home

minecraft.exe

Ginapaho

LAM Proactive And Investments Ltd

The application minecraft.exe, “Ginapaho Setup ” by LAM Proactive And Investments has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.newclearchuckle.com and multiple other hosts.
Publisher:
Nema   (signed by LAM Proactive And Investments Ltd)

Product:
Ginapaho

Description:
Ginapaho Setup

MD5:
f494c6e2ce468f0ad0fba4e4d0abf8f4

SHA-1:
48af9ace4aac3808b742ee0183f6b1f770321609

SHA-256:
f2e25b3cc84d6a14851299d92ccf88f3f028eb7048ae867c6edf11163117e734

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
5/25/2024 10:07:44 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.LAMProac.Installer (M)
16.6.27.8

File size:
997.9 KB (1,021,824 bytes)

Product version:
4.7.4

Copyright:
Software

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\minecraft.exe

Digital Signature
Signed by:
LAM Proactive And Investments Ltd

Authority:
GlobalSign nv-sa

Valid from:
5/10/2016 4:04:53 PM

Valid to:
5/11/2017 4:04:53 PM

Subject:
CN=LAM Proactive And Investments Ltd, O=LAM Proactive And Investments Ltd, L=Herzliya, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112169523491FA6C7A30991E1A2D83769865

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:xiU5826hRPlUG7QNQpl92T5Vvw4s7OMxOrb1+8:gF2icNkDo/MA/E

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file minecraft.exe has been seen being distributed by the following 15 URLs.

http://www.newclearchuckle.com/DY4p0MqDxRPnDCqv6WmwaKJFV5SOqg_cdA EWx7il8AYH27g9z6LJK u4x5Ep3ESgfPVRGbtqf1YCw1iW9r3sQiobkf CCaG0kuaq1kJTBe5Sac1L6y sXrnP4RB5ZZL1ODPAcuUXFUOcFpL V4yUvU1hSE6Xw55 nz6qI8bJrLFshPknZ m6uo8I6chwvnWzvaIFBobVCwqaKCA hQty hVcSHH5ixYGattwkn342gR3aqasL5ymwqK2bLDBHC70EVw9COdSnkfRnmUEWtBz22Mb405x8_MT ckZ_H11AryaFHRmXTFxjwE7k3Vkf1rKGtIAR_Ghql2heoSd1N4_n8iwvnKj47i1LtBJQXhPiWIk5pFuk74ZzN7YAGNY3jnT 8gRBK4hwP2anZbFMLjZiF6VQ54L0mrL9B5 lTw9LOtFIt8 57Lw3gUYsESw4YrzI6op639miBH_izrHwnOTeHyfeSLjAukM04RJIjioq bRNNeojA=-G28AAOS5YWtGDImZIkOGjs03lKJTDthrZe3zyL8D8MFtCB6_4AikryNtY3Rpi3N7cAakng_yOd377GrqP5d4k 4OF0VzTuIpQWMiLtTR2uq QYMM-e

http://www.newclearchuckle.com/XHrTLCtFjC6g4atCElZvZmhwJrBwNyUXFLggj5hBfIgWbhQ0_CAeQOtf7ngPmfAgBjVUkzBvFha5BNqll4hq2jP di_DU_n0yQklAm3fAeAz2SulS_odCmikzLFmMbf9XiY147ujIVD6sxqAMaQE2TEBNBjyFykEZXzn MVSmqInu26V7cQjm0a9bLWmiuI7NGqwvwy3kycG OkPn1g2X00O7DGVCtXq384x92hSVRnJEnSFyyIDrT25GayvMrkHVCz87l5X3koCfg5II5B7QiD39cZvAQLH3sDFO5Vh3hP4O2HL9pvrmSeyY9z0mP KU8U8gcYoucpXMItroAlW8l0_uBuJ4Zh9YpSRehALx2KcPIdBLsfIjpI5RxuvPk MTWxUuT0VkjzvLDRaOizPf9IQz0FZdd8uyRcvIXtlb vSt5kFsNUQlqvdw6Ql0YF2xQNpKqDz9iXzqq755ARnEh9qo3EZV8zSdvNYUgx8E3NmtIY0A4I=-G28AAOS5YWtGDImZIkOGjs03lKJTDthrZe3zyL8D8MFtCB6_4AikryNtY3Rpi3N7cAakng_yOd377GrqP5d4k 4OF0VzTuIpQWMiLtTR2uq QYMM-e

