minecraft.exe

Internet

Alpha Apps (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application minecraft.exe, “Internet Setup ” by Alpha Apps (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download Minecraft but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Alpha Apps (Fried Cookie Ltd.)  (signed and verified)

Product:
Internet

Description:
Internet Setup

MD5:
95ccb252670d29810550ef8ce6dbbfe2

SHA-1:
05de344f5a1e71851c3f829decddb2783d8168cd

SHA-256:
3c3c8f5fc3238c75f3d136a7b40848431af4bb30e994a7740e1fbbe69744089e

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 8:19:21 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.FC (M)
16.11.20.9

File size:
754.6 KB (772,672 bytes)

Product version:
5.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\minecraft.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/16/2014 7:17:05 AM

Valid to:
12/17/2015 7:17:05 AM

Subject:
CN=Alpha Apps (Fried Cookie Ltd.), O=Alpha Apps (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112116F755147494667BE08D39682946E152

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:mvkL2p0SPUSNCCYMWMtLVBGG9uWTiH5l5dnhOMBa3rV5ZKltNshfyjM9SUQYGtba:mK2RULJMFDXsmMBijKl8Kjgn/

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8793

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file minecraft.exe has been seen being distributed by the following URL.

http://cdn.captaindownloadfiles.com/?data=XA9QA90ewdNvfjxniIE GBILCliLyRuVD7s2eWomRyMMIAKnhHA1zRySq2mRByAODkVEOdtmYWnAgqr NBXKm72O9Q0CG3 Iyn61OIjfhILpQS2SQf5 QzKWWUX TnVDnIc740WK/zCx8WLKH2NoCoTYmMTR4 wd8nl0YE5Ls wVXrjbcoy/VI1rc74e2FEAIrnBRfCN2zSqJhyKlDHaYZ4ckkdPuyatrf/8SWyEfrtKpffKtwmEyu9dWUJOqslvElofafRQCpj8lmyXQqbcUk0660KnvfWGBffaHR8I2fbQCTgSL9zMXxQOUxRUKoWqpBNiQI78dsE LpEXKqhwrwUEtBskg9cQmiahW3c cvIpQ2Mjt314BoxGbe2L5pYTh1htP3xi28J42mxHwISmAwD6ABj8S2Tr4d0jNbn6HwhBNwRIJeRnk8/b3DHwrD0uZM9NG8pwJ5wmmxPKeYDxJefHz87hUfUJOA9nEf5Yk0SUAZp7zrOO1hnKXISl8Mx5aLX2sNkEu6I5W vFMjYPJRbJdEUBnoW/crhoCFOp4PNouclXxlYTHfYu0pcp4cGqX/rnAXJGDj4HcEInAEA5mt/ky3cXOZJQ/q1rXBpbbd fE4wdDw736/8vBmqB4zB0hkKmqiRHxsgcGk4sEQlZHy4DQwG3/n8zjt lCqenoeo5 hxOjCopOTEVw7Ns S1cHIOeGwtayaePvKVAzCtyx4NcF4aDJvsTisNCfyR V90fjZdPWSiMj9B URsmpKMEYWFAf9e9kTj SYhoCwhazYX5H1tFqK1Ci5scpMwSnPf8dT7Up1bGRhHu0YsyuxznwnATbx3lMj3ZhIqpqusthZZ3RqQoZtq73Z31VkR1iTtny86g5ZuU0xCXPzgGeXnHi90EoeZTx1P29kU3IkwFzCrLwR/.../BdwmrtJfyKoGQIx9EJp

Remove minecraft.exe - Powered by Reason Core Security