playthruplayer.exe

PlayThru Player

The application playthruplayer.exe by PlayThru Player has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Playthru Player’. This file is typically installed with the program Playthru Player. While running, it connects to the Internet address server-54-192-48-122.jfk5.r.cloudfront.net on port 443.
Publisher:
PlayThru Player  (signed and verified)

Product:
Playthru Player

Version:
1.5.0.10

MD5:
04dc0c00ef62e6157cb7ff2d954afc8a

SHA-1:
5617c49505311f0abf3934dcfe2ddebead8f3bb5

SHA-256:
81adc149d1732ba04d3b73874deb75300a43c9b7854162feca871de44dd7007e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 7:53:17 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.PlayThruPlayer (M)
15.12.15.0

File size:
391.4 KB (400,816 bytes)

Product version:
1.5.0.10

Copyright:
Playthru Player

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\playthruplayer\playthruplayer.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
7/20/2015 5:00:00 PM

Valid to:
7/20/2016 4:59:59 PM

Subject:
CN=PlayThru Player, O=PlayThru Player, L=Bellevue, S=Washington, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
6630841305A87210A3280BAB5B361393

File PE Metadata
Compilation timestamp:
7/29/2015 1:02:35 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:J9ek8YuPlMOk1P71bvAOaAOHIIq1h8LMDckU:Pek8YuPl21DRvw24MDckU

Entry address:
0x26282

Entry point:
E8, 6C, 95, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 51, 8D, 45, FC, 50, 68, D4, 3C, 44, 00, 6A, 00, FF, 15, 70, D1, 43, 00, 85, C0, 74, 17, 68, EC, 3C, 44, 00, FF, 75, FC, FF, 15, E0, D1, 43, 00, 85, C0, 74, 05, FF, 75, 08, FF, D0, C9, C3, 55, 8B, EC, FF, 75, 08, E8, C3, FF, FF, FF, 59, FF, 75, 08, FF, 15, 74, D1, 43, 00, CC, 55, 8B, EC, E8, EB, 46, 00, 00, FF, 75, 08, E8, 40, 47, 00, 00, 59, 68, FF, 00, 00, 00, E8, B0, 00, 00, 00, CC, 6A, 01, 6A, 01, 6A, 00, E8, 40, 01, 00, 00, 83, C4, 0C, C3, 6A, 01, 6A...
 
[+]

Entropy:
6.3873

Code size:
240 KB (245,760 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Playthru Player

Command:
"C:\Program Files\playthruplayer\playthruplayer.exe" \autostart=1


The file playthruplayer.exe has been discovered within the following program.

Playthru Player  by Playthru Player
About 6% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to server-54-192-48-122.jfk5.r.cloudfront.net  (54.192.48.122:443)

TCP (HTTP):
Connects to md-83.webhostbox.net  (162.222.227.194:80)

TCP (HTTP):
Connects to ns525914.ip-158-69-241.net  (158.69.241.183:80)

TCP (HTTP):
Connects to li974-246.members.linode.com  (45.33.20.246:80)

TCP (HTTP):
Connects to ec2-52-3-189-94.compute-1.amazonaws.com  (52.3.189.94:80)

Remove playthruplayer.exe - Powered by Reason Core Security