home

playfizzsetup.exe

GPV Entertainment, LLC

The application playfizzsetup.exe by GPV Entertainment has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from dl.playfizz.com.
Publisher:
GPV Entertainment, LLC  (signed and verified)

MD5:
7205c416dc0f6c4ad23618b3888e9ccf

SHA-1:
db9e8a4dbaf697db9ffe0412cea407babea69d8a

SHA-256:
7502fa27d21753c6f02ee3363d3469dc8c83855d74a0ad32bb6eb47bc4166796

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/26/2024 4:29:18 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.5.21

File size:
1.1 MB (1,143,216 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\playfizzsetup.exe

Digital Signature
Signed by:
GPV Entertainment, LLC

Authority:
Thawte, Inc.

Valid from:
8/27/2013 8:00:00 PM

Valid to:
8/28/2014 7:59:59 PM

Subject:
CN="GPV Entertainment, LLC", O="GPV Entertainment, LLC", L=San Francisco, S=California, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
45EF66BE6B38E1B06237253AB9E5A32D

File PE Metadata
Compilation timestamp:
7/9/2013 4:15:24 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x23592

Entry point:
E8, 85, 77, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C...
 
[+]

Entropy:
7.7372  (probably packed)

Code size:
210 KB (215,040 bytes)

The file playfizzsetup.exe has been seen being distributed by the following URL.

http://dl.playfizz.com/pfdl/eNcmKFc0HVADIBEPijBY3cokVVn6Qg1VMOmUj1BCIrkAZs6wDHNyWqcaZ2Ol/WXe67GLnixBxcRWRCD4DgK8cm2v48zwDXd1gY6tejpVlw/XhFKAB5qwZdXdC/.../PlayFizzSetup.exe

Remove playfizzsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.