Malware

Win32/MyPlayCity.A potentially unwanted malicious file

Malware Removal

The Win32/MyPlayCity.A potentially unwanted is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/MyPlayCity.A potentially unwanted virus can do?

  • Sample contains Overlay data
  • Presents an Authenticode digital signature
  • Performs HTTP requests potentially not found in PCAP.
  • Attempts to modify Internet Explorer’s start page
  • Drops a binary and executes it
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Win32/MyPlayCity.A potentially unwanted?



File Info:

name: 741FA089C17B48B02B93.mlw
path: /opt/CAPEv2/storage/binaries/df26bedf9a7c8f2189dad80141438aeead2708e5b6406e045cee129d42f67271
crc32: 3A0C8DA1
md5: 741fa089c17b48b02b93ca983ef69565
sha1: b8f1ac0a6385dea042010607fc825473397686a5
sha256: df26bedf9a7c8f2189dad80141438aeead2708e5b6406e045cee129d42f67271
sha512: dd0a988d8a7f4e3e708ec00981a2d7f19d25471b87cfd0bcaf902758c8a3952fdaa2e0bc5babc76556d396b5b6d04c25487531070a26616e48f66d57cdd53416
ssdeep: 49152:qjO9v+S0g3RydrNXIOKFWp+T0TeNeH+MA5s0zTbSxypAFlK03LRNcsoo+AgwmjSc:s1NXIBFWp/eMA+F3+X
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F7F56C12A291D03BD0A6163DC93B96F4DD3B7D14EB6648972EF87C4C3E392812D3A647
sha3_384: 65557c05d5cc3afa0ddf13806d7cad07534d323581f1e77d2d164019bcef34910e6b35ce11d5908b873988fcae843487
ep_bytes: 558bec83c4f0b8d4e85400e88845ebff
timestamp: 2013-01-23 14:34:01


Version Info:

CompanyName: 
FileDescription: 
FileVersion: 9.3.0.0
InternalName: 
LegalCopyright: 
LegalTrademarks: 
OriginalFilename: 
ProductName: 
ProductVersion: 1.0.0.0
Comments: 
Translation: 0x0419 0x04e3

Win32/MyPlayCity.A potentially unwanted also known as:

BkavW32.AIDetectMalware
ESET-NOD32Win32/MyPlayCity.A potentially unwanted
Kasperskynot-a-virus:HEUR:Downloader.Win32.Agent.gen
TencentMalware.Win32.Gencirc.13fc73a6
SophosGeneric ML PUA (PUA)
IkarusPUA.MyPlayCity
JiangminDownloader.Agent.ibn
Antiy-AVLTrojan[Downloader]/Win32.Agent
ZoneAlarmnot-a-virus:HEUR:Downloader.Win32.Agent.gen
GoogleDetected
RisingTrojan.Generic@AI.100 (RDML:bIAA0v8IMEnX/hM6tmaZaw)
YandexTrojan.GenAsa!1Tmy5+seTMY
MaxSecureTrojan.Malware.300983.susgen
CrowdStrikewin/grayware_confidence_90% (D)

How to remove Win32/MyPlayCity.A potentially unwanted?

Win32/MyPlayCity.A potentially unwanted removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment