home

ppgames.exe

PlayPopGames

The application ppgames.exe by PlayPopGames has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from playpopgames.com and multiple other hosts.
Publisher:
PlayPopGames  (signed and verified)

MD5:
9e9b4d1ce19040fd83cd790c7d61994c

SHA-1:
96d16beca69e11f06531d20cd8d5c08e921452f3

SHA-256:
68f1e3d5b5f13ecce03d35b6d107281628f16cb35670ac3960c0d1d97be3f995

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 6:32:01 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.PlayPopGames.Installer.Meta (L)
15.12.3.23

File size:
71.3 KB (73,024 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\ppgames.exe

Digital Signature
Signed by:
PlayPopGames

Authority:
thawte, Inc.

Valid from:
5/7/2015 7:00:00 PM

Valid to:
5/7/2016 6:59:59 PM

Subject:
CN=PlayPopGames, O=PlayPopGames, L=Lake Forest, S=California, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
39C5744D7A877142C1133D8AC122DE74

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:BQpQ5EP0ijnRTXJk1NTyrGHhFw7gz9YPTte9UmxdGaIMgi:BQIURTXJkXTyrYm490TtO5ENMg

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.3925

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file ppgames.exe has been seen being distributed by the following 50 URLs.

http://playpopgames.com/pop/logclick.php?s=YTM2MDcxODMzNTSI7dd Shm3XmQtcSg5Xk7UV n8eewbVXLGm1IqD0CYLUOleV9HwiJd7J4XzE w9T38RRNhRxlB7uSIMHzSzRAezTVn1oqhX0gjGbVncY4YnKu4gUdcq7Me4XNXZwAaSSgJRkn7u/.../AelNaSPr3Hepsj VpJcddI3vSOcvyC6av&c=gameId2811

http://playpopgames.com/pop/logclick.php?s=YTQyNzAwMTU5NjjRwZbtWqCHIGGf8L94AYpHCqEaBD5djPPXM 08MghGQ0NjDp4Hyhid2N 6qxoVd/fwPXNueT6qV2ONKJ8V29Df 0/.../yo&c=gameId2811

http://playpopgames.com/pop/logclick.php?s=OTcyMzkyODA0OZJHZn6cbPug uB7BwyqyM6fGs9 EdPtKmZjSY9qWnaPs63Lq3foWwdFuAl czcocbxjCVWwHvk9OQBXgrlwR92Sd0S7bosokf7Oo6USaJNOpcg3/.../g6KgDrLO7rxgfzlZDvCcy SrhHv5xwBPyiFY90=&c=gameId2811

http://playpopgames.com/pop/logclick.php?s=OTM3MjE5NjU1NZJHZn6cbPug9Qu/.../KNz7flhti0z3HEKMyV980Okv p4iNWap2nkKR6AzdObVcWBnbNNO7XW3s25k6beCNYM0P867 Lo WmMdjli6Bg73qxHdfU ddrgAeg8EaldrurFzm64Y44ecBuT7XEB61jJwFT5WEoic=&c=gameId2811

http://playpopgames.com/pop/.../KCGermvGBfb9MygPq7jV84IBCD szDFahPG5pAiLTs6GSYDUP&c=gameId2811

http://playpopgames.com/pop/logclick.php?s=YTI2NzcyMjg3NDR7G4RHWxdQFjbKcgdGDEFkwB5RnEJ/BDjn8HD591i7l4g5gV9OK0pDcFnpdWFjmsr3RRTr/FVnrczb1fDTdg20b6/.../mXi2z9aQSNo5ErGFNzgRPY2uFQaIovXEcQ85X6DsWvd06d1C5HJ IPi0WmSmBlxQEmkxgr1FE3A7AF8HM1ke2KQ&c=gameId1085

http://playpopgames.com/pop/logclick.php?s=YTM3NTEzNjI2MziKP AXG/iaY3cXFOkUnATq0dAKt6GXHmEz5rCImm83qRD8XUrJ1Qp6C5EKjQI93uxpYOJcwvgFGAZZeoe1GXdTTZhX/.../xrR1XEa9oTd9hT5Kd7b1M1E1XNjLD3DT5CP gPGE6X3H325DpmTbQIZQU&c=gameId2811

