minecraft.exe

App Downloader

The executable minecraft.exe has been detected as malware by 24 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from s3.amazonaws.com and multiple other hosts.
Product:
App Downloader

Version:
1.0

MD5:
071931da1bced57307e2eb3489cb5756

SHA-1:
1b82a2280b6363fb6f4f1ed6ac9ce4eb90b5ef2d

SHA-256:
eda7eaaea6c124f21fb1eb7a0567b840e9a0e3919a91b15616c88df2a23dcbd7

Scanner detections:
24 / 68

Status:
Malware

Analysis date:
12/25/2024 12:17:05 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.GM.0100050082
897

Agnitum Outpost
Trojan.Agent
7.1.1

Avira AntiVirus
TR/Spy.829440.21
7.11.162.136

avast!
Win32:Malware-gen
2014.9-140821

AVG
Downloader.Generic13
2015.0.3375

Baidu Antivirus
Trojan.Win32.Adload
4.0.3.14821

Bitdefender
Gen:Trojan.Heur.GM.0100050082
1.0.20.1165

Bkav FE
HW32.CDB
1.3.0.4959

Comodo Security
UnclassifiedMalware
18880

Emsisoft Anti-Malware
Gen:Trojan.Heur.GM.0100050082
8.14.08.21.10

ESET NOD32
Win32/TrojanDownloader.Adload.NLL
8.10115

Fortinet FortiGate
W32/Adload.NLL!tr.dldr
8/21/2014

F-Secure
Gen:Trojan.Heur.GM.0100050082
11.2014-21-08_5

G Data
Gen:Trojan.Heur.GM.0100050082
14.8.24

IKARUS anti.virus
Trojan.Win32.Spy
t3scan.1.6.1.0

K7 AntiVirus
Trojan-Downloader
13.180.12763

McAfee
Artemis!071931DA1BCE
5600.7031

MicroWorld eScan
Gen:Trojan.Heur.GM.0100050082
15.0.0.699

NANO AntiVirus
Trojan.Win32.Adload.dbfwvm
0.28.2.60881

Norman
Suspicious_Gen4.FETQM
11.20140821

Qihoo 360 Security
Win32/Trojan.Spy.2c4
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.30.13

Sophos
Mal/Generic-S
4.98

VIPRE Antivirus
Trojan.Win32.Generic
31364

File size:
810 KB (829,486 bytes)

Product version:
1.0a

Original file name:
App Downloader

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\downloads\minecraft.exe

File PE Metadata
Compilation timestamp:
7/17/2013 3:39:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:6Fxj9pg6T69JpYQI3D9JBtnWDD3Sq7N2NexK6lM:6Fh9pgtJp63DhlCS+Q8Y6lM

Entry address:
0x25A206

Entry point:
60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10...
 
[+]

Packer / compiler:
ASPack v1.08.04

Code size:
1.4 MB (1,417,216 bytes)

The file minecraft.exe has been seen being distributed by the following 3 URLs.

https://s3.amazonaws.com/MinecraftDownload/.../Minecraft.exe

Remove minecraft.exe - Powered by Reason Core Security