icreinstall_minecraftsetup.exe

ADLSoft

The installer utilizes InstallCore which may bundle about 3-4 offers for various ad-supported toolbars, extensions and utilities. The application icreinstall_minecraftsetup.exe by ADLSoft has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download Minecraft but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
ADLSoft  (signed and verified)

MD5:
b72bd300004ae8ecad2539ecb74c8155

SHA-1:
8f06817be331a36f9f70081c9e05e09e0b953ea3

SHA-256:
21f24b281efe56a02936aeb3b0710533897287f94db611ef34f95d8f6b649ef2

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download and install manager which may bundle various potentially unwanted software offers during setup.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 2:20:16 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.3.12.22

File size:
790.2 KB (809,184 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\appdata\local\temp\icreinstall_minecraftsetup.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
6/20/2012 7:00:00 PM

Valid to:
7/25/2014 6:59:59 PM

Subject:
CN=ADLSoft, O=ADLSoft, L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1C7950C7BFF384C5ABB93DD694E588E8

File PE Metadata
Compilation timestamp:
7/2/2001 3:24:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x9386

Entry point:
55, 8B, EC, 6A, FF, 68, 90, A2, 40, 00, 68, 06, 95, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, E4, A0, 40, 00, 59, 83, 0D, 1C, DE, 40, 00, FF, 83, 0D, 20, DE, 40, 00, FF, FF, 15, E0, A0, 40, 00, 8B, 0D, 18, DE, 40, 00, 89, 08, FF, 15, 18, A1, 40, 00, 8B, 0D, 14, DE, 40, 00, 89, 08, A1, E8, A0, 40, 00, 8B, 00, A3, 24, DE, 40, 00, E8, 10, 01, 00, 00, 39, 1D, B0, C9, 40, 00, 75, 0C, 68, 02, 95, 40, 00, FF, 15, EC, A0...
 
[+]

Entropy:
7.8854

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
33.5 KB (34,304 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to os.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdnus.solvefile.com  (207.189.109.121:80)

TCP (HTTP):
Connects to cdneu.webfilescdn.com  (65.254.40.36:80)

Remove icreinstall_minecraftsetup.exe - Powered by Reason Core Security