installer_minecraft_1_10_2_4098476802.exe

Kutikud

FunnelOpti (Alpha Criteria Ltd.)

The application installer_minecraft_1_10_2_4098476802.exe, “Kutikud Setup ” by FunnelOpti (Alpha Criteria) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The installer is marketed through download protals and search ads as Minecraft but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Beremiled   (signed by FunnelOpti (Alpha Criteria Ltd.))

Product:
Kutikud

Description:
Kutikud Setup

MD5:
d21ab1d165340437be726bdfdbb88569

SHA-1:
97f56051127d30cb7d70e31f02a1950c34805172

SHA-256:
bf2408242bdfffc5ca2b296bafe29f1e482e55677f1a0a44b9ff64a52bd7b871

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 3:57:19 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.AC (M)
17.3.15.21

File size:
936.2 KB (958,656 bytes)

Product version:
1.8

Copyright:
Wizard Internet

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\installer_minecraft_1_10_2_4098476802.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/16/2015 7:41:21 AM

Valid to:
8/26/2016 10:34:53 AM

Subject:
CN=FunnelOpti (Alpha Criteria Ltd.), O=FunnelOpti (Alpha Criteria Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C57D0836DF0829F54F07ADA2D08AAFCB

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9115

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file installer_minecraft_1_10_2_4098476802.exe has been seen being distributed by the following URL.

http://www.sendchucklebulk.com/rZX34j2nYIRMK1xUtCvElXZpGvUvF7p7TWA7Cfcxn0A_j8gnGagFcMsNP2p5iFvqPDh zWqcYpr0Mr6Zp8bvS S6ruoShebKul2SafdSEcVQNA2y8fijdwor8TFEYVa0fjqEn8UlnBR1FfY gPl2eOtc3OkX7964NHuJBADGq9CAnqnner TqwZYk2A7sRxm1ExU4LrL7oGPOyN0jvJmXrDCHOiyyw8hKz4 LCHByzKGL_ N1OpNhM9O10UN84lAoBl5W2USbJASp 6dOOu131EGalzVCeOx1N7fnj7FknpTqjZxcyY2zNpTqXS81 Kt6MGoU_uaO9vudtgFhr x_NNZw0WgKqrfD5Q3e7TVDok40uxE5Ktb8YGixGeo_r9gVKkXMWPTxBtfKd4 0 diT4DsLxBF2EhnjpsobZmMe9JKEq7eVb217A6xfFajJ_VlqWwRa0mXrSGX 5D5hLqCNboIy7E5eSmdZUSvzyFQH_23k9vbJBckMInO_Nzr3FwV5hiZENrdxMsYt042Yc3nT8Ax1Te6m_gUaSPcpwgxkQcy6q_PEDwPuUHatpVgroL_N57tQWL3fBBeOpYzwj9VfTAWY0D596UE4gXSWAeE4ZUEJQqKIswe8_qJp27FsC850OV1o2uyHpR25Y3cvoFyO4qKICG7ztwEEgU0JXdsxhfUaktYkZB4OkSNjWYeoElzRtJEE0kKVFvloFyt kYA_pqM0PzMdEHZZJqoGgpBPTXXXut6FqWIVIhcztgM1cg0xW1JJ_YBqdb1JgBTzYmOnA0Nqmf5A71C9vo0k2a160Wdd_ls10ccfpO79X8o9pcwo4nWdnOZTJBZvdmGh0C8HjrY4WUnvcnh4wVR1m8LkUfV9Ng01S0vAa90pbFyE8BctTvkaysf0CJ2GTGiIcEaUvss34fAVHA3vu6QO8nnQMBGKtj i0mYExvwGQNdrd_A6Z0wHj2MH

Remove installer_minecraft_1_10_2_4098476802.exe - Powered by Reason Core Security