home

minecraft_setup.exe

Captaindownloads Downloader

Dove Source (Fried Cooke Ltd.)

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application minecraft_setup.exe, “Generic Application Web Setup ” by Dove Source (Fried Cooke) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as Minecraft but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Captaindownloads  (signed by Dove Source (Fried Cooke Ltd.))

Product:
Captaindownloads Downloader

Description:
Generic Application Web Setup

Version:
1.0.5.a0.1_34599

MD5:
2e2b5e3c73c0439d85a1679be8a22175

SHA-1:
92c43b8143cb5adefce3778491bc575883edc5cd

SHA-256:
6280d60426ff65d93a524ac94759f9eb3c7f47fc7741b476c8bc0e003f70a9e7

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 10:08:44 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.1.31.4

File size:
765.9 KB (784,296 bytes)

Product version:
1.0.5.a0.1_34599

Copyright:
Captaindownloads

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\minecraft_setup.exe

Digital Signature
Signed by:
Dove Source (Fried Cooke Ltd.)

Authority:
GlobalSign nv-sa

Valid from:
1/5/2015 2:17:34 PM

Valid to:
1/6/2016 2:17:34 PM

Subject:
CN=Dove Source (Fried Cooke Ltd.), O=Dove Source (Fried Cooke Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121565CD3A6FF74126C58E5CFEFA7955821

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file minecraft_setup.exe has been seen being distributed by the following URL.

http://cdn.captaindownloadfiles.com/?data=9u0vXEQaKw7hXNF0VWvVpnbTJxvWtq 54FbEqQF7t7hIywCQ yEmN35HQFSqRUdZEb/tWchJ1S7LlgDYqg8g hIynXE5o1v3qWriAlhW3XLiwkc91sv0NRKMHXqBh6wyRLkaAnlubv39tGZgIzOeHBYncPO9aOTGMn/CKh67aIGhWMEQ5Jcbwr1OJm/KSTT9fke08i7mwpPqUB8s86YIZwKavVHPn0to8qOlRs7B2amWmY2SKLALtR//cDLZ3OWdjKQ0untsmntaMpOWrFGTAch7vcjBXH3Kz37q925nNyd1nbKumtkpCbbqCya7t0RmIdqTrz/lD7MbzfJHpWcQThi1Jj4wCBZ2XDDJYzIWmOPwRoU4lSUkgFLkjPzXCW1LUlkw56zAG1IQIzw0D3KIKS9VN94hNIMB4cHNo7Qlhm7hsPL28CzPeK0nKqeYvXkcS3XBAQwJhXrAWbLDYvbvzLIwvMnXxgnKwbRoqNNJwAE4vo56 6MM68ZDTz5E3EYj4x knXuwpucGQWafY3YAvOxXMKqLASczQOqhpTahAWMsnL oELlnkOptycbWyJqXPEXHhr8SqaUY/sgEqNKVmymwxxEpSp8Z9AWGZplPQWDB0iPiNtx 669gT91k8FdscOQZy3qcdEuOv/PyVuTl8hACuvjGwXusABRJazc hYv15TiqwKW6T86esYjnpCpUWy ojmDNYY9PqCVFscP4/pP38yuaLOIKMdAuyJ2T7myQj76 qSFfbB1olccrmP9uVeXMSjXyWCzoyyfOWfY08jimU0nyfFt 77jVW4xf2/U LlL5V1x2J gRSXpQAzljycDzA99ADuYVyDvqdTOrRMM0 nQ4MDuOxnH4oXatosbn5Qr3QGhCxbkUaerrn1rWsVKZpr/G7qgACcQkM3z1B/NvBOwXkHJNnTG6bLnZ/.../r

Remove minecraft_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.