home

casiopea vs the square dvd_10924_i46149333_il345.exe

Runner Utility

BERSHNET LLC

The application casiopea vs the square dvd_10924_i46149333_il345.exe by BERSHNET has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
dc42512b4a92bf0ea7f72e34fda9ee69

SHA-1:
6ad70b4c5e990a138e41eca733c9a6349b7e2ca1

SHA-256:
7f4369052f8e9d7ff90fc5d4d72208973853bfd2f736dce0a59e91bb394ebc30

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/23/2024 7:28:01 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonitize (M)
17.3.16.6

File size:
1.5 MB (1,531,408 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\nueva carpeta \casiopea vs the square dvd_10924_i46149333_il345.exe

Digital Signature
Signed by:
BERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/5/2015 8:00:00 PM

Valid to:
2/6/2016 7:59:59 PM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
3/22/2015 4:43:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x3CF422

Entry point:
E8, 0B, 45, EA, FF, 08, 1A, 9B, B7, 8D, ED, 99, D5, 03, 67, 9D, 3D, 57, BF, 45, F8, 7C, 53, 3C, C6, 0F, CC, D2, 85, 09, A1, 28, 56, 5B, 05, 50, 1F, 8C, 91, FE, A3, 23, F1, BA, A0, 3C, 4F, DC, 06, 24, 0B, 5B, D9, A3, 15, E3, E4, A9, 73, C2, B7, 93, 5C, A8, 83, 0F, BB, 00, AF, 19, 39, 64, 51, A9, 03, 06, 61, 3F, 31, 5C, AA, D7, C4, EF, 3A, 80, E0, 0A, 4F, 1C, C8, E6, 64, 69, 87, 2F, FD, CB, BA, 0B, 3B, 9C, B3, 3D, 42, 08, 50, 0E, 7E, AD, 5B, 97, C6, 68, C4, 9A, 62, 91, AF, 3F, 42, 82, EE, FC, 1A, 24, 86, 59...
 
[+]

Entropy:
7.9943  (probably packed)

Code size:
187.5 KB (192,000 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.