» pmahjongf_setup.exe
Overview
Analysis
File Details
Downloads (1)

pmahjongf_setup.exe

MyPlayCity Inc

The application pmahjongf_setup.exe, “Play Mahjong Forever Setup ” by MyPlayCity Inc has been detected as a potentially unwanted program by 24 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.dwn.cz.

File name:

pmahjongf_setup.exe

Publisher:

MyPlayCity.com (signed by MyPlayCity Inc)

Description:

Play Mahjong Forever Setup

MD5:

595b761fa86dbc48c7251de92121d7f0

SHA-1:

6a9ad73cbc6fe3cc328d84d8d2590aff671efa60

SHA-256:

e73bf9a4302b5434a9eaada13905952277b027f722e89d310b1a1c9d2865aee9

Scanner detections:

24 / 68

Status:

Potentially unwanted

Analysis date:

12/26/2024 6:18:30 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.SaveNow.FN

778

Agnitum Outpost

Adware.Advantage

7.1.1

Avira AntiVirus

Adware/SaveNow.FN

7.11.167.154

avast!

Win32:Whenu-H [PUP]

2014.9-141219

Baidu Antivirus

PUA.Win32.WhenU.BSaveNow

4.0.3.141219

Bitdefender

Adware.SaveNow.FN

1.0.20.1765

Comodo Security

ApplicUnwnt.Win32.Adware.WhenU.SaveNow

19215

Dr.Web

Adware.SaveNow.214

9.0.1.0353

Emsisoft Anti-Malware

Adware.SaveNow.FN

8.14.12.19.03

ESET NOD32

Win32/Adware.WhenU.SaveNow

8.10266

F-Prot

W32/Adware.AFJN

v6.4.7.1.166

F-Secure

Adware.SaveNow.FN

11.2014-19-12_6

G Data

Adware.SaveNow.FN

14.12.24

IKARUS anti.virus

AdWare.Win32.Advantage

t3scan.1.7.5.0

McAfee

Artemis!595B761FA86D

5600.6912

MicroWorld eScan

Adware.SaveNow.FN

15.0.0.1059

NANO AntiVirus

Trojan.Win32.SaveNow.behwl

0.28.2.61519

Norman

SaveNow.AVX

11.20141219

nProtect

Adware.SaveNow.FN

14.08.14.01

Panda Antivirus

Generic Malware

14.12.19.03

Sophos

AdVantage

4.98

Trend Micro House Call

TROJ_GEN.R047B01H514

7.2.353

Vba32 AntiVirus

Adware.WhenU.SaveNow

3.12.26.3

VIPRE Antivirus

WhenU

32274

File size:

2 MB (2,123,768 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

English (United States)

Common path:

C:\users\{user}\downloads\pmahjongf_setup.exe

Digital Signature

Signed by:

MyPlayCity Inc

Authority:

VeriSign, Inc.

Valid from:

8/3/2007 2:00:00 AM

Valid to:

8/3/2009 1:59:59 AM

Subject:

CN=MyPlayCity Inc, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=MyPlayCity Inc, L=Alexandria, S=Virginia, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

51E14B200B9E175019E0824C8CEAA923

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:G6dF3E/8+JffaRRuA++vJk4Mz6EZefHOX89yIFSWVbv4Y:9dVE/8lRRuA/W7efH4MpVbr

Entry address:

0x97F0

Entry point:

55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, D6, 98, FF, FF, E8, DD, AA, FF, FF, E8, 00, CD, FF, FF, E8, 47, CD, FF, FF, E8, 3E, F3, FF, FF, E8, A5, F4, FF, FF, 33, C0, 55, 68, 9A, 9E, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 50, 9E, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 5A, FA, FF, FF, 8D, 55, F0, 33, C0, E8, C0, D1, FF, FF, 8B, 55, F0, B8, D4, BD, 40, 00, E8, 87, 99, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D4, BD, 40, 00, B2, 01, B8... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

36 KB (36,864 bytes)

The file pmahjongf_setup.exe has been seen being distributed by the following URL.

http://www.dwn.cz/.../pmahjongf_setup.exe

Remove pmahjongf_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.