home

minecraft-1.9.exe

Mala

Bibado Investments S.L.

The application minecraft-1.9.exe, “Mala Setup ” by Bibado Investments S.L has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Bibado Downloader installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download Minecraft but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Bibado Investments S.L.  (signed and verified)

Product:
Mala

Description:
Mala Setup

Version:
1.6.2.4

MD5:
41d21ae766a060da45b162be9c74fff0

SHA-1:
e4f0d1f2781ba7792f044c6d254347838c6b0afa

SHA-256:
31a2c1d32da3552a5e3077b54dc8ca4d3b812f0d39e95fa180a5a52cf426b169

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/27/2024 3:45:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.2.11.10

File size:
1.2 MB (1,253,064 bytes)

Product version:
4.6

Copyright:
Stub fast

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Bibado Downloader (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\minecraft-1.9.exe

Digital Signature
Signed by:
Bibado Investments S.L.

Authority:
GlobalSign nv-sa

Valid from:
12/17/2015 6:45:47 AM

Valid to:
10/10/2016 7:59:18 AM

Subject:
CN=Bibado Investments S.L., O=Bibado Investments S.L., L=Alcorcon, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C7CDCA8256DFB1BF27E11C9CC97F08E3

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.8922

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file minecraft-1.9.exe has been seen being distributed by the following URL.

http://www.vaultsfarmhosting.com/w LTD3Sx2q37Xu0Rk59uX8SwBzrVddUWcjzuIESWLNHcmLpi1saIw rV QDRnWgPIXQ3dU RlL Zd06xsCnGeN2tXAxYsishFSAIiNsY44r6bfoX_ZqWp_yuvf_EiIQ3yK_kpoAZiBue8e0lHsRFaQHkbCCGzBHtpkbWF9uNlwgFiN0lCS5wUAsU1_xIXq0Jy_Xsi_lo-GwEDAGTQTWocOIEGvdcgYotZ60gKMJED9rYYYj6JvTcOPFlj5GcRmEu9Pdpbt1fbbcV7pkOtbaDflI8arOkC77QX5zYkl8PgKEk1rbQwt7BwfS6OFisVGEi8fHU703DcpTW6igY1nCgCvJVfhFSjNrQD_AQ5hOL2js48ESwvIknAVpQobA1zzaTcTJxX wBiAWK9fnMvapiMcFbd_eXeZ5TgLw8fP_kLyVGvvoA_eYstjaMVMhe nbLIe_kBTGOSuCDI9sv1bvYzZn f2b0Onov0edcGClb704RGQ1h0f8RqpATYwb2JR2XgBcHzofAY4x2XbqDDGXDFP_x5YgpF0v73Yw2MJqRP8LLajHsLwYdFTBIF8GsbU4NZw_2TauEpFgSJ3zNWeqKPkXht5jrr6SaG6y4jfd4vw4XFVF9NHsgsOHK4bhO2Dt9vdGti GAt7X0xk1iVP95MVZR9k6QX3i66aypqU0FjSZ1IGoHoWY CEJSrsXWvfQfm3Mq nVDSQRwBttjr 3E1BS8lGJxloT2uWricaMfJ636Y402 4LC6R8dXt8bl7NIWRRbIc8 gFpUIFIAbuBu j8E0UzdHzXC0yZOohKfnhP4aGo1t8Y5_jtrsJKZ0wfn6pkCzios6L9pHq1dHYWKvW4sO WpoNzOS8nMvOAYQInDgDtNcqD2Rk8SH_XyJSNe5reFOBOA_PxUcQah4nBtgb9l9t7rn6dc0QdBrnaE6wrOubcRWWVa8RdpqqvVsFybtzc2Ph7

Remove minecraft-1.9.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.