» minecraft-installer.exe
Overview
Analysis
File Details
Downloads (1)

minecraft-installer.exe

Boot Compute

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application minecraft-installer.exe, “Software Installer ” by Boot Compute has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Adknowledge Fusion installer. The installer is marketed through download protals and search ads as Minecraft but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

Publisher:

Software Installer (signed by Boot Compute)

Product:

Software Installer

Description:

Software Installer

Version:

2.4.8.1

MD5:

b8f18a9fee7a4f82019e12e5aadf3cd0

SHA-1:

140372c0f80b60ec8a231699cee0eabac8dca714

SHA-256:

76b280acc4d877453480e11cfa5b43698e253e3fe88444326b94182aad970158

Scanner detections:

1 / 68

Status:

Adware

Explanation:

This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

11/14/2024 3:22:24 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Adknowledge.BootComp.Bundler (M)

16.6.8.9

File size:

256.4 KB (262,520 bytes)

Product version:

2.4.8.1

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

English (United States)

Common path:

C:\users\{user}\downloads\minecraft-installer.exe

Digital Signature

Signed by:

Boot Compute

Authority:

COMODO CA Limited

Valid from:

3/23/2014 7:00:00 PM

Valid to:

3/24/2015 6:59:59 PM

Subject:

CN=Boot Compute, O=Boot Compute, STREET="4600 Madison Ave, 10th FL", L=Kansas City, S=Missouri, PostalCode=64112, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

059AEF62ABD7F83178378663E98BDE5C

File PE Metadata

Compilation timestamp:

9/7/2014 12:00:15 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:0pyrNQk552iZVK46YOsrmEDke4HJViL/z37Fj7N1B39wGslrj:Sk2iv6eTDkbJqL3J7HgGsRj

Entry address:

0x13C7F

Entry point:

E8, BE, 05, 00, 00, E9, D7, FC, FF, FF, CC, FF, 25, 54, 61, 41, 00, 68, E9, 3C, 41, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 1C, B0, 41, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, 68, 2A, 38, 41, 00... 
[+]

Entropy:

7.1727

Code size:

81.5 KB (83,456 bytes)

The file minecraft-installer.exe has been seen being distributed by the following URL.

http://freefastsoftware.com/track/install?subid=download minecraft&source=google_minecraft-search-us-download-broad-51303248300&adprovider=google_freefastsoftware.com&gclid=CNienYDgz8ACFQeKaQodQgsAeg&dlink=http://secure.oinstaller7.com/g/.../Minecraft-Installer.exe

Remove minecraft-installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.