minecraft+admin+injection+tool+new+method.exe

The executable minecraft+admin+injection+tool+new+method.exe has been detected as malware by 23 anti-virus scanners. The file has been seen being downloaded from api.ge.tt.
Version:
3, 3, 6, 1

MD5:
0bc7382a73f900fdc5e8062bfe2ffedd

SHA-1:
082b40815fc91c8f05cbdb061d93f55b7a0a9cc0

SHA-256:
7391985782e484f563e179ebfbbac813568ff040340c52d6bf2ada59667a4c42

Scanner detections:
23 / 68

Status:
Malware

Analysis date:
11/27/2024 1:50:38 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.AutoIT.10
202

AhnLab V3 Security
Trojan/Win32.AutoIt
2016.04.25

Avira AntiVirus
TR/Autoit.bvw
8.3.3.4

Arcabit
Trojan.Heur.AutoIT.10
1.0.0.672

avast!
AutoIt:Agent-AMV [Trj]
2014.9-160717

AVG
Autoit
2017.0.2680

Bitdefender
Gen:Trojan.Heur.AutoIT.10
1.0.20.995

Bkav FE
W32.HfsAtITSTIL
1.3.0.7744

Emsisoft Anti-Malware
Gen:Trojan.Heur.AutoIT.10
8.16.07.17.08

ESET NOD32
Win32/Injector.Autoit.KL
10.13385

Fortinet FortiGate
W32/Fynloski.AM!tr
7/17/2016

F-Secure
Gen:Trojan.Heur.AutoIT.10
11.2016-17-07_1

G Data
Gen:Trojan.Heur.AutoIT.10
16.7.25

K7 AntiVirus
Trojan
13.222.19406

Kaspersky
Trojan.Win32.Autoit
14.0.0.-107

Malwarebytes
Trojan.Agent.AutoIt
v2016.07.17.08

MicroWorld eScan
Gen:Trojan.Heur.AutoIT.10
17.0.0.597

Qihoo 360 Security
QVM10.1.Malware.Gen
1.0.0.1120

Quick Heal
Backdoor.AutoIt.Fynloski.OC
7.16.14.00

Sophos
Troj/AutoIt-YS
4.98

Trend Micro House Call
TROJ_AUTOIT_DD300502.UVPA
7.2.199

Trend Micro
TROJ_AUTOIT_DD300502.UVPA
10.465.17

VIPRE Antivirus
Trojan.Win32.Generic
48892

File size:
1.4 MB (1,487,887 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\downloads\minecraft+admin+injection+tool+new+method.exe

File PE Metadata
Compilation timestamp:
4/16/2010 3:47:33 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:taHMv6Corjqny/Q/5gbG5vaAxBAhEvxh9Jok8T:t1vqjd/Q/EExxvxh9CT

Entry address:
0x16310

Entry point:
E8, A7, C0, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, E0, 94, 4A, 00, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, 65, 04, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 2A, F3, A5, FF, 24, 95, 94, 64, 41, 00, 90, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C...
 
[+]

Entropy:
7.3641

Code size:
512.5 KB (524,800 bytes)

The file minecraft+admin+injection+tool+new+method.exe has been seen being distributed by the following URL.