webinstaller_minecraft_1_11_2.exe

Puc

Delivery Agile (New Media Holdings Ltd.)

The application webinstaller_minecraft_1_11_2.exe, “Puc Setup ” by Delivery Agile (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download Minecraft but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:

Product:
Puc

Description:
Puc Setup

MD5:
a018f1f24a753ee1ea3b92ade00c03d7

SHA-1:
198eb4715352b3f2cc45168684251ceaadfac912

SHA-256:
1cde39eed3333518568ebdb02e62f1e08f015b276f86c555ba5901e5c292ec6f

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
9/20/2019 3:54:01 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH (M)
17.3.16.8

File size:
1.2 MB (1,264,848 bytes)

Product version:
4.8

Copyright:
Stub

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\webinstaller_minecraft_1_11_2.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
3/16/2016 11:47:30 AM

Valid to:
6/18/2017 6:14:29 AM

Subject:
CN=Delivery Agile (New Media Holdings Ltd.), O=Delivery Agile (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D2188E56150B0ED72DDE70353642C28B

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file webinstaller_minecraft_1_11_2.exe has been seen being distributed by the following URL.

http://www.newfilestown.com/dH9JwVzSmhLNQfCePbG0PSLzC5PAf6EPfZXgU7I_OAbGOlDehGWTFX5K05RqgkiHmqJb4IjvhOClSQhF NVucpRvdQzvDMwscM8YzfWT2SCeH3tX6uhsx8SaTzLNUT_bYH_EfrNzfHyVgE650aHxBR0vEWQ4WYaKr hsXjGd1tsdnfv5rXX199XvvhGruLdUZR20wcjgW1U6wjqVKf H8vFunFvx9Y7vinLWq5AaxFSjFghfK6MyICQ8pt_tvfEuvYqDraLWbgol5_aH_U4K0xefB5t9_W723HYgvlXgetB8PCtn22zKO0sAuirnnm7Lnrc4zzBNbcuY008L7m7Ska58LTj4MCt_FZJ_VltZ9fD3XP8eQ v8OA8KPWXle0x2vwecaCnQX3cguH2GK5e3vUVu0sAeYdT rPcqRehhMKgdMx_d7EdnVKIdvKERKA80iqvyrEjhJNirITeHIxeuP7FublRwDsRL5Rhf9PfG8wYkI0ciczOjaG_1ylrwv79sdW6yuYRWO6LqqmwFtv 2OFY3QxV0vHZiWbkTghf0jdkoo9ixfzk59AfRGCGP dBStY8W6N5Ek0_pefcDDte34nTrN c_RRUEZoZdDqHkdvwobzUPYiiFwGQ381s5zzh5FINd3t06Ln7qzzMYCELy1c_gXm8_ochfs37ejmnZJH0MM0h01hjHODFnDyCgBVY3cOM qlNlq7GgjkogPLvT9rAsre2ZYxqu7Zv oRcwORYXJNpGsYQqVfaIeCSLEhenV7wmmYh3jbpqQHK8mrv2A83DgMbM5XpsYq5cZWrkMgfRaiDaP_uifCjQTI3imB3K1JH_rT1ATCpdbw kV1xYmTKI5 gRjxX Pcx_YqTf689FurgxIyr_9yJ5wq6 fIRCRj7tYfdUOnpT2OTxTvo0OFLHY8qRxkYs4C234Ul8KvDynx MFP1O5hv87d wLzsjVXUHMKdR44j_

Remove webinstaller_minecraft_1_11_2.exe - Powered by Reason Core Security