home

minecraftdl_4344.exe

Oleh Aleksyuk

The application minecraftdl_4344.exe by Oleh Aleksyuk has been detected as adware by 23 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from www.zilliontoolkitusa.info and multiple other hosts.
Publisher:
Oleh Aleksyuk  (signed and verified)

MD5:
e0474d302ecec9d31c130b4b1edaac5c

SHA-1:
a9ff57ce15fa8b8864ec55410ce9a796c911b32a

SHA-256:
9740c073198c3a8c690f570090396290f3a50827b5e3cae26ddefe2d86024a97

Scanner detections:
23 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/26/2024 11:52:10 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.MPlug.17
794

AhnLab V3 Security
PUP/Win32.MultiPlug
2014.12.03

Avira AntiVirus
Adware/MultiPlug.bfp
7.11.190.0

avast!
Win32:MultiPlug-MK [PUP]
141130-1

AVG
Adware Generic_r.UH
2014.0.4189

Bitdefender
Gen:Variant.Adware.MPlug.17
1.0.20.1680

Comodo Security
Application.Win32.MultiPlug.PNU
20270

Dr.Web
Trojan.Crossrider.36840
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.MPlug.17
9.0.0.4668

ESET NOD32
Win32/Adware.MultiPlug.DW application
7.0.302.0

F-Prot
W32/A-c2186e88
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.MPlug.17
11.2014-02-12_3

G Data
Gen:Variant.Adware.MPlug.17
14.12.24

IKARUS anti.virus
AdWare.MPlug
t3scan.1.8.3.0

K7 AntiVirus
Unwanted-Program
13.186.14210

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
15.0.0.543

Malwarebytes
PUP.Optional.Multiplug
v2014.12.02.11

McAfee
MultiPlug-FQV
5600.6928

MicroWorld eScan
Gen:Variant.Adware.MPlug.17
15.0.0.1008

NANO AntiVirus
Riskware.Win32.MultiPlug.dfjscb
0.28.6.63850

Reason Heuristics
PUP.OlehAleksyuk.Q
14.12.2.23

Sophos
MultiPlug
4.98

Vba32 AntiVirus
SScope.Adware.MultiPlug
3.12.26.3

File size:
803.9 KB (823,152 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\minecraftdl_4344.exe

Digital Signature
Signed by:
Oleh Aleksyuk

Authority:
Unizeto Technologies S.A.

Valid from:
6/24/2014 2:42:54 AM

Valid to:
6/24/2015 2:42:54 AM

Subject:
E=oleh.aleksyuk@hotmail.com, CN=Oleh Aleksyuk, O=Oleh Aleksyuk, C=RU

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
3F42151CCAD6E8C610946EE44021DAF5

File PE Metadata
Compilation timestamp:
6/17/2013 12:15:41 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:oyvM6t7xRx1slnaaXioJjIiVoQaOZVPoWaAArRjW3Hv45R7oylfEhm:M49Rx1s4aXioHo4OWaBtj645poylEhm

Entry address:
0x14B82

Entry point:
E8, 7C, 48, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B0, 51, 43, 00, E8, E8, 0D, 00, 00, E8, 49, 4A, 00, 00, 0F, B7, F0, 6A, 02, E8, 0F, 48, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, D5, 06, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.8590  (probably packed)

Code size:
115.5 KB (118,272 bytes)

The file minecraftdl_4344.exe has been seen being distributed by the following 3 URLs.

http://www.zilliontoolkitusa.info/download/v1539?installer_file_name=minecraftdl_4344&filesize=XX&product_name=Flan&8217s Mod for Minecraft 1.7.10 1.7.2 and 1.6.4=&8217s Mod for Minecraft 1.7.10 1.7.2 and 1.6.4=&product_title=Flan&reffer=http://www.mediafire.com/download/vy2o8e8ws61c2b3/Flan\\\'s_Mod-1.7.10-4.4.0.jar&product_download_url=<ServerUrl>/.../error.txt&for_html_installer=1&custom=Different extension&product_file_name=error.txt&layout_id=8&st=1&uuid=Ud15F9yI7XZyhS8eXRrNAKq3JOXfveJiA3ZNa0VBrAE2Srl79uhxU0cXI8OepS62Y1qq2ue7xVCGi3A6cTgls5wB07FJ8SwqiuwsqDT2xzLsoTbb96v5M3KbwDStRCRiJJKT9Ab68CKeAeekm6oOi2rI5rgIKCmsu3xBzXoNyFHRicjFqQdx5Cy77s2SDUdSCVjUyrrF9mXU9zkm2LsyGv3yDrWWxICMEES2CmcoCGZvsFg831DDXVRewVwgm6dhY1JMQwTjwzCSOw3R8DLz6TLPgCoKS0QwO3ukPDDHz2Ziow86B0YmnZcvEkA5D6AqbcdMaKkoMDaf9XWueftCgUx6pWJMWKJhoueN7pnEI18ceoCf6T5UesrgRNBN2gCjOSLn2VAD0PlNckjFRlZT9WbZROiqg9IlMM6yj285baDkpXP53qd5rUdPktISAbWXMUzjoHAgzf5f5mBqI9w4NdcgshWh2LjAPQHPwYwn3PrIIpgu5L6V14fkm

http://www.zilliontoolkitusa.info/v1539?product_name=Flan&8217s Mod for Minecraft 1.7.10 1.7.2 and 1.6.4&filesize=XX&product_title=Flan&8217s Mod for Minecraft 1.7.10 1.7.2 and 1.6.4&installer_file_name=minecraftdl_4344&reffer=http://www.mediafire.com/download/.../Flan\\\'s_Mod-1.7.10-4.4.0.jar

http://www.minecraftdl.com/installer.php?url=http://www.mediafire.com/download/.../Flan\'s_Mod-1.7.10-4.4.0.jar&pid=4344

Remove minecraftdl_4344.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.