home

minecraft.exe

Software

Alpha Apps (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application minecraft.exe, “Software Setup ” by Alpha Apps (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download Minecraft but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Alpha Apps (Fried Cookie Ltd.)  (signed and verified)

Product:
Software

Description:
Software Setup

MD5:
285cbe56ecd09338055a831056158e1b

SHA-1:
86a09db911b909c20220e0ff0dfc8eeae7956763

SHA-256:
42a83b3a86562dfaba4a732f611ea9df3832700bcfc32996d78e66db79700e7b

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/29/2024 11:45:07 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.FC (M)
17.2.28.6

File size:
755.4 KB (773,512 bytes)

Product version:
1.3

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\minecraft.exe

Digital Signature
Signed by:
Alpha Apps (Fried Cookie Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
12/16/2014 10:17:05 AM

Valid to:
12/17/2015 10:17:05 AM

Subject:
CN=Alpha Apps (Fried Cookie Ltd.), O=Alpha Apps (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112116F755147494667BE08D39682946E152

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file minecraft.exe has been seen being distributed by the following URL.

http://cdn.captaindownloadfiles.com/?data=Si3EF2GBkjvQawpVUrC1YKO3cs/RbtbG0fKwG8Yj0AVSMtWAkaVMcznt4go mAXYdEmPXw41DVfcnuTnEcQfue6rLl2zJTiCotsq 0ATiXO8zS4CKIc2ixrtl8IDrLI8oCrEkUwdBLyBrtpatUbWLTGkTJ2vJM5ZCaAwfPlJxIMbqmD2a3VUyX106LBNW9LgQ/WZhIvcPVnf1au8lV49TyFcI5hSRmf8iWsLcM63H1xEaGccm93ILI1H4Yc2B8JvCFNAeAu 5tKO4DPHM36vbOs4Vf9CcL6kE30e497biRbfG4mV aHscu/A4eXpmGfUZJ6ftwbErzhxP5W1OG2JFqeKubHu892gAA/4qiHnmHTo3m78T4 XwJMVm7YtFGs4GU8rK3PFO9n2qFd Xs3CTobk3Yk8NOLr2CUmTRzlZARg485L3G/8e7VsSfBgWmjkD62iCzGn0mOb7fJhy0sAaqceMrnHAT/rePloq5ECEI1yCuoUYy3QX ZvcUjrnGfpfg17FcTJDXlJzcY GtHAFkq0xMancQb/wBAb6X pH8FGcc7pKtuWpL4gXPLsNXirDKuwHJHY1romTZLs0CNelD9umWfVXvlkFYmN/gv7ykqEC9I9Bq EYIBEIBhEBd5S2LVC3qdaUX Ng8YaDG77skxbsoSX9A8p0gHrFMdOcbAy7eAUDwpA2bWJ5gQihmlY 4Q9LCVIPmzBZrRMBFwNV5X3AbNkhG7Fbw83QvtTOkMwnwkwLAcLUIYmGIDxIECXQnu2e eA3YjwdRlC35MakSdneKwqNAzv11yyucvF1ccGJm5SNMbS0do1bnZDGPUrOqoBD3QwxMibR8/xVQ/.../MCsuKJO8nvoT

Remove minecraft.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.