setup.exe

MyPlayCity Inc

The application oddlyenough_setup.exe by MyPlayCity Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from files.myplaycity.com and multiple other hosts. While running, it connects to the Internet address 50.97.129.130-static.reverse.softlayer.com on port 80 using the HTTP protocol.
Publisher:
MyPlayCity Inc  (signed and verified)

Version:
9.3.0.0

MD5:
95e9d6c5604205d38c892118c3c7c5b1

SHA-1:
350b624d1ee75c46734bb7993f305f70e36bbb75

SHA-256:
c93beebbc664c178c075ac982a2369b1fc1c92d61d46b78b481863e39e5223e1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:36:23 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MyPlayCity.Installer.Meta (L)
16.6.5.23

File size:
2.3 MB (2,381,096 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\users\{user}\downloads\programs\juxe\oddlyenough_setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/4/2012 12:00:00 AM

Valid to:
8/1/2015 11:59:59 PM

Subject:
CN=MyPlayCity Inc, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=MyPlayCity Inc, L=Alexandria, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4849CA3C762A3ED2D31F1C8C95D39684

File PE Metadata
Compilation timestamp:
1/20/2014 12:11:08 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:J1CuISjvgZzSxksy2BX6VBxWTyTTfRQ5s3:J1atSHy2BX6V/a5a

Entry address:
0x1B6054

Entry point:
55, 8B, EC, 83, C4, F0, B8, 30, E0, 5A, 00, E8, FC, 46, E5, FF, A1, 3C, 06, 5D, 00, 8B, 00, E8, 78, 11, F1, FF, A1, 3C, 06, 5D, 00, 8B, 00, B2, 01, E8, A6, 2E, F1, FF, 8B, 0D, D4, 07, 5D, 00, A1, 3C, 06, 5D, 00, 8B, 00, 8B, 15, A0, 5E, 5A, 00, E8, 6A, 11, F1, FF, A1, 3C, 06, 5D, 00, 8B, 00, E8, AE, 12, F1, FF, E8, 3D, FF, E4, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.7 MB (1,787,392 bytes)

The file oddlyenough_setup.exe has been seen being distributed by the following 2 URLs.

http://files.myplaycity.com/.../oddlyenough_setup.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 50.97.129.130-static.reverse.softlayer.com  (50.97.129.130:80)

TCP (HTTP):
Connects to 173.193.227.92-static.reverse.softlayer.com  (173.193.227.92:80)

Remove oddlyenough_setup.exe - Powered by Reason Core Security