minecraftinstall.exe

Minecraft

Air Software

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application minecraftinstall.exe, “Minecraft ” by Air Software has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer. With this installer, users are expecting to download Minecraft but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
AirInstaller   (signed by Air Software)

Product:
Minecraft

Description:
Minecraft

Version:
2.0.4.16

MD5:
45fd24ced47f8d0801a433082ee8d907

SHA-1:
f38b40be37b232a97436632e86ec4eef92ab84f4

SHA-256:
d08df7b0895a08078088b3491ad94334a96bf107b4b95c7223ac48b030422d35

Scanner detections:
18 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 3:37:57 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.AirAd
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.150.50

AVG
Generic_r
2015.0.3472

Comodo Security
Application.Win32.AirAdInstaller.B
18286

Dr.Web
Adware.Downware.1410
9.0.1.0137

ESET NOD32
Win32/AirAdInstaller (variant)
8.9813

F-Prot
W32/AirInstall.A8.gen
v6.4.7.1.166

G Data
Win32.Adware.Airadinstaller
14.5.24

IKARUS anti.virus
AdWare.AdWare.Gen7
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.177.12109

NANO AntiVirus
Riskware.Win32.AirAdInstaller.cxhlvu
0.28.0.59911

Qihoo 360 Security
Malware.QVM01.Gen
1.0.0.1015

Reason Heuristics
DownloadManager.AirSoftware.Q
14.8.7.18

Rising Antivirus
PE:PUF.Airinstall!1.9C4C
23.00.65.14515

Sophos
AirInstaller
4.98

Vba32 AntiVirus
AdWare.AirAdInstaller
3.12.26.0

VIPRE Antivirus
AirInstaller
29302

File size:
805.4 KB (824,736 bytes)

Product version:
2.0.4.16

Copyright:
(c) AirInstaller

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
AirInstaller Download Manager

Language:
English (United States)

Common path:
C:\documents and settings\luca stella\documenti\downloads\minecraftinstall.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/25/2013 1:00:00 AM

Valid to:
3/27/2015 12:59:59 AM

Subject:
CN=Air Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Air Software, L=Victoria, S=British Columbia, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3AC786E09219DF82DA830E461D4FC39F

File PE Metadata
Compilation timestamp:
8/26/2013 10:25:56 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:pfp1E31IuRjOCPffwtq0KWXPS9//Lay2yAYNssPgISyknNp1W/FW/bf3diVVuAHK:pfI9FPfV/LV2utSyOrf38VV9YIne

Entry address:
0x252630

Entry point:
60, BE, 00, 30, 59, 00, 8D, BE, 00, E0, E6, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA]

Code size:
768 KB (786,432 bytes)

The file minecraftinstall.exe has been seen being distributed by the following URL.

Remove minecraftinstall.exe - Powered by Reason Core Security