home

minecraft provided through getnow.exe

Alpha Installer

LiveSoftAction SRL

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application minecraft provided through getnow.exe by LiveSoftAction SRL has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the SIEN SuperInstall installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from stapi.fastinstallwiz.com.
Publisher:
LiveSoft_Action  (signed by LiveSoftAction SRL)

Product:
Alpha Installer

Version:
9.13.2.1

MD5:
22c635c216d6b18d469137ad8948f244

SHA-1:
90682f56fcc59ca25430c97a53cbbc5c4f8325a4

SHA-256:
309aed4d4fe6275654f1c9b85dcdc2e2dd784eb9e167ead311eaf6e54b962aae

Scanner detections:
13 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
1/13/2025 3:42:58 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
Potentially harmful program Downloader.FVF
2014.0.4311

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.GetNow.DI
22250

Dr.Web
Adware.Iminent.25
9.0.1.05190

ESET NOD32
Win32/GetNow.I potentially unwanted application
7.0.302.0

IKARUS anti.virus
PUA.Getnow
t3scan.1.9.2.0

Malwarebytes
PUP.Optional.BundleInstaller.A
v2015.05.27.10

NANO AntiVirus
Riskware.Win32.Downware.dpuzse
0.30.24.1636

Panda Antivirus
Trj/Genetic.gen
15.05.27.10

Reason Heuristics
PUP.Sien.Bundler
15.5.27.6

Sophos
PUA 'Live Soft Action' (of type Adware)
5.14

VIPRE Antivirus
Threat.4924203
40552

File size:
924.2 KB (946,344 bytes)

Product version:
9.13.2.1

Copyright:
(c) LiveSoft_Action. All rights reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\downloads\minecraft provided through getnow.exe

Digital Signature
Signed by:
LiveSoftAction SRL

Authority:
GlobalSign nv-sa

Valid from:
3/3/2015 5:24:08 PM

Valid to:
3/3/2016 5:24:08 PM

Subject:
CN=LiveSoftAction SRL, O=LiveSoftAction SRL, L=Bucuresti, C=RO

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112115C730891244FB88071FE814148E0E53

File PE Metadata
Compilation timestamp:
3/24/2015 6:06:15 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:JSx6tDRWqV4nSSEuExWXUj+4/+e0bqD/YyUp:RtDRWHSUUq4/+eoqD/f

Entry address:
0x2518D0

Entry point:
60, BE, 00, 30, 58, 00, 8D, BE, 00, E0, E7, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
828 KB (847,872 bytes)

The file minecraft provided through getnow.exe has been seen being distributed by the following URL.

http://stapi.fastinstallwiz.com/api/.../setup.exe

Remove minecraft provided through getnow.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.