» playnowradio.exe
Overview
Analysis
File Details
Behaviors (2)
Programs (1)
Network (16)

playnowradio.exe

MMC

Montiera Technologies LTD

The application playnowradio.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘playnowradio’. This file is typically installed with the program Play Now Radio by Montiera Technologies Ltd. which is a potentially unwanted software program. While running, it connects to the Internet address ny1wv3280.xglobe.net on port 80 using the HTTP protocol.

File name:

playnowradio.exe

Publisher:

Montiera Technologies LTD

Product:

MMC

Version:

1.2.0.2

MD5:

3871b233ff4637ce82de3732dd767e8a

SHA-1:

c7fb84c07b0f565990ff57180eb382ce84d738bf

SHA-256:

798501a083ceb326e8fc8d8c5f8ed4f45c8930a842ad93ec069dc571d5230d4e

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 5:48:28 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Montiera

16.2.28.22

File size:

339 KB (347,136 bytes)

Product version:

1.2.0.1

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\playnowradio\playnowradio\1.3.2.18\playnowradio.exe

File PE Metadata

Compilation timestamp:

12/16/2013 3:36:32 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:NsTXZSl1a1NlL/syX0gUfdchHt0jBKp9b/MDs/yjVd:2rZa1wNlL/syX0TfdcQe9b/os/0

Entry address:

0x2A3D7

Entry point:

E8, E7, 6E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, 8B, 5D, 08, 56, 85, DB, 74, 11, 83, 7D, 0C, 00, 76, 11, 85, DB, 75, 23, 33, C0, E9, BC, 00, 00, 00, 83, 7D, 0C, 00, 74, EF, E8, 89, 18, 00, 00, 6A, 16, 5E, 89, 30, E8, 2D, 18, 00, 00, 8B, C6, E9, A0, 00, 00, 00, FF, 75, 0C, 53, E8, B8, D1, FF, FF, 59, 59, 3B, 45, 0C, 72, 05, C6, 03, 00, EB, D5, 57, FF, 75, 10, 8D, 4D, F0, E8, 0C, CC, FF, FF, 80, 3B, 00, 8B, FB, 8B, F3, 74, 63, 8A, 0F, 8B, 55, F4, 0F, B6, C1, 03, C2, 8A, 50, 1D, F6... 
[+]

Entropy:

6.3683

Code size:

232 KB (237,568 bytes)

Scheduled Task

Task name:

Play Now Radio

Trigger:

Time (Next runs on 2013-12-21 at 10:25 AM)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

playnowradio

Command:

C:\users\{user}\appdata\local\playnowradio\playnowradio\1.3.2.18\playnowradio.exe

The file playnowradio.exe has been discovered within the following program.

Play Now Radio by Montiera Technologies Ltd.

This potentially unwanted ad-supported program will bundled a number of adware applications on install including: Criteo DealPly Revenue hits Matomy Jolly wallet Ac plus 50OnRed Superfish Offersbar Thinkthank

www.playnowradio.com

73% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to sage.parklogic.com (69.39.236.56:80)

TCP (HTTP):

Connects to ec2-54-72-9-115.eu-west-1.compute.amazonaws.com (54.72.9.115:80)

TCP (HTTP):

Connects to unknown.prolexic.com (72.52.4.90:80)

TCP (HTTP):

Connects to retarget.xa.dc.openx.org (173.241.240.7:80)

TCP (HTTP):

Connects to ny1wv3280.xglobe.net (204.145.82.20:80)

TCP (HTTP):

Connects to mpr7.ngd.vip.ch1.yahoo.com (217.163.21.40:80)

TCP (HTTP):

Connects to mpr6.ngd.vip.ch1.yahoo.com (217.163.21.39:80)

TCP (HTTP):

Connects to float.1334.bm-impbus.prod.fra1.adnexus.net (37.252.170.82:80)

TCP (HTTP):

Connects to float.1148.bm-impbus.prod.fra1.adnexus.net (37.252.170.6:80)

TCP (HTTP SSL):

Connects to edge-star-shv-06-fra2.facebook.com (31.13.81.81:443)

TCP (HTTP):

Connects to ec2-54-236-196-48.compute-1.amazonaws.com (54.236.196.48:80)

TCP (HTTP):

Connects to dfw06s38-in-f26.1e100.net (74.125.227.250:80)

TCP (HTTP):

Connects to dfw06s38-in-f14.1e100.net (74.125.227.238:80)

TCP (HTTP):

Connects to a96-17-203-19.deploy.akamaitechnologies.com (96.17.203.19:80)

TCP (HTTP):

Connects to a23-4-53-163.deploy.static.akamaitechnologies.com (23.4.53.163:80)

TCP (HTTP):

Connects to a23-12-213-109.deploy.static.akamaitechnologies.com (23.12.213.109:80)

Remove playnowradio.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.