http://playpopgames.com/pop/logclick.php?s=YTIwNjE1ODI5MDmQjPdZoHE/tp/Xd3/DpBpMqxu5PVqWqo4pCAjnPGq7rmemrquTs7sVFUUOUdUFZrfeObogojkOR7Olt3QUmyGU/iMCbLwembcF9tPSDiaAMAS3/.../4xxJFE6umafvNFYvD&c=gameId2811

http://playpopgames.com/pop/logclick.php?s=OTY2NDA5NDkwMFj0MuQqC5G8DmTdFjNUUU6PbnvwPP1FZ3HmaLV/0Y4zU6M6ix6iEGVL7baya8RZnpTFFDl slf/2/kimFig0yRG/.../T3V1KdnE9h8Wo6sODyZaqAnejrFYERZ4ta65g==&c=gameId2811

http://playpopgames.com/pop/logclick.php?s=OTU1NzQwMTEyMdh CG2XpuhuS2XzItjKq7B3zaLTlFO uzdi4MiboNnd6yyR9gM2F7Re8Pw07h4RCz4a8fcUl6z13YXXYIx4GUWSBZeqOv3jNmivhARzFWUdQaiTgYxYljc EkW4kwMWGe333/d8BnipVOLmAEctuIQnM/.../weTA=&c=gameId2811

http://playpopgames.com/pop/.../Rcq WEkJ6fAVupxttLk0237CyNw08ySm62Z3N0thGwfkQPDJBGxHh7RjMOQPZ09OYzaCIj6CZwnachUbNJY77Kb6YFzrNXg5kQ3EwjB4=&c=gameId1145

http://playpopgames.com/pop/.../HWKe8NCipDWckRgWSQm0NkrFDpLb7SjBTpsLRICF2UDVrF4l3LuJX&c=gameId2811

http://playpopgames.com/.../logclick.php?s=YTIxNTkxMDA4MTbUSPtx8WKp3zi14bisSKyWwpVDq4WQljkZBF4TBhS7tkFi0sgLY0iLQdQzoYcw6OoZfuPYI72PHM0eiRDPcDz811v9kux12BvxDaVRGkrmXKYsIIYT3ktzxUh3fU1udvcf9q7S3GO7liglA3ym oyKNXMEox05qOVqkvnepCJEMUBNieklnimV&c=gameId2811

http://playpopgames.com/pop/logclick.php?s=YTEzNjU2NTcyNDnhSNDwO/lvyZJRhFVUkAzyMRxw9b/BewDq7TuwpfgdztPbLKIYZHOd66V13idSRA670QpK6qanOAicpwoqL186jvai1e/B66KGgifk/.../s5klr7cCNMMRgDs2q2&c=gameId2811

http://playpopgames.com/.../logclick.php?s=YTM1MTc5ODkyMzRYpJ3kuDbh0reNtFjRo01CQ3rPEOA77qkLKXpEqGwwiJ8JDcHC0s68tlRC4a90an8usjp0dTJhaFOfsdcIHVoNZA76wRAvqJqVAHaJ8jeiQ5VW4Y95gxgowklATqJtZ0GUWJ1rkyocBb3hBImCUdqQrLR1unH9dLuVxxsGBc I5eJU2HVeV2go&c=gameId2811

http://playpopgames.com/pop/.../iiHIT64o0c45CpvIvneBApJdt1M5SZ0ajGApUbiMqQoF rJLvU3J6HlLpV7scrAkDxmnKxC n mmj7AJdWrvrhQKVHHN&c=gameId2811

http://playpopgames.com/pop/logclick.php?s=OTQ0MDg3ODY4ONHBlu1aoIcgOsFrvO6lgna2fCbhVv8RZEtyveyjrRYY5d YbdGsiEv33q4N KSzAFxNHJrDIFMfvY4ELn1QY7qtpWdTm6ypGNMXs16QMlzD/.../WkhllHknTnKffeAysluLrUhNVT JS2hchor b4Obf73HNPF3UOWPb7k=&c=gameId2811

http://playpopgames.com/pop/logclick.php?s=YTI1NjY3MzQ3MzVYpJ3kuDbh0nBXjnJvQkh37jVWMp0S/UaxMVY4niS7yOpvXlGvFyAXKo48DNQcyD2p/.../BMaYyOk5ZuztXufjLoSp iNkXA8dCXxUfSxJXwPTqUC 1Q4DmDja10uLNJXSXjml40cJ2dTmrMUYwMtj25ncjfQL3hnGdDHM&c=gameId2811

