» minecraft.exe
Overview
Analysis
File Details
Downloads (7)

minecraft.exe

Gulusul

SpeedyPrompt (Fried Cookie Ltd)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application minecraft.exe, “Gulusul Setup ” by SpeedyPrompt (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download Minecraft but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.

File name:

minecraft.exe

Publisher:

SpeedyPrompt (Fried Cookie Ltd) (signed and verified)

Product:

Gulusul

Description:

Gulusul Setup

Version:

1.2.2.6

MD5:

3f613cf211a09dbad41e2c8d556343dc

SHA-1:

005e2ab7125ca9c7260b4794188205f6dd438ad2

SHA-256:

74f2989e437803fcdcc4fc952342698d7f99ba69257b15a499cf092876082289

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

1/6/2025 11:26:53 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.FC.Installer (M)

16.5.19.4

File size:

1002.1 KB (1,026,120 bytes)

Product version:

2.6.3

Lite Program

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\minecraft.exe

Digital Signature

Signed by:

SpeedyPrompt (Fried Cookie Ltd)

Authority:

GlobalSign nv-sa

Valid from:

12/17/2015 3:03:52 PM

Valid to:

5/20/2016 6:07:50 PM

Subject:

CN=SpeedyPrompt (Fried Cookie Ltd), O=SpeedyPrompt (Fried Cookie Ltd), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121D77437A5B286B055B435AA59CB4BA265

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:9QiZ4Cee716maCIJPMWb2L5z7NuvJKKJDQ76Yafb:99R6iIu2c5z7Nuv82DQ76Y6

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file minecraft.exe has been seen being distributed by the following 7 URLs.

http://www.vaulthostinglaboratory.com/c?x=VzxtsNKnHJD240Q4SP9lMS6Qg5XsRVBU0VLyG5QPZVc=&c=KHakBQQtqFi sL/DahWgEH3bYx0vpF MGwRUMbCtBQ7j6Tnvj2 riYJ7gZ4tdbfBaTBhpCYKVHEMAUEO2Rf8ICyIENg/5ySOxBnASlUzmCPMOX5JXraF2C5ElpqsrE F Su7c8AMvv282WJC3o3JK1kl0b/xnQzh6g8pI7fXAEg=&e=0&fallback_url=https://secure.inndl.com/.../minecraft.exe

http://www.vaulthostinglaboratory.com/c?x=PyaocE7UEQ6Og8ARq0bzjOpXOfHR/w Osq3P4kp0Ukw=&c=UBn56hRLT9vhAdJCBLMnM8eQr vwSVTDMAVl57uFwlfmj2IqVasAWA/1qfhIIghJX625EIkoRZnEx 5dS jHaI1Mr8df 5WcabK OtcH4/mdw/vwP9bJkVtExslc10huAkG8/ Eqep2zThWqA6YSwW7RqND/RF0pWoOXm5DLlAk=&e=0&fallback_url=https://secure.inndl.com/.../minecraft.exe

http://www.vaulthostinglaboratory.com/c?x=zYZBcWoxQaMK/zrXPgEgubcaPfmenBTG4uwzznGYD6I=&c=D RAuQf2ISSxMc F3XsEI9UhrVkHlaMJjV3keoJo2zUaqBt0uLlM1q6ypa7zorx2KYd4Uw1TtmADJbuMfoF/VEi7H5I3cQRa m5QW8e2pi53XFn58E/okQagMVQjyTwEVBusFkei jNQbUzrApOE4KO0cWemoZKYg8lNLC8F4gn8XwA3UazlBGEfVxR1k8Wr&e=0&fallback_url=https://secure.inndl.com/.../minecraft.exe

http://www.vaulthostinglaboratory.com/c?x=IpQr4M/T8FAwKXa2XXoEKV4X7h2KnwYwH3N19Ergf3g=&c=2ZOE37dbohsLiipKwqg94z Y2watMbSLKwWBH6oZgEtRqYxcR4v5jkrZQ8BxndHEbKpE8ICjS6qnHok151a1wLY9pR7e9cqruYexcGrX/rYubsD69WnPQlZKFTm9CIGTMITLRRecEgqvqz4V7t24HkznyNxyoaC7qaUjus/mEfw=&e=0&fallback_url=https://secure.inndl.com/.../minecraft.exe

http://www.vaulthostinglaboratory.com/c?x=aBz232APwRGO3IObFKGtbL6zIYvR0bgEnUgWPH Vd8I=&c=AQo8Dq4No9fYIv26UvYAQKRu0oI2UtDGJpt2ElFRGWCaVOKrEBZvTr99uqvXwKHwh8ik9aMsX7UTVRRKnt0pJ6MBpKZs0qtL27Pi wRRcK38JqXD 7zOxtd9WppAratfVt3quXHZfvXideRKjdmdYOBwYVyJunWIViPDhka0xlSEbNebvzz/cc5EdrDkhNop&e=0&fallback_url=https://secure.inndl.com/.../minecraft.exe

http://www.vaulthostinglaboratory.com/c?x=IU9 zEocPX3pXL1OgAshs0NQw1 wI1DTm0L/AoBt1FM=&c=Ie3OqGaCwXCMRGKPDhWmwW9pk/Z9CkpuyKv92E8T3DkEcHPQyDS6PSw2RpqlDPBjBYMxR89G siBzSV4SO213IZI4SEEQZkGi1l4je6wWHO7kUAsPuy0QBfJvkIsoAOvjLDR4om667YrGfgtYFImtfnRsGfL9dWIxilwOebzihDt4sw60jfvGBYX/YtBkoY2&e=0&fallback_url=https://secure.inndl.com/.../minecraft.exe

http://www.vaulthostinglaboratory.com/c?x=2P0kI HzGkT/3JoUJBeFhHo0XOWhdUvcm6cOJ0Ed8eA=&c=y4 /xApXnmwBh/kT3ktkXlHlS/GX7rIKFixNdrkhU6ljc4GDnIUzQQVDO9IZuRKCiG1Ht7bcrt5H2Y7S1rAgYiMOSDSj23g4 uVxc6Zdb0o7Q1qIPsLJ5TKO94TEkjXCGN7ZV0taWo0zBjedDs/L18nGtHmz8xymMJ39ijBUHbk=&e=0&fallback_url=https://secure.inndl.com/.../minecraft.exe

Remove minecraft.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.