http://download41.mediafire.com/h05wu0npjw9g/.../Minecraft.exe

http://www.newclearchuckle.com/xewjFn FYLx bOcHpnPZwbuaxsVb4gcwGiKcQqt5eanCKQz9zA1xp4fkMlS56fXAyW9H5vHDXSjuhyEAirU5eMe e6d1AcX3Sczprmia rnLGheTNdF7HaolnUbPFs2_NfcCa9xxMl0VHPlaBF9AQkWyIdDRCN ymWG43KHyqh ga1 kegV__t4o5CCgDaxeIe9Y UF8UPeQdT0afYGj9lTWOPzE28X_G c6emnkl k82c1yP3J3ZaZFd6QT3ktp4XwkcdeLyBKmEb80nnHRjrMoz7WUi88MaEPrCmBNbhSTWABrtOciodMdp32jnspOk8rDJWR5i8g_54fnw8_YyNCGZ6p spU35vk1e0SDLLIClqfaEc31JaHRcaV j4btkcR6EWUcbMRLJkcWnrcp5GZLsK0lF2hXgTXCYcD1vnYpzPbtKiF6HYJS_ViGi9PWDWylxKzScDbYqj6USprc0d0EpxqTx0S 4fAaHaO3tfvaeAB_ZIk=-G28AAOS5YWtGDImZIkOGjs03lKJTDthrZe3zyL8D8MFtCB6_4AikryNtY3Rpi3N7cAakng_yOd377GrqP5d4k 4OF0VzTuIpQWMiLtTR2uq QYMM-e

http://www.newclearchuckle.com/DJS95uM7LKRJI5xejnsOcOOJrylf_q9emmQAmyPkVZ2ecgBcKS1r9LJ9nyM6_1O_yOQAxasW2xKtuBrxVQqwefBWmU6 62HceJC1XsuG5pRSQ2uTdQPs 1EAuB R vrbd8xGuxf8u0F34U08q46AfURPI5YkXgtyEWjQnrkP8qZEOurtEbqukl96krKLbdjAVOVCNPfyG 5eHarnSsps8g47wUEOu16uKnyJMJfRif54Ydue5mJhc ftpWsUvyii4kMHZCxd_to9PKbebisPyoRTrIfyNRxWyXHAqU82x fBwfX2tUnablEO6yTbOyY4ytPiIChh J8V_29PHNbfNvpvRTz90OuSy9Pf1k4WCxtYseVdbyIp4YIpoQpbzTcKLDzdX8SxZgG_jMv6Tu_FIkdm6rAtZYn5TzKUNZCMYFl7A4c6YNfiLexOUvqpSFqjUql33_4ZT7cxgwbZN89AYybHcOwXzeKDR62gvv33nOFHF4G6cq4=-G28AAOS5YWtGDImZIkOGjs03lKJTDthrZe3zyL8D8MFtCB6_4AikryNtY3Rpi3N7cAakng_yOd377GrqP5d4k 4OF0VzTuIpQWMiLtTR2uq QYMM-e

http://www.newclearchuckle.com/zOCdncfdsy9vSlG8rhSilt7k4Wv l93dbHVq jLwNldAjVGhW5vA4cffhEqCvo4h5QrK6IeijSo4glkqn_vRPoHZWDbNVUoYUGlUtWkqBAHCr1Svc45Wx3rGR5rY6GWk9J81th2vsWHv_GnR Q5rwmvau5qSO ATsRrpSqt7eaUMT84 lGNCN7swQJlx8zREXcoyIzFzpU8bvHE7M3v PohpDihRLX8MBSEPaOozuTwe0hcVQ7OolU3pRKGgFpUOyLpHVcGV_NEQzwAOrOxt4zsDpeNNVyE0pjN73l2yeLeqC4VQTLOIet9V1b5M0I5ad8OBbTcN9kmqYmdL2oKUZ6saZkjUWSUZMfmKs_aCk4wfAtBXUgw7WrPrKIGK3nL4y_03QvrjEWoaHxz2mhFVI Heoh8oc5u70SOTXKlOroXyY hmGvQL 7W63eGvYi8JZwQXADQHidvZZLOWKVd3U_lUWS6nodhel RxiBTBaNP6cK_HCak=-G28AAOS5YWtGDImZIkOGjs03lKJTDthrZe3zyL8D8MFtCB6_4AikryNtY3Rpi3N7cAakng_yOd377GrqP5d4k 4OF0VzTuIpQWMiLtTR2uq QYMM-e

