playthruplayerbrowser.exe

PlayThru Player

The application playthruplayerbrowser.exe by PlayThru Player has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address static-74-212-205-209.24shells.net on port 80 using the HTTP protocol.
Publisher:
PlayThru Player  (signed and verified)

Version:
1.0.2.2

MD5:
be4674abc6bba2d75698492e3e9354e8

SHA-1:
483cc0093f0f2c9977fe78c47f2f574315dba80f

SHA-256:
b73fde857cb5ace1c5cd993ed6828ebd58f076a6e7c242c0cefde2af03f71d66

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 12:51:16 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.PlayThru (M)
16.3.10.0

File size:
549.9 KB (563,096 bytes)

Product version:
1.0.2.2

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\playthruplayer\playthruplayerbrowser.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
7/20/2015 8:00:00 PM

Valid to:
7/20/2016 7:59:59 PM

Subject:
CN=PlayThru Player, O=PlayThru Player, L=Bellevue, S=Washington, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
6630841305A87210A3280BAB5B361393

File PE Metadata
Compilation timestamp:
3/8/2016 11:46:53 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
12288:4b9LYxFNjxiyO2vK/DDaM3aHKnj+qKrmUVhV:aiFNFiyuDaM36Sj+brjhV

Entry address:
0x2CDA1

Entry point:
E8, AE, 06, 00, 00, E9, 80, FE, FF, FF, 55, 8B, EC, 6A, 00, FF, 15, CC, C0, 45, 00, FF, 75, 08, FF, 15, D0, C0, 45, 00, 68, 09, 04, 00, C0, FF, 15, 64, C1, 45, 00, 50, FF, 15, C8, C0, 45, 00, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 0B, D9, 01, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, C0, D7, 47, 00, 89, 0D, BC, D7, 47, 00, 89, 15, B8, D7, 47, 00, 89, 1D, B4, D7, 47, 00, 89, 35, B0, D7, 47, 00, 89, 3D, AC, D7, 47, 00, 66, 8C, 15, D8, D7, 47, 00, 66, 8C, 0D, CC, D7, 47, 00, 66, 8C, 1D, A8...
 
[+]

Entropy:
6.3880

Code size:
362 KB (370,688 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static-74-212-205-209.24shells.net  (209.205.212.74:80)

TCP (HTTP):
Connects to usloft4651.serverprofi24.eu  (209.126.120.45:80)

TCP (HTTP):
Connects to 104-156-51-209.static.hvvc.us  (104.156.51.209:80)

TCP (HTTP):
Connects to static-122-212-205-209.24shells.net  (209.205.212.122:80)

TCP (HTTP):
Connects to edge-ash1.cxense.com  (23.92.189.245:80)

TCP (HTTP):
Connects to a23-209-190-17.deploy.static.akamaitechnologies.com  (23.209.190.17:80)

TCP (HTTP):
Connects to server-52-84-64-51.ord51.r.cloudfront.net  (52.84.64.51:80)

TCP (HTTP):
Connects to server-52-84-63-59.ord51.r.cloudfront.net  (52.84.63.59:80)

TCP (HTTP):
Connects to ec2-174-129-34-89.compute-1.amazonaws.com  (174.129.34.89:80)

TCP (HTTP):
Connects to server-52-84-67-181.ord51.r.cloudfront.net  (52.84.67.181:80)

TCP (HTTP SSL):
Connects to dmppixel-shared-mtc-c.evip.aol.com  (64.12.245.38:443)

TCP (HTTP SSL):
Connects to adtech-ads-adtech-frr-a.evip.aol.com  (195.93.42.2:443)

TCP (HTTP):
Connects to ec2-52-2-227-53.compute-1.amazonaws.com  (52.2.227.53:80)

TCP (HTTP SSL):
Connects to ec2-52-15-92-52.us-east-2.compute.amazonaws.com  (52.15.92.52:443)

TCP (HTTP):
Connects to ec2-23-23-150-90.compute-1.amazonaws.com  (23.23.150.90:80)

TCP (HTTP):
Connects to ec2-23-21-56-63.compute-1.amazonaws.com  (23.21.56.63:80)

Remove playthruplayerbrowser.exe - Powered by Reason Core Security