home

minecraft_game_downloader.exe

Tucokiragu

File Validated

This is the InstallMetrix bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application minecraft_game_downloader.exe, “Tucokiragu Setup ” by File Validated has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the InstallMetrix Software installer. The installer is marketed through download protals and search ads as Minecraft but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
File Validated  (signed and verified)

Product:
Tucokiragu

Description:
Tucokiragu Setup

Version:
5.6.5.6

MD5:
2de5bb2b3c335abfd2cef301cae72baf

SHA-1:
56707bf3496aff7c1319c12ad378a34ad3bf67f4

SHA-256:
d4fc44b3ac56400b4ebd2324fad6ec70d2ef139f400ec6accc8b6679f0b3d40c

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/27/2024 6:40:50 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallMetrix (M)
16.8.10.14

File size:
933.5 KB (955,904 bytes)

Product version:
2.5.6

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallMetrix Software (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\minecraft_game_downloader.exe

Digital Signature
Signed by:
File Validated

Authority:
GlobalSign nv-sa

Valid from:
2/2/2016 4:33:01 AM

Valid to:
2/2/2017 4:33:01 AM

Subject:
CN=File Validated, O=File Validated, L=San Francisco, S=CA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112127B04ABA745F034A3BB2B235BBD0A1E4

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:8+QypRuT+ElDwQuxkwMopm9kMNp8PV0fslvcAb+Hy:8l1T+EldDBo8rNp8PV0fseAz

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9338

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file minecraft_game_downloader.exe has been seen being distributed by the following 11 URLs.

http://www.vaultsconceptsapps.com/8VsUrGaK_YkDiCr_Ik3mtwrntJr8kRcLxVrInqorCOLauv0kMHP1fzGTmd9oOrK_rw8GxtXNMtmb9IrBoyF0W7onuae8scHyqGE_foH3jbP 1dtOR6r7SBRUEB811Q3p_sgvONlcjgQ5Dt_vtbct2Udhg8bsqocnlproAWkJ9UZq5UOhHlBJn0PareyuJZr_OOH8_LJ7rqhG2zeTprK_g2SnpB7oeIluJvQJaXcBEFGcrUYF9jy6wW5fp8SybZUJWUPqqOxegmHTR4G_eNFyE2Qwp1PkG0CtKEIJ8q1521F386PD8mMNzHb2YtnhluZDUKWblA9zG4HBOTKfNo2JwWs3NtqGU56fBGJn_Czz2i5TS1GrQIGzqDEXDQVYrSkqjAQSN20M2__skn4jmLGyW4JIg caOVa_JJ90FLKlTSnDWU0Ntf6RliclKFXan0O gR_n5wpaswClBzM7fL8hYMCF1PnPKETb7S5BDWtA9WMgJe9KZ3QD JYa4n5WDcCzqD3ND_DQF56vPtXSOZEYpG1aPqONaGP4_eju_5hXE2wqVlDmAqmUw Oq2uhowgJw2qztG95R9obvgAtPWDxUslUkd2bIzw==-GyoAAMQuF5svWSAJxQko5rZ1IZLMopDGNg_Ejbt9TzoBxFoOet4HC6tFUQ8=

http://www.vaultsconceptsapps.com/ElZpZ8KqK1ulHLAZhM1WYmIxhjPKwffYE 3k7OKip3DvPi1S7wL5srAKSV33Q ouqVhZkEBy1kB5n6FHzpTaCPueCsr90G2THkzuvcApVSIgTQLDIz1mAZ JJRMUWcUmtNdO SsQizMPt4rzvzXQCDg3BA2_pYX9ZV1Bfu Q4E5UaCN4XP772DB2mGlWGJpoq4y48MzYeQ26lZUoGAQiP4 M_X_tL9QgRGW1PxFWMo2lK3ErQ 29CDIZUkbnfxXxXiVPnBZvKo_ef1vDLGhuaRORZrmiT7cFURSqwJkC1QVvTkz yAnce 1ybgkYIAOu8xnNLDQM7GpavV TaPecldakfjojorOvQFfB6VaX13tR5l7kmVUur74JzhqBGseXovx5 1aFZYm eVPO2SoKniV7i1talNWzt3C0gS sEHVLNZVSHlH4oyEmbMepsn_CR8ReRb84b4fXKSjy5muZ4nj7R_9aGABK0S438d_JycNuzUBex1DswQrFYX9pPKaEPc_ywn_qeCS_S ohItKF9qRQsGiW62EiI28s5R7tHJn esFfGTfLD3s2Nx2f6S2lUQd7EF0atLdqJO472jdQmCa1JrsrDA==-GyoAAMQuF5svWSAJxQko5rZ1IZLMopDGNg_Ejbt9TzoBxFoOet4HC6tFUQ8=