http://www.newclearchuckle.com/QqzDl9o1LZdvXW4S8r0i63 JnfPTnp8AkxUDB2dFClpLhXeymjIrhcb9yYCpwKC78Tdo9_AlNzUaKX5uqn0g__czU1_37bUzH5_yfuGw3oEELtSlpxu_oc3tdEguiMQUcUDDlArM4k9odFsk uCt3qTl82caB_nyHAUAHvC5hETPr6UJXjGNeHRaWF9afdaswANU_CldW 56qUFgVyaZtbebRl1Qu754p6oaeJK3cMW0BxLJQbqOW9QxNwE2smX_ozTtY U4WzbB0V1yyuIWKZQN3 ZDvg4Ck0efReIQc_Qvcro4pltWpnes_xsadzyDUYbBHjwXIXeneNIdu7HXgyyI7IEOHCnbHhXO09VOb qDes9NvHOOm8uZwjXIN3de348FISyRacVDG75RRoiT0FHcdyDTvo_kU9LwY6gQHUP8eqM87tlDgokRBBlcbJdCP5ONKgUVM DOK_kJ79_Tn8qz3savVoUpHo fsPJ1zyC_zYKLvZo=-G28AAOS5YWtGDImZIkOGjs03lKJTDthrZe3zyL8D8MFtCB6_4AikryNtY3Rpi3N7cAakng_yOd377GrqP5d4k 4OF0VzTuIpQWMiLtTR2uq QYMM-e

http://www.newclearchuckle.com/b5X5VZMFYTkJeZUMu5lUPilZOsUxu1ra1KWnyailhdr9CDcClQGGajzrm81seKKXFKKJYWKMr nbKqEAqF5AUoTz8uIWzU4r c0xl7OEQiW0d_XNnzlfqVsoDw_y5plB7GDDpOeJu12IHm_v5INxCLF5hGt45SVeck0SYWh6HCveF8XX8D67k5gLUq5yeL9j4A_graFeOFwcMncvkd8VUM7DIRjs9gH_eGBJsRtVHcVBw3JQQwrRcrC0qFqmA_0T5_9D9Ctjc6dj8i6owTs1u93sTKW6gpSd4GBSQjMnyfwlh1XAjAfA6qewD6EYH0axfb9SKZQsH9YzVdAbXpbD3dPoZ9D0zyK69dwE0sClTTCQb34w 79fnBelaVmtFKAnH4LRFaYBngHmLiEU9xJA9BHM_EKzjEyC7MI_37UQyobqOR HIpiMPMTT_9rODJf_lWkZMhq_o7wezWxJ2PRzLu16bDa2JczSa07y8aDfW5ssD43G1m0=-G28AAOS5YWtGDImZIkOGjs03lKJTDthrZe3zyL8D8MFtCB6_4AikryNtY3Rpi3N7cAakng_yOd377GrqP5d4k 4OF0VzTuIpQWMiLtTR2uq QYMM-e

http://www.newclearchuckle.com/aT8cq2U6GU5yTlvWwbtBUKSFTYdoN_gZaI712Qhu2bn99XBSMwe1 0okcfS17_WTys6qzSId6O53DPLgypk6HuxxDGSnco1_g_OI1U2Xl9rGnUCukngvrnMRoxdwAslJoOHV0qs1cgtccRfJLAa5E8rr1s9i42eoI1SgEyKJPHHbQn36OdWE1sWFSNzs1qMrSLtRejnLhycNSDHgLGRJTMxyQhmaFshxeE_NTaaLWHV629vbOTML7HdGcrf7CMhBWgWVf5MYtMX8kIsPOtP8FADiHLr0VGin dDrLM9bJpyd2DvrOcBKzYSAqZhQJcNLdHykPFbnZ9jAGA20dONbEUfGZurJ90EyjGhxRkdlR07pqwYnVgN7MLZxeu2fPN6G3Nv7t6f0x3634EdE5bFCXOvhojYv9MWF06IGA3zuDZ_QPlH8e B5aFmUMkuon9w82pnHhUz4yDLhwE9f25cuZlT_JiAHzxpGnLkn7AqgCXspo92xYY=-G28AAOS5YWtGDImZIkOGjs03lKJTDthrZe3zyL8D8MFtCB6_4AikryNtY3Rpi3N7cAakng_yOd377GrqP5d4k 4OF0VzTuIpQWMiLtTR2uq QYMM-e

