home

stardefender4_setup.exe

MyPlayCity Inc

The application stardefender4_setup.exe by MyPlayCity Inc has been detected as a potentially unwanted program by 5 anti-malware scanners. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from files.myplaycity.com.
Publisher:
MyPlayCity Inc  (signed and verified)

Version:
10.0.0.0

MD5:
f23e1d703b4c6cf54831e289f5370da8

SHA-1:
cf0410e1280c9e2f20a851d5d52ad8a5217fa22c

SHA-256:
3543c41ac0c615d3527ae0786142a874c187210068b9efb0b26d5364528dfa32

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/19/2024 1:01:54 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
AdLoad.OpenCandy
2016.0.3179

Dr.Web
Adware.OpenCandy.39
9.0.1.05190

ESET NOD32
Win32/OpenCandy.C potentially unsafe application
7.0.302.0

herdProtect (fuzzy)
variant of mahjongquest_setup.exe
2015.6.12.13

File size:
2.9 MB (3,033,384 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\users\{user}\downloads\nueva carpeta\stardefender4_setup.exe

Digital Signature
Signed by:
MyPlayCity Inc

Authority:
VeriSign, Inc.

Valid from:
6/3/2012 6:00:00 PM

Valid to:
8/1/2015 5:59:59 PM

Subject:
CN=MyPlayCity Inc, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=MyPlayCity Inc, L=Alexandria, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4849CA3C762A3ED2D31F1C8C95D39684

File PE Metadata
Compilation timestamp:
7/23/2014 3:43:28 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:/pcD2378CSH+0KWPW6rM6uWLPb4MlFksTDT4V4Ge5Yw8TFs+7am:Bc63gW6o6uWLPbFFA45Yw9C

Entry address:
0x1B0048

Entry point:
55, 8B, EC, 83, C4, F0, B8, F0, 83, 5A, 00, E8, 90, A7, E5, FF, A1, 50, A6, 5C, 00, 8B, 00, E8, A8, 55, F1, FF, A1, 50, A6, 5C, 00, 8B, 00, B2, 01, E8, D6, 72, F1, FF, 8B, 0D, F0, A7, 5C, 00, A1, 50, A6, 5C, 00, 8B, 00, 8B, 15, F4, FD, 59, 00, E8, 9A, 55, F1, FF, A1, 50, A6, 5C, 00, 8B, 00, E8, DE, 56, F1, FF, E8, 7D, 5F, E5, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6274

Developed / compiled with:
Microsoft Visual C++

Code size:
1.7 MB (1,763,840 bytes)

The file stardefender4_setup.exe has been seen being distributed by the following URL.

http://files.myplaycity.com/.../stardefender4_setup.exe

Remove stardefender4_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.