minecraft.exe

Minecraft Launcher

The executable minecraft.exe has been detected as malware by 3 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s7694.chomikuj.pl and multiple other hosts. While running, it connects to the Internet address 209-99-40-219.fwd.datafoundry.com on port 80 using the HTTP protocol.
Product:
Minecraft Launcher

Version:
1.0.0.0

MD5:
60ac980157bf306b4eddaf56f4c70069

SHA-1:
ddee1ff03a02b7f60983a0c5c6c75f35d7d6b058

SHA-256:
0db070d0d633d62973d6de3c88812691ab23c05cf39c0d1d602e63fcd2ef6076

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
12/27/2024 4:32:16 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.DownLoader17.46528
9.0.1.0317

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.1126

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1077

File size:
780 KB (798,720 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
Launcher.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

File PE Metadata
Compilation timestamp:
11/11/2015 9:28:26 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:Uh4uYhu6K3yO//Dm1LDk/fQnrjw91/////FF//////q//X////////E/m/t/XS/3:C4uRf3JgiQnr9RW9AL4uRf3JgiQnr9R

Entry address:
0x69B3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
415 KB (424,960 bytes)

The file minecraft.exe has been seen being distributed by the following 9 URLs.

http://s7694.chomikuj.pl/File.aspx?e=RjdO4BXm7zDudN3Lwbp97ibU5OE5lUqaRL5kwuqI--rqJHvGqmQXW31OtvpbwyMYdpr5nqq5txlMpaV1vor6rELDHRiAOeOV4tmJ08KFuWvvzd60LuzKsUzqzCqjKBFptQaKrShnX8_tpk_zc8sUVQ&pv=2

http://s7694.chomikuj.pl/File.aspx?e=RjdO4BXm7zDudN3Lwbp97ibU5OE5lUqaRL5kwuqI--pP1sYePaMjOICPUNSyf2A9k8f3nonh6XXs3ANeFPcvSuJE-KXYfFs6Tmx27GmbU-JKJ1EmWjpI4VxZB08fr_gOALbTh9XTj9KdaCOQW_s3Xw&pv=2

http://s7694.chomikuj.pl/File.aspx?e=RjdO4BXm7zDudN3Lwbp97ibU5OE5lUqaRL5kwuqI--oVvCG5z8-fgjN9nmCxSlw6p45_C0JztyDVbWjd5oo9UBAB3LJCw9cGm6KMGEeTOV6PIDnEtMEZlJ-Hp_G6tnqz4Xqk6MuIUNLhmG4bjNx0nQ&pv=2

http://s7694.chomikuj.pl/File.aspx?e=RjdO4BXm7zDudN3Lwbp97ibU5OE5lUqaRL5kwuqI--qsJxt5MUT53hwqjsh8U017zYKehdT_JiaG5m0foie_KzzY-Rajy0kQpf1JOrL-KFKDoQPiUyOEfOopZaerFiPxjYT7Br8pB42UbpMz_PZ3VA&pv=2

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 209-99-40-219.fwd.datafoundry.com  (209.99.40.219:80)

Remove minecraft.exe - Powered by Reason Core Security