http://playpopgames.com/pop/.../dnoWE2EVDQPL4tRPzKzfTOH 3hXpHXK8R8DDKHzT3wvIkN3 KFVZ&c=gameId286

http://playpopgames.com/pop/logclick.php?s=YTI3MTkwMzk5Nzl7G4RHWxdQFtAsDJyn31AGIhcgLKNbvoKUs7eM/4T/ADtheGaIAXXYHfSoBTiUn6hcgbLNQWP yT2frZYHK5qtwoomu4iXy59RVZb1PiU6N0XX8CrFFQY3IFJeoteztG1NHJbB4qlN5A4WetJI4lxT8UD rUtZ5p/.../y4qEf&c=gameId2811

http://playpopgames.com/pop/logclick.php?s=YTM4MTcwOTYyNjS47ZGsQjFIGP9WlCAe 6iQJvzD9souwWbN8mGI5PeTNkFGTaN0Pka 7 i3SRslv/s1OzCD0fEd4CiAxXOh6v02HoN2FxhCVaJ n3D4BPCLL2KPHXMjoPPj3k5L9wQzSO7bALE6QW30TaCJemVH4J0SMoGgCmbO/.../mprUwdgRTGhGrxiTlwmYy&c=gameId2811

http://playpopgames.com/pop/logclick.php?s=YTExNDk0NTMwMTeKP AXG/iaY3cXFOkUnATq66 hAtpR3S22H0aHnDkkiANaUYAYQtyEuIs8/0h7BOi3X/.../mf0yUAos4WCpNVwHHbut8a0XV wZA2HK8yYl3jCChACyV51Hcm5eft1rHmpT0f6HUmM5VrF09Oz5pvbd1EJyGDH5qRaTLU2qnuRLHmo7 &c=gameId2811

http://playpopgames.com/pop/logclick.php?s=YTE4MjAxNDgxNTAKDe1ablXavy0Ft2NAuhDqVCOQJKFhwDCXZdwiI3McqUe8E7VoXic/SU3UDbfuyezjnvfV6d/jI9obHNF fnmd1a/5eseLMgqsaSS3lzkGTjio07dY8pNm3x2/.../kkRE yMOB3dV19i1M4cVZKnCJL34OwpGQ1kuwFK6Lt0dUamgCUNVy6&c=gameId2811

http://playpopgames.com/pop/.../VYxZm1WaDZcuVF1DkW1M5M&c=gameId2811

http://rras.playpopgames.com/pop/exe/.../PPGames.exe

http://playpopgames.com/pop/.../oqcnY cWE9xH2fT3fdC4AWlbRKpSyN93XzoPmJhfK134aEKEw6DjiU7dxoYQg8viwGniaG265R&c=gameId2811

http://playpopgames.com/pop/.../czHZVTtKdLw19rhSh7SeFUNY2BE13fvFoXZjz5EC7YOwT6YuUxi9dMG2kTWWgGyfQFM3aN2iYu YOMURrMl 9W&c=gameId2811

http://playpopgames.com/pop/logclick.php?s=ODgyNzI0ODAziO3XfkoZt15i8Gq1beVlED1mTH7i1RtC6skqkmvrE8/8Fn70WUgx7V1hzW9G4GZ66EdF0tU0CJy1GJ/0suyBgD/.../vIbqJiqQKp5TfJoK 7l6z37g3CkP5IOuu2w==&c=gameId2811

http://playpopgames.com/pop/logclick.php?s=YTI2MzcwNTUzMzjRwZbtWqCHILWIQmDW3M2eHlUZVxfBSHu0HSgxxGpz YmA51B6zoMQ7ajK6A/lNTw22FEl1jyyJHWvqx8FWEamdeQhmnGsrciSyiPvnKm p MEfwdSb XB7FgFHVvLOKbcRUbzJtPl0H4dhv1F/.../ ZEBjJzPg5l2UNWbIN rgQRRA10f4w&c=gameId2811

http://playpopgames.com/pop/logclick.php?s=YTM1ODk4MTc5NzKXSNG23dFmN4qH64u3iR3MwVaPWUE30i761xJp6Mf61m6lHJCgB6vR4vWOd9NPwbbNMoFtJSCWfcfW 1eLsU3/qR30C2oOJAyqVmlRufZgh9nrn/.../dFxC52cuy6D&c=gameId2811

Latest 30 of 310 download URLs

Remove ppgames.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.