home

minecraft.exe

The executable minecraft.exe has been detected as malware by 8 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from cdn.tomsguidefiles.com.
MD5:
7f78ebe0002c0cec3ddaed36fc8791f3

SHA-1:
379e9e0a290e80e0b953c4269da087400425583d

SHA-256:
d773770f3cc6ffc44317531f25d18bd5eedc665e4bd3a5387739a89a80c0e780

Scanner detections:
8 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
5/17/2024 12:42:10 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160708-3

AVG
Win32/Sality
2015.0.4604

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.225.2223.0

VIPRE Antivirus
Threat.4721115
50880

File size:
728.1 KB (745,620 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\minecraft.exe

File PE Metadata
Compilation timestamp:
7/12/2013 7:31:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
12288:F3M40bMXVrbQjnVCEwtMvZaLZwpYKkbH24vp:F3M40bQlkkDtMvZaypY1/B

Entry address:
0x1290

Entry point:
BD, 0B, 4F, 2A, 23, 21, EE, 0F, AF, FB, EB, 06, 8D, 05, DA, 1F, 66, D9, 0F, B7, C8, 85, F8, 85, C9, 85, F9, 2B, FF, 0F, B6, D2, FE, CB, 81, ED, 4E, 11, 41, 29, EB, 04, 85, CA, 22, E9, C7, C2, 4F, C8, 74, 54, 8A, CE, B9, 1F, 84, 93, BC, 81, C7, F5, 3A, 07, 00, 8D, 0D, DB, 82, C4, ED, 8B, F5, 81, EF, F4, 3A, 07, 00, 81, F9, 9B, A7, 00, 00, 71, 0C, C6, C1, E3, 81, C5, D0, 23, F2, 33, 0F, B6, CE, 88, CD, C7, C0, F5, 8C, 70, FC, 43, 69, F1, 7E, 1A, 19, BC, 81, FF, 97, 00, 00, 00, 0F, 86, 9F, FF, FF, FF, B4, 0F...
 
[+]

Entropy:
6.9265

Code size:
17.5 KB (17,920 bytes)

The file minecraft.exe has been seen being distributed by the following URL.

http://cdn.tomsguidefiles.com/c?x=2fGwwJoDuShAC/ydvhsw9aNLTXfXDB8ByY/ezam4hNM=&c=bhFyScc4IJFpumXBv1h5u1De69HkMmKgY3gaKSzkn6zvPcn9GdBqi2RVsS6BTWC7cl0YSCqXOzFgQQQjFE8Ox8IOZaEM4YPT6A6IjbeqQ3qMV1K72dRN/3y4Z7bgcwPw&fallback_url=https://s3.amazonaws.com/Minecraft.Download/.../Minecraft.exe&downloadAs=TomsInstaller.exe

Remove minecraft.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.