home

minecraftsetup.exe

%VENDOR% Downloader

Max Source (New Media Holdings Ltd.)

The application minecraftsetup.exe, “Internet Setup ” by Max Source (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download Minecraft but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
%VENDOR%  (signed by Max Source (New Media Holdings Ltd.))

Product:
%VENDOR% Downloader

Description:
Internet Setup

Version:
1.0.5.a0.1_34879

MD5:
30d675a6ffcff0d7080377fe41dea0f5

SHA-1:
e87246f06f86a93aa10ad2809d898fb7fff5e0a4

SHA-256:
52724c4c7f9e5135c1beac75561cdd8f268431b39484174e3379d966f70685bc

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/17/2024 2:26:13 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH (M)
16.10.5.14

File size:
775.2 KB (793,824 bytes)

Product version:
1.0.5.a0.1_34879

Copyright:
%VENDOR%

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\minecraftsetup.exe

Digital Signature
Signed by:
Max Source (New Media Holdings Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
1/5/2015 9:28:11 PM

Valid to:
1/6/2016 9:28:11 PM

Subject:
CN=Max Source (New Media Holdings Ltd.), O=Max Source (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C760BF9B54EB36DEB0AD05A1B41E71C2

File PE Metadata
Compilation timestamp:
6/20/1992 3:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:D9pSUMcPQoT8XnEpIsD9Nt2k61SJkOf5YGz:D3icPsXnEpX9NH6kJdf6G

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

Remove minecraftsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.