home

minecraft.exe

SOFTWARE INSTALLER

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application minecraft.exe, “Fusion Install ” by SOFTWARE INSTALLER has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Adknowledge Fusion installer. The installer is marketed through download protals and search ads as Minecraft but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Fusion Install   (signed by SOFTWARE INSTALLER)

Product:
Fusion Install

Description:
Fusion Install

Version:
2.4.8.1

MD5:
3a88290721ac5ff857472dc15d5e6ae7

SHA-1:
d915001a5a9785378f0abd8bdaa639462e19c6ee

SHA-256:
d3727f9dfaf710763450e3dd9a886a16f6b956b3092a03bff66b9b1432b19ad1

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 3:36:58 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Adknowledge.SOFTWAREINSTALLER.Installer (M)
16.1.19.11

File size:
222.8 KB (228,144 bytes)

Product version:
2.4.8.1

Copyright:
Copyright (C) 2013 Fusion Install

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\minecraft.exe

Digital Signature
Signed by:
SOFTWARE INSTALLER

Authority:
VeriSign, Inc.

Valid from:
10/3/2013 8:00:00 PM

Valid to:
9/20/2014 7:59:59 PM

Subject:
CN=SOFTWARE INSTALLER, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SOFTWARE INSTALLER, L=Kansas City, S=Missouri, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
652F70E683E058123B6C29E79760D2E0

File PE Metadata
Compilation timestamp:
5/24/2014 1:00:12 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:q5FTGAntFZvuYdXnGTSS6kSeEhzOSFvDuA5JiBjQkB4mcy5t+plc5XF:qjGAntDmYdXGTSASea3DuAEbH+plcpF

Entry address:
0xFCA7

Entry point:
E8, 30, 53, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 44, 82, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 38, 80, 42, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63...
 
[+]

Entropy:
6.3660

Code size:
156 KB (159,744 bytes)

The file minecraft.exe has been seen being distributed by the following URL.

http://735322.gosecureinstall.com/o/.../MineCraft.exe

Remove minecraft.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.