home

minecraft.exe

FUSION INSTALL

The Fusion Installer, which is a variant of Adknowledge's download manager bundles a number of ad-supported offerings in the installer. The application minecraft.exe, “Fusion Install ” by FUSION INSTALL has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. With this installer, users are expecting to download Minecraft but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Fusion Install   (signed by FUSION INSTALL)

Product:
Fusion Install

Description:
Fusion Install

Version:
2.4.8.1

MD5:
510dc876b8e911826bfc02cf82bc927d

SHA-1:
d56bfee628125104d6e03474a6eaead242ca8de1

SHA-256:
dea9b12a1e4bd9223bc349d20942a898071bac81d24904cdeee775fa9f757af3

Scanner detections:
28 / 68

Status:
Adware

Explanation:
This setup/installer bundles various adware components (toolbars, coupon extensions, ad-supported extensions and utility offers).

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/16/2024 10:31:58 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Buzus
2014.02.09

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.138.26

avast!
Malware-gen
2014.9-160127

AVG
Win.Threat.Medium
2017.0.2852

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.Ibryte.NW
17962

Dr.Web
Trojan.Packed.25441
9.0.1.027

ESET NOD32
Win32/AdWare.iBryte.M application
10.7.0.302.0

Fortinet FortiGate
Riskware/Generic.AC.2694800
1/27/2016

F-Prot
W32/S-c8557b7d
v6.4.7.1.166

G Data
Win32.Application.OptimumInstaller
16.1.24

K7 AntiVirus
Unwanted-Program
13.203.15693

Kaspersky
not-a-virus:AdWare.Win32.iBryte
14.0.0.753

Malwarebytes
PUP.Optional.OptimumInstaller.A
v2016.01.27.11

NANO AntiVirus
Trojan.Win32.Buzus.ctabuf
0.28.0.58491

nProtect
Trojan/W32.Inject.1673000
15.04.23.01

Panda Antivirus
PUP/iBryte
16.01.27.11

Quick Heal
Adware.iBryte.EK4
1.16.14.00

Reason Heuristics
PUP.Adknowledge.FUSIONINSTALL.Installer (M)
16.1.27.11

Rising Antivirus
PE:Malware.iBryte!6.1441
23.00.65.16125

Sophos
iBryte Optimum Installer
4.98

Total Defense
Win32/Tnega.FCQVUaD
37.0.11057

Trend Micro House Call
TROJ_BUZUS_DD300467.UVPA
7.2.27

Trend Micro
TROJ_BUZUS_DD300467.UVPA
10.465.27

Vba32 AntiVirus
SScope.Malware-Cryptor.iBryte
3.12.24.3

VIPRE Antivirus
Optimum Installer
27574

Zillya! Antivirus
Trojan.Buzus.Win32.120147
2.0.0.2149

File size:
1.6 MB (1,659,688 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) 2013 Fusion Install

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\minecraft.exe

Digital Signature
Signed by:
FUSION INSTALL

Authority:
VeriSign, Inc.

Valid from:
10/3/2013 7:00:00 PM

Valid to:
9/20/2014 6:59:59 PM

Subject:
CN=FUSION INSTALL, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=FUSION INSTALL, L=Kansas City, S=Missouri, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3615E290FD8B112928257EE3CD74B519

File PE Metadata
Compilation timestamp:
1/24/2014 12:50:19 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:RKiXTMcUQc6PojCPM2DXr+9TRwTJ1yveHjry92veHSry9dGmAe44Aj0trbmtBGzg:RKiXTMc9JSn2DXrAw1kGBBGBd8

Entry address:
0x35CD5

Entry point:
E8, BE, 8C, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, B0, 4C, 47, 00, E8, C1, 35, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 18, F8, 58, 00, 77, 22, 6A, 04, E8, C1, 8E, 00, 00, 59, 83, 65, FC, 00, 56, E8, 23, 9C, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, CD, 35, 00, 00, C3, 6A, 04, E8, A4, 8D, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 83, 3D, 74, E4, 58, 00, 00, 75, 18, E8, F9, 81, 00, 00, 6A, 1E, E8, 21, 80, 00, 00, 68, FF, 00, 00, 00, E8, 37, 4D, 00, 00, 59, 59, A1...
 
[+]

Entropy:
7.0971

Code size:
391 KB (400,384 bytes)

The file minecraft.exe has been seen being distributed by the following URL.

http://install.oinstaller6.com/o/.../MineCraft.exe

Remove minecraft.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.