http://www.vaultsconceptsapps.com/IATrd2o5QZ5rVVwnvHmTuoKPHR2ZgfBHh9Ug8niq6quN9ZDKj5Ef8ah049Yem7OmkhNA9s4_fNv3FQqO4pGb8nG3hcRUjFWtE5huhLVDamLr87EvRmdIUBpYsfR9LMNP7 6jP2rWsaJKVAS cBujLuBZtBbCGG4NRqlunLwQGcHvE4Z10pOPNHH9_2QJlXWpWh9 hTmI Bk9Ly5fjIR4Q634zWA4dOzHxJ5PyAeprn3BYpLJ8B06GBqyl483FRV0dfybWORmGm_aU1mpF7HBieLIsi6L76GJl_YJsTc9T0dfaJqHb9IMYflVbUsZ4UHGYhNp9Apgq6XHkce Vmoq4raLJLnt0vD2PxQPpq 7LADz82Ss5CZcAp0bw4hCju_00pTrEjD8Yoksa4F3WTZeP8TEsspgJtm6tSiMTlhqyk7kOIz7vRYTbctEqLO6ckvKh c6V6ugc9WBjPkRvnlR25kNZ5RxBLMK8ZrRS6pzcGYw3_h3EMnlTl93eYF7G8rMWZfT_pEvfgxoS0xdnpKczrQTOlME7SoQI9ROhvvwqBQhexPmTCTN WZlzJHZurYwJ8jslFnxCOJndfmeLKq0jonuCYq8w==-GyoAAMQuF5svWSAJxQko5rZ1IZLMopDGNg_Ejbt9TzoBxFoOet4HC6tFUQ8=

http://www.vaultsconceptsapps.com/c2Y0VlovKyHMFJxXBtCAREoE3YSmZ2Tzea1oh1mUor iDszG4n95GZ20OCP1vBKybc2oE3l3eLUn5JTB4E0VbvjBO3MXbikeBQkjMWu0JArZvH6Nxuox0su3sH4jZBe6JEkSAFMPEiS_iz1GjtMpQvn4ZqEOQqNRe1jx07BiQ8E4c46IkuEj5VaQLDP4KiATjJ4FK_6AbXoQgl8EMB5vc_8RcrshYAguXVH6hW_JwqMU7j5CdxkiXtrw9Ews_Ni TkJ48PKDPlT1oSQ6fTcT8q3tgztAVH_7jT8LL9HumxgAUgyywPUHA0br2wNnrJcXLp8yjmEdvwJa8S4pJXF0AL2c_jc3__b6JF8yQg7E4nc9dteyrQQ1P8wwoe2ebPpWtqkzbNWPn7PiB1cCfxMNJHX2FRP6mHGs88w9LPJaamPCgjnuYrmn02qfUf9jlgqH4hZdc8XE8h1EbojArhJcVJpj1R72oKJAsiUCuvZ5Nbxv82vpsAmgAmqS86rzCfnqgI3hbgXWBeo2mEBeYIP7xAGVgW9m2myB59NqwaNluqg3bfbenYSTnqZ9_5ogOXb1qnTwsOOqL3kOr6bNbraS3vyqVgwMrw==-GyoAAMQuF5svWSAJxQko5rZ1IZLMopDGNg_Ejbt9TzoBxFoOet4HC6tFUQ8=

http://www.vaultsconceptsapps.com/RDfqbCDsD0SdDOtR_mZ2PBYatEB3TY6ZLfvYiYaTgooSlXGFSXumtAxQ8qZUbi35 nQraLJud80ATJoUCkPhWXBYvi2EqfQ9Vak9aA2U9uO_eoPTacxCqRSy_dNChClBR8zCB4W9X7dxg3XvE0edplkQX20FeX xMwzO34B8xFFtbxfhHbGtR 3LqmXVUzeKr0 Yk50x274GpxM7BUK nWJdoIxFdFvrgyRjAR_l3qeJh0Y2PUI 9N9_yAUrepi2SbBAhgQHE_qKDeOnzd5K2bl2AHM53tfk_6umqHjy6Rqyl2b_mtpI192k90SbIIgCDB3L_Y_63cTWCloAULi1h_0ViZA75jDTF6Jwcxt53BKJMeJ4v8rBegY1emV1qrcthfYkYwMfTstVfk3K lj2 5KL6Z_AbJ2NR_5UEIhrhFOJiJX1 sY5v_xub4nfLXTltRhIk0SUaDRJxLjrP5k0IXrgOwFrvFysBWrzpaW1XA6V9lE1kPcjsHdQY8Xoj2T92cryXIgaJb9EMnDACo1UJdeVqahE6noP9WPfdXtZat04a5eLQ1FVYYlh Dce EY81B6sABeNxe04MBq ZGnbNVbSmT0b8w==-GyoAAMQuF5svWSAJxQko5rZ1IZLMopDGNg_Ejbt9TzoBxFoOet4HC6tFUQ8=

