minecraftforge1.7.2.exe

SETUPPROCESS

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application minecraftforge1.7.2.exe by SETUPPROCESS has been detected as adware by 33 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The installer is marketed through download protals and search ads as Minecraft but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
setup process  (signed by SETUPPROCESS)

Description:
Setup Manager

Version:
3.0.30.1

MD5:
e13062e566d24b603e7d5498b3200301

SHA-1:
8b534484a379b25566b01bf4314f56c541b5db83

SHA-256:
6daced2b5e680321ca619b739c52812352cd5339f85f73110b066d38f4a71dc7

Scanner detections:
33 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/26/2024 12:11:13 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Bundler.Firseria.1
555

Agnitum Outpost
PUA.Firseria
7.1.1

AhnLab V3 Security
PUP/Win32.DownloadManager
2015.03.28

Avira AntiVirus
APPL/Firseria.D
7.11.138.238

avast!
Win32:PUP-gen [PUP]
2014.9-150730

AVG
BundleApp
2016.0.3033

Bitdefender
Gen:Application.Bundler.Firseria.1
1.0.20.1055

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.FirseriaInstaller.BCB
17995

Dr.Web
Trojan.DownLoader11.3686
9.0.1.0211

ESET NOD32
Win32/FirseriaInstaller.C potentially unwanted (variant)
9.11389

Fortinet FortiGate
Adware/Firseria
7/30/2015

F-Prot
W32/Morstar.B
v6.4.7.1.166

F-Secure
Gen:Application.Bundler.Firseria
11.2015-30-07_5

G Data
Win32.Application.Morstar
15.7.24

herdProtect (fuzzy)
2015.9.2.23

IKARUS anti.virus
PUA.Bundler
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.202.15408

Kaspersky
not-a-virus:AdWare.Win32.Fiseria
14.0.0.1658

Malwarebytes
PUP.Optional.BundleInstaller.A
v2015.07.30.07

McAfee
Artemis!E13062E566D2
5600.6689

MicroWorld eScan
Gen:Application.Bundler.Firseria.1
16.0.0.633

NANO AntiVirus
Trojan.Win32.DownLoader11.ctdbpw
0.28.0.58720

nProtect
Trojan-Clicker/W32.Fiseria.264560
15.03.27.01

Panda Antivirus
Trj/Genetic.gen
15.07.30.07

Quick Heal
PUA.Fiseria.DC3
7.15.14.00

Reason Heuristics
PUP.Solimba.SETUPPROCESS.Bundler (M)
15.7.30.7

Sophos
Solimba Installer
4.98

Trend Micro House Call
TROJ_GEN.R0C1H07C415
7.2.211

Trend Micro
TROJ_GEN.R0C1C0EB315
10.465.30

Vba32 AntiVirus
Downware.Morstar
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
27758

Zillya! Antivirus
Downloader.Solimba.Win32.5
2.0.0.2119

File size:
258.4 KB (264,560 bytes)

Product version:
3.0.28

Copyright:
Copyright© 2014

Original file name:
setup_install.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\minecraftforge1.7.2.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
11/26/2013 7:00:00 PM

Valid to:
12/1/2014 7:00:00 AM

Subject:
CN=SETUPPROCESS, O=SETUPPROCESS, L=Badalona, S=Barcelona, C=ES

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0A8ABFC7C80D0C2F0A3A89CF6139A91D

File PE Metadata
Compilation timestamp:
1/30/2014 5:15:34 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:iIJP4jadW8oBS2H8jJeOmH5AXtywLBVfYAsgdIzAudJ8:nP4j+jos2HCJeOmZSflNYARwdJ8

Entry address:
0x73950

Entry point:
60, BE, 00, E0, 43, 00, 8D, BE, 00, 30, FC, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.6944

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
216 KB (221,184 bytes)

The file minecraftforge1.7.2.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn.solimba.com  (95.211.6.35:80)

TCP (HTTP):
Connects to api.downloadmr.com  (95.211.39.161:80)

 
http://api.downloadmr.com/installer/76658715/launch

Remove minecraftforge1.7.2.exe - Powered by Reason Core Security