home

mod for minecraft 1.7.9.exe

Win32 Cabinet Self-Extractor

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application mod for minecraft 1.7.9.exe, “Win32 Cabinet Self-Extractor ” has been detected as a potentially unwanted program by 16 anti-malware scanners. This is a setup program which is used to install the application. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
Microsoft Corporation*  (Invalid match)

Product:
Microsoft® Windows® Operating System

Description:
Win32 Cabinet Self-Extractor

Version:
6.00.2900.5512 (xpsp.080413-2105)

MD5:
f686ef99874134643e360f2f1743fec8

SHA-1:
55270d826997d2434dba98f1b63365a9f8136081

SHA-256:
559f3fea365346aaabaa9f148ac353890ed27bba30994351bfc0ba1f72c6923d

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/26/2024 5:19:20 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11681696
598

Avira AntiVirus
TR/Rogue.11681696
3.6.1.96

Baidu Antivirus
Adware.MSIL.OutBrowse
4.0.3.15616

Bitdefender
Trojan.Generic.11681696
1.0.20.835

Clam AntiVirus
Win.Trojan.Agent-750502
0.98/21511

Emsisoft Anti-Malware
Trojan.Generic.11681696
8.15.06.16.08

F-Secure
Trojan.Generic.11681696
11.2015-16-06_3

G Data
Trojan.Generic.11681696
15.6.25

Kaspersky
not-a-virus:AdWare.MSIL.OutBrowse
14.0.0.1876

McAfee
Artemis!F686EF998741
5600.6732

MicroWorld eScan
Trojan.Generic.11681696
16.0.0.501

NANO AntiVirus
Riskware.Win32.Rogue.dnurjz
0.30.10.952

nProtect
Trojan-Clicker/W32.OutBrowse.995328
15.04.07.01

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Trend Micro House Call
TROJ_GEN.R021C0OAD15
7.2.167

Trend Micro
TROJ_GEN.R021C0OAD15
10.465.16

File size:
972 KB (995,328 bytes)

Product version:
6.00.2900.5512

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
WEXTRACT.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\random and old stuff\mod for minecraft 1.7.9.exe

File PE Metadata
Compilation timestamp:
4/13/2008 7:32:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
24576:RMQ2VNktCJHPZY2S8TRWjnoZ6ZG/XFXRJfh2edYiM:ENkCHbVSqMG/XtRJfh2eSiM

Entry address:
0x645C

Entry point:
E8, 0A, 00, 00, 00, E9, 7A, FF, FF, FF, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, D0, B2, 00, 01, 85, C0, 74, 07, 3D, 40, BB, 00, 00, 75, 4D, 56, 8D, 45, F8, 50, FF, 15, 70, 11, 00, 01, 8B, 75, FC, 33, 75, F8, FF, 15, 6C, 11, 00, 01, 33, F0, FF, 15, 68, 11, 00, 01, 33, F0, FF, 15, 64, 11, 00, 01, 33, F0, 8D, 45, F0, 50, FF, 15, 60, 11, 00, 01, 8B, 45, F4, 33, 45, F0, 33, C6, 25, FF, FF, 00, 00, 5E, 75, 05, B8, 40, BB, 00, 00, A3, D0, B2, 00, 01, F7, D0, A3, CC, B2, 00, 01, C9, C3, CC, CC, CC...
 
[+]

Developed / compiled with:
Microsoft CAB SFX

Code size:
38.5 KB (39,424 bytes)

The file mod for minecraft 1.7.9.exe has been seen being distributed by the following URL.

http://download7.mediafire.com/56m05gvfkkbg/.../Goat_Simulator.EXE

Remove mod for minecraft 1.7.9.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.