http://www.vaultsconceptsapps.com/GkQYrofRvXaVqHSnV18TYIgLkSADv5zbuk5KnLvG6H6eTyRRNbCtwc2FdcCj2X2Mt0i1jF32 uwjLKlidtMEXQVfg5bSbI2cIVGQ4StNoOCHfb0gDny31p5aUjeUGHRLjgkL6PWMS9cGwBopNcFjeIASCdHiwhVARXMiMstJmjMSxAv07obvFwEhsZ8D9ksdk1qr5x6KP w71aKpdz_e7vlOJxzFQKFPOlw6xDxLNZTT2d2Rm2E10 2qOK XrArfDvwU4YUMHw2IcZk4u0ugJGzJ5x7BhPfllccdOkHOoIqbI_xzUgwyD_dOqiZLLeZAalIVtSPbpTJKuRvWGdDpTs1RbREqiRyPDzlpYrVQqPDWR2zSF643sTFb8kDK99JR34O6OlVnbP5UWtARujdKN489Cmy8b1D4WfYhM5YZDSTiYh_j4MHE2qgTigT1z_d1kW DfWvtcOT FFd0Wo6qnB_h7GM47UaFKf1OKWgCjatD6Z8vK BC7ZtISlefMUNX84ASd3r02Vv9jQqjBnUn6YBJZ6wNUZLisKH4tz1d6peyrrY0N6s GDb 61X_dPEjuNXx7 5bPQ_Gi I_6srleb8qZMjvCA==-GyoAAMQuF5svWSAJxQko5rZ1IZLMopDGNg_Ejbt9TzoBxFoOet4HC6tFUQ8=

http://www.vaultsconceptsapps.com/ O0VYlS eDMNarrqn7DR2Y84C0gTOkndlW9_FfCxG0xmZs8xX0wUpTviWhdFHhl0Oa2qpmBiAyUanzpZ8065tEMAHqtgdUBHQYjBJf5l1MI9yb1abFdMXhIr5UeUl3nPXTFD5 1b0uLM33UY 74yfjqUTxWC2GCP1uqkWFL2f1khjp73DbG8eaJkUe78y3Xsy_ejFPnC5QsUltp5ICTD68b8LCsQLGHKlPJsV3qcGc6BZhnAEwR4zT1lGQegWnniTEFnrcgFtBLe3SDj3_06NOMtp_Fih7pL4isxR6VeMWf DbAM0eCLcy52ywwfpj_aNdeLPghdNx6wCfYjpWiLui8__x3SMk3CFykBWw1xE_hc2q4ILyRgt0vIv_9dNcSMJY_an5wfytzr3Yw4oexRpXM55M35RZ4tmeKX4rWpQsXCdJpUUwO uO0nbezb5KsYRNR_OFKQks1Y2NVTLWbudLxKVPvrZ2ZvCouiZunUpd2d4wc safF cfVX4pRXMppmyiX76TSEajMZliicHwdeakKUztoCm5dgOBCiq2k3xY0NcOs59CnAhS_QaazNnOTs2V04g7KyRIbnanLNkunOq mKtN4sg==-GyoAAMQuF5svWSAJxQko5rZ1IZLMopDGNg_Ejbt9TzoBxFoOet4HC6tFUQ8=

http://www.vaultsconceptsapps.com/sZndRPUpdW8LSIti4Y4pqv_N84AmlZbVfLjX6qzeuF9EORnY3E9IYbMpls8vcHBCCIc_im55zNjEPm9oYAJLfa0QyTWiz5gmr d08snO0t_vvOQ4GjW4BrboTIyMr4FQOLbEMI3 N8xvfQGmyPourF hzefLqafe y0PKXuomFiUvQObQgMPepGpTBOY0eq0IkDhGqS3laZcW8pvMpb5G_dkIbpWKWaVwY_HGZDQ7IBB3uoBeuMyIvgyxROCqK9UMDzCbHAyras9_UgMLpa tgrliEIVlM_0sghwbxWDfvU3TKyUAfMKplrsMrY5xQdeYaF52DDok6eVtXrH93wgT0S5JaosCFRsMdjPQGSh_uF BAmhYJOYXr278RmKoV3ahY0HS4aZPhbD_4Yf8TjYga7bFhbI8iFR4ti27DSkzg _0zMvW3ov9lzCZs U_JdJYe2s43Kg9ZE66NlsQ7SNHkWAWdaAsqF6vewogLbtueL8MoZnxS5fosZ57qXW3tQPtn2_h9L2PuAd 7YOr5iYnVG0GK30t4C0W9Q6VzCWz9tcdoAPnMTR9LcXCZ6SiY4Xo2IMwsUbfjmycloda iAxLbWazYIMQ==-GyoAAMQuF5svWSAJxQko5rZ1IZLMopDGNg_Ejbt9TzoBxFoOet4HC6tFUQ8=