http://www.newclearchuckle.com/FOndIPlf9FWaHRiCcuzrvJzcPqo5ZB9UyWH5RJ5LqINMMHkB7cAD2g fg6vhXgpveooqVwxQ_KSCraUWiDq5PeVoU3_r4q7FHBs 33vaszSlEEQe40KQ9e_9wFoAmkBCG02v1h hQphmk3asxHZh94MpnL0VIZ_ENe7zdWQIjoD sc7Slrpl4VGkjaAlFTDFqcEee34i1Fkzh2Av9WET0GUZjmiib6DoB22fk_IFtu7K4xFEM_3CdiKPDBE9LCYeQz51uMeMsmsLieu8taCZRzkGMzzg4e3Hn7JittA2FXHOGct5ylW3 SaD_XhMRgLcHDF1CeiEuIhg98ELXqWEBPYkB30k1VsrKK2sGnr_f1eM_Scdjd5fsM9tWfd5KaRGUifhV5K5 CZpAkMVOEyQJ5suCtx6xO6kPrrJXsXKzLzlR9sb9x1ves8jQH0ZqVWvj5 vhu7LpP6gWRiqdij6jeCnWYoxWvS5xrmXt HaTIhsgHihd90=-G28AAOS5YWtGDImZIkOGjs03lKJTDthrZe3zyL8D8MFtCB6_4AikryNtY3Rpi3N7cAakng_yOd377GrqP5d4k 4OF0VzTuIpQWMiLtTR2uq QYMM-e

http://www.newclearchuckle.com/NCa9O_rlTgcguL6O0vNPabfp 8X9GitJ4yc0SJajiEfUtkuoxqIl9tUp3y03FvEHUGrqUSWhhV y6qRN6L2G OcbmKHekJEuez0HR79H4ucT_jif4dOj 8lOGE7rHBhpi4eHtIxS1eil5YTpPt11pmh368KLdYuALG99UpJNx56z1VCkRnZXFA6c063ygPfNG8e8gRBFB 2nx vrdYtKZqHz4Kxlsk969mpNVW62qaNOmqLxsV Pa9fhUpe2Mu6OB4MCXqDWiKJJ7pKrxnBtSKial1prT2Mg7E2gbbOHtVrPfWEeDV8Es2lHziMjQhVlYqN9EADHhBmCLadDIFHk1dC9BuI1HkiLE4VbrEv8APaQtzRvjCIzlJOfCq7MUvwu w81YMkAwfL1aeo59 _UhEPHs3rcZEcpP7vqpJ0vlgo64IgDlOpkTrDx7z5g_KO3LdMIaLuPuQ9Qc_51aVZlJx6sn7QbcpUUDayxsg9 X_c9pCvGfw=-G28AAOS5YWtGDImZIkOGjs03lKJTDthrZe3zyL8D8MFtCB6_4AikryNtY3Rpi3N7cAakng_yOd377GrqP5d4k 4OF0VzTuIpQWMiLtTR2uq QYMM-e

http://www.newclearchuckle.com/EYE1l_ornuG9XfSWZBQ1KcHvhKgC VGegW4sPHEv3qaRoWOJ2j8_xCv1tcsJNYNiFotKCg2p6Dg4ENLxOCu3uiXJmtgWnhsHWn2bn2fuioF6NtgkOqNIroXqB_yPysWBYOJstL AH Cru_NjVRdf1QGhLH7F9CdmXNk DK0oqEougfTg4hDV2ld72xJ_mNIR _uTPIAP0uit GBgscBrGc5a14mW1Ok4H7ns25ObRhPY5xM8Jo5UPAMvjR9sQkLnFpEL5fjqbXPtDUcT_39y2QBwF_ivAcqQVzR6hX4x0ZXMdUuy VA_e2FYbXUOC1DSCYRkJmLfH0EbCpYTyryunABhGSIzlUuoOGx27Ut5xPfljI7pu3FLFzacf7_VfM16TFkAUah090UGx7TlCha85wAqk0tQkZcd1slcIFiC1mm 78DZMSfBNIBaOZJgRGHJ4Pc_PZF7D_mfvVW15Yo5lY_8m3CLlx7 t3AdigMRlIkQkwtcKWU=-G28AAOS5YWtGDImZIkOGjs03lKJTDthrZe3zyL8D8MFtCB6_4AikryNtY3Rpi3N7cAakng_yOd377GrqP5d4k 4OF0VzTuIpQWMiLtTR2uq QYMM-e

