minecraft-es.exe

Setup Manager

HUSREN S. A.

The application minecraft-es.exe by HUSREN S. A has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from offersrepo.com.
Publisher:
HUSREN S. A.  (signed and verified)

Product:
Setup Manager

Version:
2.7.12.418

MD5:
f151c36f49c4199ce526e0dc7016236a

SHA-1:
506e54d39812d4fb57059fca5231e1b562edbd46

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 3:07:00 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Colooader
7.1.1

Avira AntiVirus
ADWARE/Colooader.258360
8.3.2.2

AVG
Downloader
2017.0.2842

Bkav FE
W32.HfsAdware
1.3.0.7237

Comodo Security
ApplicUnwnt
23337

ESET NOD32
MSIL/Adware.Colooader (variant)
10.12346

K7 AntiVirus
Adware
13.210.17406

McAfee
Artemis!F151C36F49C4
5600.6498

Panda Antivirus
PUP/iLivid
16.02.06.09

VIPRE Antivirus
Colooader
44230

File size:
252.3 KB (258,392 bytes)

Product version:
2.7.12.418

Copyright:
Copyright © 2013-2014

Original file name:
i2Dyn.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\minecraft-es.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/4/2014 2:00:00 AM

Valid to:
7/5/2015 1:59:59 AM

Subject:
CN=HUSREN S. A., O=HUSREN S. A., STREET=COLONIA 810 APTO: 502, L=MONTEVIDEO, S=MONTEVIDEO, PostalCode=11000, C=UY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
567CC889F234095C2B6877B8E8C3A484

File PE Metadata
Compilation timestamp:
12/10/2014 9:02:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:IUPqYM2ffbAExJ94Ed3af16uxAWse7HYVNh0BKTiTvB+gKtJiCttN9nJFDO/4Rdy:3JffbAExcE4fXxAWsebYVNh0BKTiTvUW

Entry address:
0x3A17E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
224.5 KB (229,888 bytes)

The file minecraft-es.exe has been seen being distributed by the following URL.

Remove minecraft-es.exe - Powered by Reason Core Security