» minecraft-setup.exe
Overview
Analysis
File Details
Downloads (1)

minecraft-setup.exe

Findwide Too

The application minecraft-setup.exe by Findwide Too has been detected as a potentially unwanted program by 23 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. The file has been seen being downloaded from files4.uberdownloads.net.

File name:

minecraft-setup.exe

Publisher:

Findwide Too (signed and verified)

Product:

Findwide Too

Version:

61.7.5.9468

MD5:

3d30bc3d3d1cff74d918f3508a6ee05b

SHA-1:

a9aa7cd56f63135a41b7103d58e5bed651cbb3e5

SHA-256:

9cb7562725481724477e6f15d91401e002b5f6afb629b5ee368caeb38a46db48

Scanner detections:

23 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:

4/25/2024 4:14:21 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.DownloadAdmin.4

380

Agnitum Outpost

Riskware.Agent

7.1.1

AVG

Generic

2017.0.2858

Bitdefender

Gen:Variant.Application.Bundler.DownloadAdmin.4

1.0.20.100

Clam AntiVirus

Win.Trojan.Downloadadmin-254

0.98/21136

Comodo Security

Application.Win32.DownloadAdmin.P

23690

Dr.Web

Trojan.Vittalia.882

9.0.1.020

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.DownloadAdmin

8.16.01.20.08

ESET NOD32

Win32/DownloadAdmin.P potentially unwanted application

10.7.0.302.0

F-Secure

Riskware.Gen:Variant.Application.Bundler

11.2016-20-01_4

G Data

Gen:Variant.Application.Bundler.DownloadAdmin

16.1.25

IKARUS anti.virus

PUA.DownloadAdmin

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.212.18027

Malwarebytes

PUP.Optional.DownLoadAdmin

v2016.01.20.08

Microsoft Security Essentials

Threat.Undefined

1.211.1928.0

MicroWorld eScan

Gen:Variant.Application.Bundler.DownloadAdmin.4

17.0.0.60

Norman

Gen:Variant.Application.Bundler.DownloadAdmin.4

11.20160120

Panda Antivirus

Generic Suspicious

16.01.20.08

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1077

Reason Heuristics

PUP.FindwideToo.Installer (M)

16.1.20.20

SUPERAntiSpyware

PUP.FindWide/Variant

9373

VIPRE Antivirus

Threat.4150696

45548

Zillya! Antivirus

Adware.BrowseFox.Win32.155366

2.0.0.2548

File size:

883.8 KB (904,960 bytes)

Product version:

61.7.5.9468

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\minecraft-setup.exe

Digital Signature

Signed by:

Findwide Too

Authority:

VeriSign, Inc.

Valid from:

10/27/2015 8:00:00 PM

Valid to:

10/27/2016 7:59:59 PM

Subject:

CN=Findwide Too, O=Findwide Too, L=Oakland, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

02C51F80B23C60C6D28D650BC7FABAA8

File PE Metadata

Compilation timestamp:

10/26/2014 7:30:38 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:lGhY8GOUJvqnjjsG+6vqeuOY6caD+VWSgT:2YRqnj4yvruOEaD+wF

Entry address:

0x3F66

Entry point:

E8, A5, 95, 00, 00, E9, A7, 8E, 00, 00, 8A, 44, 24, 04, 53, 55, 8B, 6C, 24, 14, 83, C5, 01, 56, 8B, 74, 24, 14, 88, 44, 2E, FF, 57, 0F, 84, CE, 00, 00, 00, 8B, 7C, 24, 24, B3, 0A, 8A, 0E, 0F, B6, D1, 0F, B6, 82, 60, C7, 44, 00, 83, E8, 01, 74, 5E, 83, E8, 01, 74, 4F, 83, E8, 01, 74, 1D, 8D, 87, 0C, 02, 00, 00, 39, 07, 72, 36, 57, E8, 22, 2A, 00, 00, 8B, 0F, 8A, 16, 83, C4, 04, 88, 11, FF, 07, EB, 41, 83, FD, 03, 72, 76, 80, 7E, 01, 0D, 75, 05, 38, 5E, 02, 74, 4C, 8D, 87, 0C, 02, 00, 00, 39, 07, 72, 09, 57... 
[+]

Entropy:

7.9639

Packer / compiler:

PEQuake V0.06

Code size:

53.5 KB (54,784 bytes)

The file minecraft-setup.exe has been seen being distributed by the following URL.

http://files4.uberdownloads.net/download/.../dl?bc=1192283&pid=TR&brand=uberdownloads.net&aid=DLM&s=MSN&c=uber_DLM_Minecraft_US&country=US&cb=-1812173467&osName=Windows&osVersion=8.1&browserName=IE&browserVersion=11&zTmp=1&executable=1196763

Remove minecraft-setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.