» playnowradio.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (5)

playnowradio.exe

Play now radio

Pay By Ads LTD

The application playnowradio.exe has been detected as adware by 11 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered by a time event. This file is typically installed with the program Play Now Radio by Montiera Technologies Ltd. which is a potentially unwanted software program. While running, it connects to the Internet address NY1WV3438 on port 80 using the HTTP protocol.

File name:

playnowradio.exe

Publisher:

Pay By Ads LTD

Product:

Play now radio

Version:

1.3.0.0

MD5:

0297eafefbae7ceec5b165cd258f01a6

SHA-1:

9d2b7801bc5e97fb29dbc3b26cfc09cb3e334c50

SHA-256:

5b6da3a2265bd11f127398442a78a58a1ad02fff330f169f60c9bb6147cd989c

Scanner detections:

11 / 68

Status:

Adware

Analysis date:

4/26/2024 10:28:28 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.Montiera

7.1.1

avast!

Win32:Dropper-gen [Drp]

2014.9-150116

AVG

Generic_r

2016.0.3228

Dr.Web

Adware.Downware.2541

9.0.1.016

ESET NOD32

Win32/Toolbar.Montiera (variant)

9.10984

K7 AntiVirus

Trojan

13.190.14585

Malwarebytes

PUP.Optional.Montiera

v2014.03.13.03

McAfee

Artemis!0297EAFEFBAE

5600.6884

Reason Heuristics

PUP.Task.PayByAds

15.1.16.1

Sophos

PayByAds

4.98

VIPRE Antivirus

Trojan.Win32.Generic

36482

File size:

410.5 KB (420,352 bytes)

Product version:

1.3.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\playnowradio\playnowradio\1.3.4.22\playnowradio.exe

File PE Metadata

Compilation timestamp:

3/6/2014 2:12:08 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:Va0pqJp0MECfR7Xig3RDu37RGl4ECwodbkHyNt4Zxn/:qCwckHyv0B/

Entry address:

0x36E34

Entry point:

E8, BA, 6B, 00, 00, E9, 89, FE, FF, FF, B8, 38, E5, 43, 00, A3, D0, A9, 45, 00, C7, 05, D4, A9, 45, 00, 2E, DC, 43, 00, C7, 05, D8, A9, 45, 00, E2, DB, 43, 00, C7, 05, DC, A9, 45, 00, 1B, DC, 43, 00, C7, 05, E0, A9, 45, 00, 84, DB, 43, 00, A3, E4, A9, 45, 00, C7, 05, E8, A9, 45, 00, B0, E4, 43, 00, C7, 05, EC, A9, 45, 00, A0, DB, 43, 00, C7, 05, F0, A9, 45, 00, 02, DB, 43, 00, C7, 05, F4, A9, 45, 00, 8E, DA, 43, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, CB, 76, 00, 00, DB... 
[+]

Code size:

285.5 KB (292,352 bytes)

Scheduled Task

Task name:

Play Now Radio

Trigger:

Time (Next runs on 13/03/2014 at 07:57)

The file playnowradio.exe has been discovered within the following program.

Play Now Radio by Montiera Technologies Ltd.

This potentially unwanted ad-supported program will bundled a number of adware applications on install including: Criteo DealPly Revenue hits Matomy Jolly wallet Ac plus 50OnRed Superfish Offersbar Thinkthank

www.playnowradio.com

73% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to sage.parklogic.com (69.39.236.56:80)

TCP (HTTP):

Connects to NY1WV3438 (204.145.82.24:80)

TCP (HTTP):

Connects to unknown.prolexic.com (72.52.4.90:80)

TCP (HTTP):

Connects to ny1wv3280.xglobe.net (204.145.82.20:80)

TCP (HTTP):

Connects to ec2-54-72-9-115.eu-west-1.compute.amazonaws.com (54.72.9.115:80)

Remove playnowradio.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.