http://www.vaultsconceptsapps.com/ky70EH6WDgETASGCU2dnW1nPgF8l6P6CCnxhFWciXQr1zwjIqTOlF8ec3Jbryszi1xFNBqskEb5Rttn4IYU4T8Sp8 2MlfPv3XZwaUmR1HpMR1a4ovdn0upu0lWAQPr9ysm6d7MgCKcafWpTSFiZluq3KKFBl0sv9oacvj6npiQOFe3q_Y5h535lw_rEcNDUSTrwW0y8UaKGBqD1kr9cyzQwkLp_f 5oR_aueeeggRQvKGNo7WklW78bJsOWUPhuQhZRdzk2 B6VNYG4_Lq1qw32JlCiQxJiVcXMr8bNzUhWeW_STAIaSzj0T3akTSlKjFuyia6AXLXMJ_FeMND3pK1pk8hrgJoPPf17_sl8MFr4qc4SGKSHj3M7U6lbGL58yFD 1nLvfj lfgnf7vFPInW 2IEEvjNySPZBcbxaiaMY7cOXAodiUezVZShz1AhcwRlq QVF95Qu1XyK8r_ZVTk24R9456SLGDcvRA_tw3RnDJAnFQkHDf5gPzfUfuoh3_eGZMZAjT 4BmoeAyCjaTKhdiosc0s5Cu8O8GI8gmcfq_DQFbyBw0MXb4_CS2pIKPu 9kxkMGUfZMyjX6FrVXhMfEQT6w==-GyoAAMQuF5svWSAJxQko5rZ1IZLMopDGNg_Ejbt9TzoBxFoOet4HC6tFUQ8=

http://www.vaultsconceptsapps.com/RRvobi4Nz kJHqFwltcNPT3pRTfCWgxakUv__FDA1P67vKS9HnWSOSun57a97HthLy2ah4wtmY34BENziZEvfpVat5HFdyXY1EyxBET3mIxQANks2vK0wwDkvUKqh77F7eN4wSbYN0dihB1qSieS2ny1wjx01MBAdcjUuI4yTNSlOv41QJaZwXigjTBc u7osfO3TmNfH1RWln6oelOvSKE020lDlhc0IzspUL c6tJ6cUqWJoKrnMm95FC721apFCAxZ2M1CvaICJFM H3UdZCToLeKpnJclVLWQp0zRbtgPblPTdUEnEhNX bdnsOntMTtHyk2Zz_FTT764Lww4lrv24tyi3SU7qKMQdHtI5l9 mdwmA0WA2d28qemi6HVoqNxRIc1W0EHEAzyaOZsvHt2xmIh12sSfNysv9lv9hsq_sqm4kJe4 BnPyGNO uXSpv5xnv6LlEUpPpJ8Owk_Qwydf2RrqA52tScKdOA2OlZNtzbSaieQYtOxxTqU_Vc3_j_7NnpCCrBSbbhYlxw4eUVB dStmsHerJyDoAnHH8pX7LxP4ylb p59 HXtiwTkCzQkjDksqyycFqDV70b61GCGyZ6SQ==-GyoAAMQuF5svWSAJxQko5rZ1IZLMopDGNg_Ejbt9TzoBxFoOet4HC6tFUQ8=

http://www.vaultsconceptsapps.com/WVl6OTRQVVUwUW1oS1VDVXlSa3A1YlZCa2J5VXlSbGhVWWsxcFUwVjRlbTFuTURJbE1rWjBhMUo0WWxSUGFGQnRlbXRDUjFVbE0wUW1ZejBsTWtKYVlVeGxia0ZFVVV4bFZHWm5aMHhWSlRKQ1kzRndiMlk1ZWxwaWNUVmxlVzltUVhwTE9XbHVZMHRHY2tZNVVHRkhOMHQ1TVZOWVYxaHhPVmszY3psbllYSWxNa1poY1VSb1ZXWTJOamRMZUV0S09WTndXa3BIVjFWRFFrVkVTVUUxTVRKUGFVRWxNa1p2Y2t0MFVuSWxNa1pvYW5scFQwRmxialJaY1RGSlpqZGhKVEpHTmtadFpDWmtiM2R1Ykc5aFpFRnpQVTFwYm1WamNtRm1kRjlIWVcxbFgwUnZkMjVzYjJGa1pYSXVaWGhsSm1aaGJHeGlZV05yWDNWeWJEMW9kSFJ3SlROQkpUSkdKVEpHY0dseWIyZGhMbk53WVdObEpUSkdjR0ZuWlhNbE1rWnBibk4wSlRKR1NVMUpUbFJqYUM1b2RHMXM=

Remove minecraft_game_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.