» installer_minecraft_spanish.exe
Overview
Analysis
File Details
Downloads (1)

installer_minecraft_spanish.exe

Free Software LLC

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application installer_minecraft_spanish.exe by Free Software has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download Minecraft but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.

File name:

Publisher:

Free Software LLC (signed and verified)

MD5:

a7bccfac5a786e210513ff569c34198c

SHA-1:

14b7bc7f3c21a9d79103111e5c647d1b97d9d60d

SHA-256:

c9d0da8bd9126808230f6f3f3b259b96d9db86db87dda1cf9ed759a7b5f15a66

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

5/9/2024 5:39:10 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.installCore (M)

16.8.7.16

File size:

5.2 MB (5,501,920 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Common path:

C:\users\{user}\downloads\installer_minecraft_spanish.exe

Digital Signature

Signed by:

Free Software LLC

Authority:

Starfield Technologies, Inc.

Valid from:

8/1/2014 7:08:01 AM

Valid to:

7/22/2015 8:23:49 AM

Subject:

CN=Free Software LLC, O=Free Software LLC, L=Wilmington, S=Delaware, C=US

Issuer:

SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

27DD6AADCC34E6

File PE Metadata

Compilation timestamp:

7/8/2014 6:25:50 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:4s70+WTQNEPgae9W4pIH6UYWNWaSTiUlK5m+WQ5QS3sPMUb47z+bxl:40kA

Entry address:

0x1C0BB

Entry point:

E8, B7, 9D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, D5, 43, 00, E8, 6F, 41, 00, 00, E8, 60, 37, 00, 00, 0F, B7, F0, 6A, 02, E8, 4A, 9D, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 48, 68, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

192.5 KB (197,120 bytes)

The file installer_minecraft_spanish.exe has been seen being distributed by the following URL.

http://minecraft.descargar.es/down.php

Remove installer_minecraft_spanish.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.