home

PlayFreeBrowser.exe

PlayFree Browser

MyPlayCity, Inc.

The application PlayFreeBrowser.exe by MyPlayCity has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address eu4-slave-162.fe.core.pw on port 443.
Publisher:
MyPlayCity, Inc.  (signed and verified)

Product:
PlayFree Browser

Version:
2.2.0.0

MD5:
eb0767f1c79c90fef5fc5a87db21627d

SHA-1:
1fe526bbe414fa9de441820aeabc45e82df1ce45

SHA-256:
6426981e4c21603a51b7982dbe62a3f8a6b716d65feafdb3840e8d9e059b101d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/8/2024 10:54:09 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MyPlayCity.Browser
16.2.18.17

File size:
1.1 MB (1,202,624 bytes)

Product version:
2.2.0.0

Copyright:
Copyright (C) 2012 MyPlayCity, Inc. All Rights Reserved.

Original file name:
PlayFreeBrowser.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\playfree browser\application\playfreebrowser.exe

Digital Signature
Signed by:
MyPlayCity, Inc.

Authority:
VeriSign, Inc.

Valid from:
3/30/2011 3:00:00 AM

Valid to:
3/30/2014 2:59:59 AM

Subject:
CN="MyPlayCity, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="MyPlayCity, Inc.", L=Alexandria, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7406B01F1EBD2B530DC35D133A04B51E

File PE Metadata
Compilation timestamp:
12/29/2012 10:32:19 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:wotnSXm16YlPzBY0QtJ7EuUCo2R23Sl22E/Cib+c4mJC6S2:LI21FzlyquTAacJCN2

Entry address:
0x96E81

Entry point:
E8, 80, AB, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, 58, 42, 4B, 00, 57, FF, 35, B4, 9B, 51, 00, FF, D6, FF, 35, B0, 9B, 51, 00, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE, 2B, FB, 8D, 47, 04, 83, F8, 04, 72, 75, 53, E8, D6, AB, 00, 00, 8B, D8, 8D, 47, 04, 59, 3B, D8, 73, 48, B8, 00, 08, 00, 00, 3B, D8, 73, 02, 8B, C3, 03, C3, 3B, C3, 72, 0F, 50, FF, 75, FC, E8, 1E, 66, 00, 00, 59, 59, 85, C0, 75, 16, 8D, 43, 10, 3B, C3, 72, 3E, 50, FF, 75, FC, E8...
 
[+]

Code size:
715.5 KB (732,672 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to kiks.yandex.ru  (213.180.204.143:443)

TCP (HTTP SSL):
Connects to static.yandex.net  (178.154.131.217:443)

TCP (HTTP SSL):
Connects to avatars.mds.yandex.net  (87.250.247.181:443)

TCP (HTTP):
Connects to suggest.yandex.net  (87.250.250.63:80)

TCP (HTTP SSL):
Connects to static.244.24.76.144.clients.your-server.de  (144.76.24.244:443)

TCP (HTTP):
Connects to static.139.235.251.148.clients.your-server.de  (148.251.235.139:80)

TCP (HTTP SSL):
Connects to eu4-slave-162.fe.core.pw  (185.12.241.162:443)

TCP (HTTP SSL):
Connects to yandex.ru  (77.88.55.88:443)

TCP (HTTP SSL):
Connects to top-fwz1.mail.ru  (217.69.133.148:443)

TCP (HTTP SSL):
Connects to mc.yandex.ru  (87.250.251.119:443)

TCP (HTTP SSL):
Connects to front.ape.yandex.net  (87.250.250.83:443)

TCP (HTTP SSL):
Connects to ed-sl-a117.fe.core.pw  (92.223.20.117:443)

TCP (HTTP SSL):
Connects to ed-sdb-a84.fe.core.pw  (92.223.20.84:443)

TCP (HTTP SSL):
Connects to cache.google.com  (91.218.5.29:443)

TCP (HTTP SSL):
Connects to bs.yandex.ru  (93.158.134.90:443)

TCP (HTTP SSL):
Connects to bam-3.nr-data.net  (50.31.164.173:443)

TCP (HTTP SSL):
Connects to awaps.yandex.ru  (213.180.193.131:443)

TCP (HTTP):
Connects to avatars-fast.yandex.net  (87.250.247.171:80)

TCP (HTTP SSL):
Connects to mpr2.ngd.vip.ir2.yahoo.com  (217.12.15.54:443)

TCP (HTTP):
Connects to dl1.playground.ru  (212.42.63.221:80)

Remove PlayFreeBrowser.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.