PUP.MyPlayCity Games Search

By CagedTech in Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.MyPlayCity Games Search
Signature status:	Self Signed

Known Samples

MD5: 0549c76bb7fd4026dc8bc1a8d20430ec

SHA1: ecf2207c37ab2ad4fd0dc03973055e35b5db015f

SHA256: 331A975D714EED5D95BE397D2E9E0B35CA0A996A642CCFD4612EAC08E288BD39

File Size: 7.75 MB, 7751296 bytes

MD5: 5bc53df92de3966053cecd55f7e68f5d

SHA1: 9bc3eb1c23021ea65f8c4adfe3f984bb2df4d65a

SHA256: 45E48436E94A704EE00B1DA082E5519F72ECE0B660B958A86C30FE831A92C51F

File Size: 1.99 MB, 1988016 bytes

MD5: cdc4bc4c1b25772db3efbe9fb05c7440

SHA1: 96d8d5f86a0144e11cb11732b02723e545dfda97

SHA256: 96847B421314C31D3482802DDB66173564B460C0EF8D9972A26851AA36F6B3BE

File Size: 1.76 MB, 1757480 bytes

MD5: cb4214d296afb1c5c69e745280226b91

SHA1: 424ecb4562078ce89d4143c5250e1f30d275d5f9

SHA256: 9815FD902934F0940B5860E0708FA49C33C9C0ED637A5B8061C922E69965DD3A

File Size: 2.00 MB, 1995520 bytes

MD5: b7eaa3f44e206807f81e6a16a449fb52

SHA1: 7b527507c70c0b00bdfecec4f880f31c602ac057

SHA256: 0896FA6626452BC14DFB9A603BA56970CE110B16ECAF95D75976BC0E28BD15B5

File Size: 3.79 MB, 3787856 bytes

MD5: 4ef99aa64f2851e55549562e17348d63

SHA1: 1302b15f0310306b64013ded34cfa0257ec86258

SHA256: EE5FD245AF9BD7B3634849491710F2F239AB79831015432977D7A50409CA8E82

File Size: 4.41 MB, 4408007 bytes

MD5: aa5ae5b96e4e192ef900437a287f4252

SHA1: 2c7dcbc4671cafd139d4ac3b34176995438beddf

SHA256: E27D5344EBB1C3D5D8F986187E641FEEA74B51404BA32CEA6AE8907938E7D09B

File Size: 3.09 MB, 3088784 bytes

MD5: d2e0daf68d8f865637adc4d63820c385

SHA1: 45ed6bd75b79b9204d707fbcfd38c77386e02966

SHA256: B0BEF383EB0BCC2BBF67906E0A109D06833C3189C6AFACCE66948D62E34F7EAA

File Size: 6.43 MB, 6434384 bytes

MD5: aa0e7f9805ac5433a805befd85e05441

SHA1: f02a8882e17035a6ec1e33dd6c193454309a975d

SHA256: 8B0A830193BA6EBA5DB43237D0206D3C7E2660AB23428CE88100217D8D61A250

File Size: 7.19 MB, 7188976 bytes

MD5: 2a95c5eff6d8bb56296a56661f7c5498

SHA1: 5843393bbe03a3d19cd993410b7047548de063c2

SHA256: 9E945531C8D83E2894F9EB857D816F8C7CE8DC0BEDA4E474B85D29BE86FC4547

File Size: 2.00 MB, 1995520 bytes

MD5: 099f06bce8bc9999266278a6f715f353

SHA1: a4934c07295b85c22504ffe17c10a80eeb21eee3

SHA256: 9A9FB823E7555545B646ECD08F82FA6AD565B69058332DA2E619D084907D5B72

File Size: 1.99 MB, 1988016 bytes

MD5: 57bd715fe6950d8319a01b4c66b73b2d

SHA1: 4b9057b1ff481677de0f13b6a9442c7cbe3a9a3e

SHA256: 13BD40ED6CD1E3CA8463F0C646819D0310DE05B74A4C03D3C2860B6D0E36F186

File Size: 1.99 MB, 1988016 bytes

MD5: 54c31ebcc4426e6b8389463016f9c588

SHA1: 274fff4ae42cc6c3e82afe430b7fd409acafdf68

SHA256: 2D4FFE60BED08DA0AF7E747EA0F3EBE474DCC4B605307EAF6F4D177735606BBC

File Size: 1.99 MB, 1988016 bytes

MD5: 4732beac776eb5cb58527870393bed08

SHA1: 08737a13afae53102ba77e51b88f3fd714317915

SHA256: 287307FB48F39D0F5BAF30C2369EB65DCB115D680681540DE23527912DB4BE29

File Size: 1.72 MB, 1717544 bytes

MD5: db543164c3e3a69e96e1cbcc4000f39f

SHA1: 30b875b85f67da1682e42d77b0a520d7e4a4c155

SHA256: F060E01EFC5E1818B9AB5C42BA81A2AC8166CE6F67BA765C4C920E2384708472

File Size: 2.00 MB, 1995520 bytes

MD5: fa907f3fc71a2ba86ba9101587012f2a

SHA1: 1e753a9ea6bb96943c9ae274f5f1c60a6018b97d

SHA256: 3BD7F75DB4CFC376666450D04A69A37D1D265102607586CD2123350C30E690AF

File Size: 1.26 MB, 1262720 bytes

MD5: 50733277e31f6999e715dfbce0be1a05

SHA1: 98350cbf7ac790809e18854504d43078e686efb4

SHA256: E91097994756B9865FF863737761FF5A56094570DD25B3341CA1F9A7D43CCF87

File Size: 1.66 MB, 1662760 bytes

MD5: 1077f847235d01fec79a95811da1ec29

SHA1: 2131eee1c14d6e0cb36c1e8fec785a8b2b27fd41

SHA256: 39064B34DF14DED9985E5F6C7B56E1C075B11EEA255C45EF0189F187A47F09AC

File Size: 9.48 MB, 9478336 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)

File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	This installation was built with Inno Setup. This installation was built with Inno Setup: http://www.innosetup.com
Company Name	MyPlayCity, Inc. MyPlayCity, Inc. MyPlayCity.com
Company Short Name	MyPlayCity, Inc.
File Description	Alien Outbreak 2 Setup Amusive Chess Setup My Free Mahjong Setup Need For Extreme Setup PlayFree Browser Road Attack Setup Star Defender 2 Setup