http://www.newclearchuckle.com/_Zy1SLF_Q6scgmfwSpVEMiCPF7a6ZPC4MTQEQajP hCoI8ozMM6NV X PGfFDYt8k3ZI9ycG4lfDPf1nB216I7i I93yipvaEWY7GnHer_iQf6L94vaXBZCKfNKN7IezVpQlQSU4bHVxLKUBw0GCvp2Rfow8ROKqeniQyYyZ0f7L814Y hLfSIQbxUPBYTXmEvayydWNysq8Rb91GCICpo cBTRZFoMnEAuYnyCnoXIO3uZYsPUrDlc0eO4qWrNVxxTegNP8Oj7m5Yk0BhwNmfyt0cKHFQbpR6Mn0YLQrQV8NZE0S ZRREUBZ4OEEG2NGN2ylwAXMfnFMZXNgwSX erJc69qmIsn6ye5d574ZFlO7cCfrsvxK9DKHe3REjfMKsw7PepWLqBCxvPBBep j4 TyYf 0WfPP1uf6Pv_pgEalv4JrNlR02P_s8JxOpo03hfvbCzFc8BerYISJItHcyb W2qirh 6rRbMnFQUbWUtf5av0FE=-G28AAOS5YWtGDImZIkOGjs03lKJTDthrZe3zyL8D8MFtCB6_4AikryNtY3Rpi3N7cAakng_yOd377GrqP5d4k 4OF0VzTuIpQWMiLtTR2uq QYMM-e

http://www.newclearchuckle.com/6xt_ZwoKVgcU8yHCT5 xDHXcZivdWfOW814xo f9LEzJFZoYnnMwQyfyuEzqoKTQruJbVcUYkndRw50sPM38AgMCkcw4lgtbb33MehNLgrNaL9Pp6rUq8QYeUKe 2A7WfUS_mDhqZrxCuwXo9HkEOpaQYsLvFsgKKETy0fuY e1H18_gYBAmOxD7Gb39FYkgCLeGSMcWRxyq4g79IsmJ8OApC O4rkxHDloID4ga4mg1_FXuymh2V9UROatyBwwKxgqWjY9p4DKh1jsGxg9zcRQttCtjW6_FlqE7QsLAgosWr6B3trjCTl7Q8N8VuL0QXXAp9lvy572oB6frlSjlFqCA7KlAcaxN3Jag8ZRpN5aRo7lCjM1mIMRClC5Ew_2hVNoYiVgaALwFAxn5cxXMiyEo dvjtQPMhN_AQkqSjd0rw_dBSR8X_zrogn3pvYhi8HFvLWjvTK Mht mwM fSKLzE1V13ao8q_UFmrqlMVeQHLSDd5Y=-G28AAOS5YWtGDImZIkOGjs03lKJTDthrZe3zyL8D8MFtCB6_4AikryNtY3Rpi3N7cAakng_yOd377GrqP5d4k 4OF0VzTuIpQWMiLtTR2uq QYMM-e

http://www.newclearchuckle.com/bxlwPWJnD7govoRTIPR151_OFWm_TacATsFuzv5b9YoZReIPy2f5gdlhGktBFF9E07W85bLolgK_uBmsSU6sm9CLHF8XAdJ97kHYpyciEixlbFI nEnud3FCgQOhfmf1mK8ys_HrjT4yFpXWkspBigUgcU0EFELo5oB2_N3Hii_1eEFXmS2To4yfnMpN bIAmq7szb63BJnXyApb9lTMD h gGpN4ZF0HZU1WbJmQqgnGikOqNPZiMfixn5AjLc3kBYSCfbMWawC6gW1z3jegjJCW07qeLPgYuEvKVZRIFJ7mb6jJYlyVDViSRwPfJIZfJd9GODYvp2K4R4sNqCI8JBhytBEZLxXAxjMygm3t31eXKdqAMrtnG5yvVODqgP_LpRKVjm3nOuQDkY4VWUsvcA6uypqI7TQWmNa7TxKfbmeULh2n2GzLR7HY26V5rv5TngN7ynOcDJqrp4zMVpUYKyn4ih6litIVnzpKAfQ6ucHAwxgRfI=-G28AAOS5YWtGDImZIkOGjs03lKJTDthrZe3zyL8D8MFtCB6_4AikryNtY3Rpi3N7cAakng_yOd377GrqP5d4k 4OF0VzTuIpQWMiLtTR2uq QYMM-e

Remove minecraft.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.