home

playfizzsetup.exe

GPV Entertainment, LLC

The application playfizzsetup.exe by GPV Entertainment has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from dl.playfizz.com.
Publisher:
GPV Entertainment, LLC  (signed and verified)

MD5:
24e2df3e2011f60bc404a7ef40c72f99

SHA-1:
dfa092585641c2a9e45385b3d67d2113e8ecc614

SHA-256:
543934c953158d8feb2109265a5b940dfff35dc3111e2fb1eec83490a8e39aa7

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/16/2024 9:13:58 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Threat.Undefined
9.0.1.084

ESET NOD32
Win32/OpenCandy potentially unsafe application
9.7.0.302.0

F-Prot
W32/OpenCandy.A2.gen
v6.4.7.1.166

K7 AntiVirus
Unwanted-Program
13.202.15381

NANO AntiVirus
Riskware.Win32.OpenCandy.dgmkpp
0.28.6.63850

Reason Heuristics
PUP.Installer.GPVEntertainment
15.3.25.18

File size:
1.6 MB (1,724,272 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\playfizzsetup.exe

Digital Signature
Signed by:
GPV Entertainment, LLC

Authority:
GoDaddy.com, Inc.

Valid from:
9/7/2012 2:18:56 AM

Valid to:
8/29/2013 1:31:25 PM

Subject:
CN="GPV Entertainment, LLC", O="GPV Entertainment, LLC", L=San Francisco, S=CA, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4EE308636E9AF0

File PE Metadata
Compilation timestamp:
3/18/2013 6:58:47 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:qfXgVQKimt5QZzq8AasCm4Z7XOAlygFu+jSBi5AaSZUuMj6CXdGmVKva0L:CGefUGzOAlzE8AapuMj6qBUvag

Entry address:
0x24879

Entry point:
E8, 9B, 77, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24...
 
[+]

Entropy:
7.8557  (probably packed)

Code size:
215 KB (220,160 bytes)

The file playfizzsetup.exe has been seen being distributed by the following URL.

http://dl.playfizz.com/pfdl/eNcmKFc0HVADIBEPjDFY3cokVVn6Qg1VMOSij1BnLLsGY8e3DVsSSZY4SmO /WXe67GLnixBxdxWRCTsDgKYUm2Pv9icLTdcrYvFf1JQ9yvLnG6sP7K4ZfylD/.../PlayFizzSetup.exe

Remove playfizzsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.