Play Lunar
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 9,010 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 5,299 |
| First Seen: | April 26, 2016 |
| Last Seen: | January 25, 2026 |
| OS(es) Affected: | Windows |
Computer users that love to play quick and fun online games may stumble upon the Playlunar.com site and be attracted to titles like ZigZag Twist and Combo Crusader. The premium games at Playlunar.com are available only to those who install the Play Lunar browser-based gaming platform and are willing to support the Play Lunar platform by watching video commercials and other ads. Security authorities report that the Play Lunar platform is supported by advertisements and may appear in your browser as an extension, add-on, and Browser Helper Object named PlayLunar. The PlayLunar program may be your ticket to the VIP zone of the Playlunar.com site, but you should keep in mind that you need to watch a few commercials before you start pillaging islands in the world of Pirate Hunter. Many users may not be comfortable with the ads by PlayLunar and wish to use an ad-blocker to continue playing premium games at Pllaylunar.com and skip the ads.
However, that is not possible because the PlayLunar platform has a blacklist of extensions and it may try to uninstall applications like AdBlock Plus by Eyeo GmbH and similar tools. The play Lunar gaming extension is considered to be a Potentially Unwanted Program (PUP), and you need to take into consideration its cons and pros carefully. The PlayLunar platform may make unwanted changes to your Internet settings and redirect you to suspicious pages that may host disturbing content. You should know that the PlayLunar extension is not secure and may download corrupted data on your PC. Also, the PlayLunar extension does not use SSL encryption, and you may be exposed to cyber threats like JS/Agent.NKW and HTML/iFrame.B. The PlayLunar extension is similar to the FunPopularGames Toolbar and GreenGame, and you should use a credible anti-spyware instrument to remove its files completely.
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Bancteian.A |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
26d3ef64ab7b049e50422ed900b847ee
SHA1:
03bd0c5e6c02a3f33305a3645572e7ad31a8f506
SHA256:
64E85E8C20AD303C26DFB3A2701C195F8EEAFED157AC800E558D903ED7DEA6FF
File Size:
8.14 MB, 8139668 bytes
|
|
MD5:
183084683eed6e11f2c323f3419a17c1
SHA1:
960dee1450e0df23b12943eddd60f1ee824e4bba
SHA256:
693C8B295291F941B2456537C3B96F90CB9854D71AAD1804E63E6E6EF93EA3FA
File Size:
2.08 MB, 2083840 bytes
|
|
MD5:
c31e9f952a8f14f54abb7ddd69925132
SHA1:
fc2e1e8ad94981abcb98e5ac242010c98243f2ed
SHA256:
B47C0D43472A77908617551AD7E05ED21E9A1A78E85B2FBAF717FD3942D0B836
File Size:
3.31 MB, 3310769 bytes
|
|
MD5:
c78e784a8b12b11cd6edcc53cdf7607f
SHA1:
8b6309aeb6b270df1786da491ef9ad89edaf30a2
SHA256:
0175C0260AEC73BCFF00358C3842FA88BECB3B817ABBEE70A510B718B7CAC9C9
File Size:
2.99 MB, 2992665 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has been packed
- File has exports table
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
Show More
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name | Bumi Nyiur Swalayan |
| File Description |
|
| File Version |
|
| Internal Name | TJprojMain |
| Legal Copyright | Mujan@2024 |
| Original Filename | TJprojMain.exe |
| Product Name |
|
| Product Version |
|
| Program I D | com.embarcadero.BK |
File Traits
- 2+ executable sections
- HighEntropy
- Installer Version
- ntdll
- packed
- VirtualQueryEx
- WriteProcessMemory
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 7,551 |
|---|---|
| Potentially Malicious Blocks: | 124 |
| Whitelisted Blocks: | 7,427 |
| Unknown Blocks: | 0 |
Visual Map
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Agent.DSS
- Bancteian.B
- Danabot.DI
- Injector.JDA
- Vadokrist.B
Files Modified
Files Modified
This section lists files that were created, modified, moved and/or deleted by samples in this family. File system activity can provide valuable insight into how malware functions on the operating system.| File | Attributes |
|---|---|
| c:\users\user\appdata\local\temp\nsyf822.tmp | Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete |
| c:\users\user\appdata\local\temp\nszf8b0.tmp\installoptions.dll | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nszf8b0.tmp\iospecial.ini | Generic Read,Write Data,Write Attributes,Write extended,Append data |
| c:\users\user\appdata\local\temp\nszf8b0.tmp\iospecial.ini | Generic Write,Read Attributes |
| c:\users\user\appdata\local\temp\nszf8b0.tmp\modern-wizard.bmp | Generic Write,Read Attributes |
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Anti Debug |
|
| User Data Access |
|
| Other Suspicious |
|
