» minecraftforge1.7.2.exe
Overview
Analysis
File Details
Downloads (1)

minecraftforge1.7.2.exe

MineCraft DLInstaller

Publisher

The application minecraftforge1.7.2.exe has been detected as a potentially unwanted program by 33 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from www.softlicious.info.

File name:

Publisher:

Publisher

Product:

MineCraft DLInstaller

Version:

1.3.0.0

MD5:

885d24362eee0b717b62378224417dff

SHA-1:

0524e87120718e169d81b8dc5fe97deb0f431c7e

SHA-256:

16613b2d53be9133f91ecfb12de2e37aa2d5bf14e3be5847947bf85db446d90d

Scanner detections:

33 / 68

Status:

Potentially unwanted

Explanation:

Uses the Solimba installer to bundle adware offers.

Analysis date:

4/18/2024 10:55:51 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Downloader.SK

5651644

Agnitum Outpost

PUA.Firseria

7.1.1

Avira AntiVirus

APPL/Firseria.A.30

7.11.193.188

avast!

Adware-BQN [Trj]

150319-1

AVG

Adware BundleApp.DH

2014.0.4311

Baidu Antivirus

Adware.Win32.FirseriaInstaller

4.0.3.15419

Bitdefender

Application.Downloader.SK

1.0.20.545

Clam AntiVirus

Win.Trojan.Application-481

0.98/21511

Comodo Security

UnclassifiedMalware

20311

Dr.Web

infected with Trojan.DownLoader11.4341

9.0.1.05190

Emsisoft Anti-Malware

Application.Downloader.SK

9.0.0.4799

ESET NOD32

Win32/FirseriaInstaller.H potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/FirseriaInstaller

4/19/2015

F-Prot

W32/A-ce462a6e

v6.4.7.1.166

F-Secure

Application.Downloader.SK

11.2015-19-04_1

G Data

Application.Downloader.SK

15.4.24

K7 AntiVirus

Unwanted-Program

13.186.14270

Kaspersky

not-a-virus:Downloader.Win32.Morstar

15.0.0.543

Malwarebytes

PUP.Optional.BundleInstall

v2015.04.19.04

McAfee

Program.Artemis!885D24362EEE

16.8.708.2

MicroWorld eScan

Application.Downloader.SK

16.0.0.327

NANO AntiVirus

Riskware.Win32.Downware.czhrsg

0.28.6.63850

Norman

Application.Downloader.SK

03.12.2014 13:20:04

Panda Antivirus

Trj/OCJ.E

15.04.19.04

Qihoo 360 Security

Win32/Application.Downloader.b1b

1.0.0.1015

Quick Heal

AdWare.JS.r5 (Not a Virus)

4.15.14.00

Sophos

Solimba Installer

4.98

Trend Micro House Call

TROJ_GEN.R0CBC0EGU14

7.2.109

Trend Micro

TROJ_GEN.R0CBC0EGU14

10.465.19

Vba32 AntiVirus

Downware.Morstar

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

35562

Zillya! Antivirus

Downloader.Solimba.Win32.2

2.0.0.2001

File size:

785 KB (803,859 bytes)

Product version:

1.3.0.0

Original file name:

CustomInstaller.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\minecraftforge1.7.2.exe

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:leUaHI9JNVhG/ZA08sIrm3cIF5F+3NkL9rqxEYfXiEU4ru:taoDNVhG/O08semsI669reEEXiEUr

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file minecraftforge1.7.2.exe has been seen being distributed by the following URL.

http://www.softlicious.info/.../MinecraftForge1.7.2.exe

Remove minecraftforge1.7.2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.