minecraftp_1.5.2.exe

The application minecraftp_1.5.2.exe has been detected as a potentially unwanted program by 7 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from 9i7ffdgvffibow7.vrnserver.ru.
Version:
1.0.0.0

MD5:
b596001db467ea273821808db9952bc1

SHA-1:
471c9d5a8dc220eee9cf8ebe03615923255a179a

SHA-256:
30013e7cc94a92b68b6739f8f9ba56698fdea29838ef89db0d853a0b9df70cdf

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 1:30:33 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:InstallMonstr-IK [PUP]
160215-2

AVG
Adware BundleApp.SE
2015.0.4522

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.182038
10.0.0.5366

ESET NOD32
Win32/InstallMonstr.FF potentially unwanted application
8.0.319.0

Kaspersky
not-a-virus:AdWare.Win32.InstallMonster
15.0.0.562

VIPRE Antivirus
Threat.4150696
47240

File size:
3.1 MB (3,223,782 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\minecraftp_1.5.2.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:/LeLeltjMpmAqCxosQP3pqRzHjJYwQI/j3O4Z2Ew4OWunh1fmPv2vx7Ygxe8T7sg:llEPrspwHT/S4Z7OWunh1OP+x73e8TQg

Entry address:
0x7A5D00

Entry point:
60, BE, 00, 10, 91, 00, 8D, BE, 00, 00, AF, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
2.6 MB (2,711,552 bytes)

The file minecraftp_1.5.2.exe has been seen being distributed by the following URL.

Remove minecraftp_1.5.2.exe - Powered by Reason Core Security