» minecraft-1.7.2-v0.6.1.exe
Overview
Analysis
File Details
Downloads (1)

minecraft-1.7.2-v0.6.1.exe

Minecraft 1.7.2 - Майнкрафтинг.рф

Майнкрафтинг.рф

The executable minecraft-1.7.2-v0.6.1.exe, “Установщик Minecraft 1.7.2 - Майнкрафтинг.рф” has been detected as malware by 15 anti-virus scanners. The program is a setup application that uses the Setup Factory installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from xn--80aajtdglkd1axx.xn--p1ai.

File name:

Publisher:

Майнкрафтинг.рф

Product:

Minecraft 1.7.2 - Майнкрафтинг.рф

Description:

Установщик Minecraft 1.7.2 - Майнкрафтинг.рф

Version:

0.6.1.0

MD5:

354157c4f14b0b3172b155217e5ec3da

SHA-1:

9565f65d7adb2c0c35bba02b7c07de025e971592

SHA-256:

476ff334d7233a13907cc52571902939a37ac04fda0d022b0d276931d6784889

Scanner detections:

15 / 68

Status:

Malware

Analysis date:

4/25/2024 3:07:25 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.54258

981

Avira AntiVirus

TR/Strictor.54258.7

7.11.149.250

avast!

Win32:Malware-gen

2014.9-140529

Bitdefender

Gen:Variant.Strictor.54258

1.0.20.745

Emsisoft Anti-Malware

Gen:Variant.Strictor.54258

8.14.05.29.02

F-Secure

Gen:Variant.Strictor.54258

11.2014-29-05_5

G Data

Gen:Variant.Strictor.54258

14.5.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.6.1.0

McAfee

Artemis!354157C4F14B

5600.7115

MicroWorld eScan

Gen:Variant.Strictor.54258

15.0.0.447

Norman

Suspicious_Gen5.AOUGT

11.20140529

Qihoo 360 Security

Win32/Trojan.2eb

1.0.0.1015

Trend Micro House Call

TROJ_GEN.R0CBC0OEA14

7.2.149

Trend Micro

TROJ_GEN.R0CBC0OEA14

10.465.29

VIPRE Antivirus

Trojan.Win32.Generic

29262

File size:

3.5 MB (3,680,235 bytes)

Product version:

1.7.2.0

Trademarks:

Майнкрафтинг.рф

Original file name:

suf_launch.exe

File type:

Executable application (Win32 EXE)

Installer:

Setup Factory

Common path:

C:\users\{user}\downloads\minecraft-1.7.2-v0.6.1.exe

File PE Metadata

Compilation timestamp:

8/27/2013 11:10:44 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:1lKYXeDcWA93rVd6uxcCFDJBnG++Nq8sT:uYlWAFz6uGCNXG+R

Entry address:

0x29E1

Entry point:

E8, A6, 1D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, C8, AB, 40, 00, 83, 3C, F5, 54, A0, 40, 00, 01, 75, 1D, 8D, 04, F5, 50, A0, 40, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, FF, 15, C0, 70, 40, 00, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D3, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 50, A0, 40, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, C4, 70, 40, 00, 56, BE, 50, A0, 40, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, 18, FD, FF, FF, 83, 26, 00, 59, 83, C6, 08... 
[+]

Code size:

22 KB (22,528 bytes)

The file minecraft-1.7.2-v0.6.1.exe has been seen being distributed by the following URL.

http://xn--80aajtdglkd1axx.xn--p1ai/.../download.php?id=2124

Remove minecraft-1.7.2-v0.6.1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.