minecraft.exe

Internet

Alpha Apps (Fried Cookie Ltd.)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application minecraft.exe, “Internet Setup ” by Alpha Apps (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. With this installer, users are expecting to download Minecraft but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Alpha Apps (Fried Cookie Ltd.)  (signed and verified)

Product:
Internet

Description:
Internet Setup

MD5:
92865337e0af535f1ce8fe02b316356e

SHA-1:
15f49c05ff310b72a0c7b404f59f2d14843dba32

SHA-256:
391adf395d5b627cbee09039f146be8c3926ba9054f943709ed0784128b332de

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 8:22:17 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.FC (M)
17.1.18.19

File size:
754.6 KB (772,672 bytes)

Product version:
5.5

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\minecraft.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/16/2014 6:17:05 AM

Valid to:
12/17/2015 6:17:05 AM

Subject:
CN=Alpha Apps (Fried Cookie Ltd.), O=Alpha Apps (Fried Cookie Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112116F755147494667BE08D39682946E152

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8793

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file minecraft.exe has been seen being distributed by the following URL.

http://cdn.captaindownloadfiles.com/?data=q22xQwEjfDawPYfbDv mr4Y/EG9Hsa FHmB42gxHkaK3X1AvS/C7VI1tsgIuGGrEm0K1A6RTqQhkTI/RxVRL0bEC2h9tv0y9tNSH6d3/KEcN56fJKA33/vY1hkd2cAi5AhonLQ2SsAiNIzEhK20b2 MaqAKCeAYpu6ySV3D653IKuMnUWVc IhY S4dyH9pr4jeMujWdb27y9vKjXQlCqsqo9eh5iv6ZZUAz8kSJYAM0oGr7R1GC beFM93sDF6RO8NpuRAVcTj5V7aDit3Eu1fG1gxnTEQcWpTFQ7/iUpbBi RU95V1NBwnDSoAtNVnKMYshE45Z8YEUtm5RoSc0OA8XU2dqxReeIepNM/mP scUqKe8kqcV1fQ7VpfS/WII glNwTXZbAGwcMz5EJMk3AJxDNVLf6p7f0 e32VKYQ7U/ohIpBadLWOSnzMTnkhGIBUwqAtLkdL4PvZNGZ8TCCY8lhBuoBRtJD5HdNSF5fQOW Rr2JwrWBt1427yvAJwoTkjv9hHiF aLVp807fDZUuYtRpNEfYl6TJU5 SNtnSUDMNR1q86yEI9UdEzqLNWuaTsSFyko6cF8Bb5VzRH0FHUF/zl32Vj7o0d4v/CqoZpW/B9x7oWXAe0AagrxcJYUyC6HboJO1vBQFVs4eV7wNupHImDGjKOBsqc4n42ZUjvUZ8/sb4AqlOBKiu7bwSQLp4kp3CckUfrVJF2fO Za50WTv569o7cXu5z08Axf8S 86lljUd9oBMaQRJdsXbD5p8pUTbo07HgXp/.../

Remove minecraft.exe - Powered by Reason Core Security