File Version	10.5.0.0 10.0.0.0 9.2.0.0 2.2.2.3
Internal Name	setup
Last Change	162039
Legal Copyright	Copyright (C) 2012 MyPlayCity, Inc. All Rights Reserved. Copyright © 2009 MyPlayCity, Inc. Copyright © 2011 MyPlayCity, Inc. Copyright © 2012 MyPlayCity, Inc. Copyright © 2014 MyPlayCity, Inc.
Official Build	0
Product Name	Alien Outbreak 2 Amusive Chess My Free Mahjong PlayFree Browser Road Attack Star Defender 2
Product Short Name	PlayFree Browser
Product Version	2.2.2.3 1.0.0.0

Digital Signatures

Signer	Root	Status
MyPlayCity Inc	Symantec Class 3 SHA256 Code Signing CA	Self Signed
MyPlayCity Inc	VeriSign Class 3 Code Signing 2009-2 CA	Self Signed
MyPlayCity Inc	VeriSign Class 3 Code Signing 2010 CA	Self Signed
MyPlayCity, Inc.	VeriSign Class 3 Code Signing 2010 CA	Self Signed

File Traits

Inno
InnoSetup Installer
Installer Manifest
Installer Version
x86

Block Information

Similar Families

Trojan.Downloader.Gen.BO

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\actionballdeluxe_setup_files\toolbar.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\actionballdeluxe_setup_files\toolbar.ini.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\afmissions_setup_files\toolbar.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\afmissions_setup_files\toolbar.ini.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\azteca_setup_files\search.xml	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\azteca_setup_files\search.xml.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\azteca_setup_files\toolbar.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\azteca_setup_files\toolbar.ini.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\bonga_setup_files\toolbar.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\bonga_setup_files\toolbar.ini.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data

c:\users\user\appdata\local\temp\chrome_installer.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\eternaljourney_setup_files\toolbar.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\eternaljourney_setup_files\toolbar.ini.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-1psuq.tmp\ecf2207c37ab2ad4fd0dc03973055e35b5db015f_0007751296.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-dfhg6.tmp\7b527507c70c0b00bdfecec4f880f31c602ac057_0003787856.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-pjpe2.tmp\2c7dcbc4671cafd139d4ac3b34176995438beddf_0003088784.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\myplaycitygametab.xpi	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\myplaycitygametab.xpi.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\pbirds_setup_files\toolbar.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\pbirds_setup_files\toolbar.ini.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rescueteam2_setup_files\toolbar.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rescueteam2_setup_files\toolbar.ini.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\treasurehunter3_setup_files\toolbar.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\treasurehunter3_setup_files\toolbar.ini.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Shell Execute	CreateProcess
User Data Access	GetUserObjectInformation
Anti Debug	NtQuerySystemInformation

Shell Command Execution


							"C:\Users\Irpytxhi\AppData\Local\Temp\is-1PSUQ.tmp\ecf2207c37ab2ad4fd0dc03973055e35b5db015f_0007751296.tmp" /SL5="$2013E,7449889,54272,c:\users\user\downloads\ecf2207c37ab2ad4fd0dc03973055e35b5db015f_0007751296"


							"C:\Users\Mxsmwgxj\AppData\Local\Temp\is-DFHG6.tmp\7b527507c70c0b00bdfecec4f880f31c602ac057_0003787856.tmp" /SL5="$8005A,3494479,54272,c:\users\user\downloads\7b527507c70c0b00bdfecec4f880f31c602ac057_0003787856"


							"C:\Users\Njwexvws\AppData\Local\Temp\is-PJPE2.tmp\2c7dcbc4671cafd139d4ac3b34176995438beddf_0003088784.tmp" /SL5="$50038,2840889,54272,c:\users\user\downloads\2c7dcbc4671cafd139d4ac3b34176995438beddf_0003088784"

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

PUP.MyPlayCity Games Search

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Perseus Banking Malware

Uragan Ransomware

ValidVersion.app

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen