home

minecraft-tower-defense.exe

Duck Play, LLC.

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application minecraft-tower-defense.exe by Duck Play has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as Minecraft but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Duck Play, LLC.  (signed and verified)

MD5:
7bbe549bbda9ccf66134ddc4a703c2bc

SHA-1:
b9886aec542e8e6b58be948e083f073e7bb39592

SHA-256:
b77c98ed5bf4280e79769b36991a513a9311f527cad6bd9cdf52b006af11c186

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 7:45:02 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

avast!
Win32:Malware-gen
2014.9-150907

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.InstallCore.EAK
22332

Dr.Web
Trojan.InstallCore.37
9.0.1.0250

ESET NOD32
Win32/InstallCore.BY potentially unwanted application
9.7.0.302.0

herdProtect (fuzzy)
variant of spring-bike.exe (Adware)
2015.9.7.17

K7 AntiVirus
Unwanted-Program
13.204.16137

Malwarebytes
PUP.Optional.InstallCore.SID.C
v2015.09.07.05

NANO AntiVirus
Riskware.Win32.InstallCore.dmfofu
0.30.24.1636

Reason Heuristics
PUP.installCore.DuckPlay (M)
15.8.2.21

VIPRE Antivirus
Adware.KitaraMedia
40824

File size:
755.5 KB (773,592 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\minecraft-tower-defense.exe

Digital Signature
Signed by:
Duck Play, LLC.

Authority:
VeriSign, Inc.

Valid from:
12/6/2012 7:00:00 PM

Valid to:
1/6/2015 6:59:59 PM

Subject:
CN="Duck Play, LLC.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Duck Play, LLC.", L=Plantation, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
61BB10A02680B1BE9CBF105FD54BEAAA

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:2yMJfsG/kRkbi0Fap0b4+A6AMj01tJEIJ3zVrByPeU/81MHNO56yLIeaj2DSLxm3:2yMJfsuf4T6AnXj5hF7U/8y06yLIeKLb

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.8626

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file minecraft-tower-defense.exe has been seen being distributed by the following URL.

http://installerlaunch-mm1.com/dl.php?dl=mm/mm_17947_v1.exe&dn=minecraft-tower-defense.exe&sid=1579-us&pid=1514&browser=ch&ptrk=0ra2g37loauu95anf63euvesn7&TYP_URL=http://.../ty.php

Remove minecraft-tower-defense.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.