» gyrocopter instruction_10924_i37028150_il345.exe
Overview
Analysis
File Details
Downloads (1)

gyrocopter instruction_10924_i37028150_il345.exe

Runner Utility

BERSHNET LLC

The application gyrocopter instruction_10924_i37028150_il345.exe by BERSHNET has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from files.red-9-small-button.com.

File name:

Publisher:

Dummy, Ltd. (signed by BERSHNET LLC)

Product:

Runner Utility

Version:

1.0.0.188

MD5:

7dd2ea9b179a2e93096cfb8e27c82180

SHA-1:

891128cfe116ce9a0abdd56ac1a87ab430c82502

SHA-256:

bf332d6656d6919eb7dbd89a98284f191a88c3613b60e1633a92c6b358ea2ace

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/15/2024 12:58:19 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonitize.BERSHNET (M)

16.7.23.4

File size:

1.5 MB (1,531,920 bytes)

Product version:

1.0.0.188

Original file name:

runner.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\gyrocopter instruction_10924_i37028150_il345.exe

Digital Signature

Signed by:

BERSHNET LLC

Authority:

COMODO CA Limited

Valid from:

2/5/2015 5:00:00 PM

Valid to:

2/6/2016 4:59:59 PM

Subject:

CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata

Compilation timestamp:

7/26/2015 12:03:08 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

24576:joLuvyZEW6sO5SRYNL6wK8P4JbTqVjHdbN6TOib3c9zWi4GtIbwu7a4BE/pcNUiw:joXEW6z4YVTKiVLdbSlcYi4GtYPdBEhL

Entry address:

0x2F3057

Entry point:

53, C6, 04, 24, 70, 88, 0C, 24, E9, 96, B9, FF, FF, DA, 51, 89, AD, CA, 8B, 3D, 24, DA, 0B, 97, 16, BA, 11, B1, 04, 4F, B8, B3, C0, 0B, 14, 5F, 94, 34, AB, F7, AE, 02, 65, C5, 44, EC, 77, 22, 23, 81, 6F, 65, FD, B0, 8F, 5E, A9, 4A, 05, 51, 86, 22, B9, CE, 45, D7, B9, 73, 7A, 57, 1C, 20, 39, 87, BC, 76, E0, 93, 5D, 75, 3E, 8F, 8C, 0F, A0, 86, 96, 64, 23, 03, 7E, C5, 31, CD, 88, FC, 95, 98, BB, 7C, 87, BE, A9, 72, 4F, 54, EF, 00, C4, BD, 59, 6B, 90, 35, C2, 0D, FD, 2C, F1, 2F, 60, 0F, F8, 97, 80, 63, 87, A0... 
[+]

Entropy:

7.9941 (probably packed)

Code size:

188 KB (192,512 bytes)

The file gyrocopter instruction_10924_i37028150_il345.exe has been seen being distributed by the following URL.

http://files.red-9-small-button.com/p/.../Gyrocopter Instruction_10924_i37028150_il345.exe

Remove gyrocopter instruction_10924_i37028150_il345.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.