Minecraft.exe

Minecraft Launcher

The executable Minecraft.exe has been detected as malware by 8 anti-virus scanners. The file has been seen being downloaded from download1897.mediafire.com and multiple other hosts.
Product:
Minecraft Launcher

Version:
1.0.0.0

MD5:
3e9cafcf5f574833c0f33cb5ed6fa391

SHA-1:
e2c8b3957c5db6b8750754c8350c976fd5fea942

SHA-256:
48e3de53438c6ae854adaded57ce0555bb1c0a1f8cdb60fcc065868786fb34c5

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
11/23/2024 10:17:00 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.753440
5747507

Arcabit
Trojan.Kazy.DB7F20
1.0.0.582

Bitdefender
Gen:Variant.Kazy.753440
1.0.20.1460

Emsisoft Anti-Malware
Gen:Variant.Kazy.753440
10.0.0.5366

F-Secure
Gen:Variant.Kazy.753440
5.14.151

G Data
Gen:Variant.Kazy.753440
15.10.25

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.1250

MicroWorld eScan
Gen:Variant.Kazy.753440
16.0.0.876

File size:
774 KB (792,576 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
Minecraft.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
10/19/2015 8:03:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:Th4uYhu6K3yO//Dm1LDk/fQnrjw91/////FF//////q//X////////E/m/t/XS/6:94uRf3JgiQnr9R79c4uRf3JgiQnr9R

Entry address:
0x682BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.9175

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
409 KB (418,816 bytes)

The file Minecraft.exe has been seen being distributed by the following 6 URLs.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-85-173-91.fra6.r.cloudfront.net  (52.85.173.91:80)

TCP (HTTP):
Connects to server-52-85-173-225.fra6.r.cloudfront.net  (52.85.173.225:80)

TCP (HTTP):
Connects to 209-99-40-219.fwd.datafoundry.com  (209.99.40.219:80)

TCP (HTTP):
Connects to a173-223-11-152.deploy.static.akamaitechnologies.com  (173.223.11.152:80)

TCP (HTTP):
Connects to a173-223-11-160.deploy.static.akamaitechnologies.com  (173.223.11.160:80)

Remove Minecraft.exe - Powered by Reason Core Security