fcat explorer answers 8th grade science voyager_10924_i51795492_il345.exe

Runner Utility

BERSHNET LLC

The application fcat explorer answers 8th grade science voyager_10924_i51795492_il345.exe by BERSHNET has been detected as adware by 20 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from downprov.brown1switch.com and multiple other hosts.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
2634f08199a1b371ea4465ffc87abb90

SHA-1:
aabed9f9f09d5332ac992a1ef577c59e3c836036

SHA-256:
62f294f893e20034d8b682a961cd5d7f310e9999a7b9b91a87581dfb4a6ea675

Scanner detections:
20 / 68

Status:
Adware

Analysis date:
11/23/2024 11:46:51 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.8247
472

AhnLab V3 Security
PUP/Win32.LoadMoney
2015.04.13

Avira AntiVirus
ADWARE/Adware.Gen7
3.6.1.96

AVG
Generic
2016.0.2950

Bitdefender
Gen:Variant.Adware.Mikey.8247
1.0.20.1465

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.LoadMoney.IARS
21739

Dr.Web
Trojan.Amonetize
9.0.1.0293

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.8247
8.15.10.20.10

ESET NOD32
Win32/Amonetize.DW potentially unwanted (variant)
9.11462

F-Prot
W32/S-53544127
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Mikey
11.2015-20-10_3

G Data
Gen:Variant.Adware.Mikey.8247
15.10.25

K7 AntiVirus
Unwanted-Program
13.202.15567

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.1245

Malwarebytes
PUP.Optional.Amonetize
v2015.10.20.10

MicroWorld eScan
Gen:Variant.Adware.Mikey.8247
16.0.0.879

Panda Antivirus
Trj/Genetic.gen
15.10.20.10

Reason Heuristics
PUP.Amonitize.BERSHNET (M)
15.10.20.22

VIPRE Antivirus
Amonetize
39276

File size:
1.4 MB (1,489,424 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\fcat explorer answers 8th grade science voyager_10924_i51795492_il345.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/5/2015 7:00:00 PM

Valid to:
2/6/2016 6:59:59 PM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
4/12/2015 11:03:10 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:JjhaZWjIaUCQYLC3NgYMyJlZg6C+cpEhrSG36L8EA72XgdIvKAGjdj6TAvyqNbel:JhakkBCQ1eYXJLg6lcCd4C2iIvKrjUT5

Entry address:
0x267ECF

Entry point:
E9, B4, 00, 0E, 00, C7, 91, F1, 96, E1, 72, EE, 03, 78, 1E, 41, 0B, 54, 3A, 65, 23, 32, 54, 45, 27, 78, 12, 03, 71, 2E, 50, AB, D9, C8, 8E, D1, 8B, 9A, C0, 4F, D9, 2C, 25, 13, 0F, AD, 73, E5, 8A, 00, 62, D5, AF, F0, AE, 8E, 8B, 96, 5B, 53, AC, 08, E6, 87, 21, 4D, BF, 1D, 60, 1E, 42, 65, 0C, 1D, 53, 33, EA, 29, 46, 12, EC, FF, A9, 53, 55, 97, 62, BB, 20, 5E, 39, 28, 7E, 5C, 4F, 0D, 52, 10, 9F, 35, BA, 38, 5B, 05, 54, 26, A9, 0F, 80, 1E, 4F, 29, 4C, 6D, 76, 5B, B3, 0D, 44, F9, 6B, 19, 50, 77, 3A, 59, DF, 3F...
 
[+]

Entropy:
7.9942

Packer / compiler:
Xtreme-Protector v1.05

Code size:
187.5 KB (192,000 bytes)

The file fcat explorer answers 8th grade science voyager_10924_i51795492_il345.exe has been seen being distributed by the following 3 URLs.

http://downprov.brown1switch.com/direct?version=1.1.8.22&campid=10924&instid[appname]=boardwalk.empire.season.1.5.hdtvrip.x264.machiavelli_Downloader&instid[appsetupurl]=http://go.bestsoftwarelive.com/getfast/download.cgi?9&ti1=1410000&ti2=3&ti3=2015-04-12T15:14:34.816298+00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.bestsoftwarelive.com/d1/logo150x150.png&prefix=boardwalk.empire.season.1.5.hdtvrip.x264.machiavelli&instid[thankyoupage]=http://download.bestsoftwarelive.com/.../thank_you.php?ti1=1410000&ti2=3&ti3=2015-04-12T15:14:34.816298+00:00&parameter=boardwalk.empire.season.1.5.hdtvrip.x264.machiavelli&instid[interrupted]=http://download.bestsoftwarelive.com/.../interrupted.php?ti1=1410000&ti2=3&ti3=2015-04-12T15:14:34.816298+00:00&parameter=boardwalk.empire.season.1.5.hdtvrip.x264.machiavelli&ti1=1410000&ti2=3&ti3=2015-04-12T15:14:34.816298 00:00&_dest=files.red-2-small-button.com