home

hate season 4_10924_i47983270_il345.exe

Runner Utility

BERSHNET LLC

The application hate season 4_10924_i47983270_il345.exe by BERSHNET has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from files.red-2-small-button.com and multiple other hosts.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
7614c3da6f097a87a8c11094a2aaa3f9

SHA-1:
f1621cd21c12df5581fe7f0daf3437a934f2fd9e

SHA-256:
d4d1877eccc81478eba5cceb5efe3406eb8751f05661c70bf9ee74b04d9ebf8e

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 11:35:32 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonitize.BERSHNET (M)
16.1.16.17

File size:
1.4 MB (1,489,424 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\hate season 4_10924_i47983270_il345.exe

Digital Signature
Signed by:
BERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/6/2015 3:00:00 AM

Valid to:
2/7/2016 2:59:59 AM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
3/29/2015 8:23:12 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:9zaytIRHjI5lu1KpykHGVjtcJngwlGV0ML2B1kz4AUMUAvV8mRiIObLhHrXxJ26n:1aDBwykHG5tcT0mMKBq4AUdMqSOPdFM+

Entry address:
0x2DF567

Entry point:
68, BF, 36, 6F, 86, E8, 3F, FC, 0D, 00, 91, 57, 2A, E8, 98, 78, AE, D5, 40, 99, C6, 22, 2E, 8A, A5, AB, 70, 4A, A7, ED, 3D, 19, 84, C5, F2, 51, A8, 00, 9F, A7, 92, 4F, 1E, 5B, 35, 88, 23, 08, A0, F2, CB, 3E, 1F, 07, 5F, 15, E5, C5, 2B, CB, 84, 78, E8, 17, A6, C9, 15, 15, F7, 70, 9D, 10, 0B, E8, 25, 22, 5A, 3D, 4E, 29, E7, 1A, 32, 87, 80, 42, A8, 02, 19, 44, 82, E1, 9A, D5, 6D, EE, 46, 48, 50, CF, AA, 61, BB, 8E, 61, 34, 08, E2, BA, B0, 86, 6E, C1, FA, 67, 29, C4, B3, 08, A9, 79, 84, BF, D5, F9, 1A, A7, 5A...
 
[+]

Entropy:
7.9936  (probably packed)

Code size:
187.5 KB (192,000 bytes)

The file hate season 4_10924_i47983270_il345.exe has been seen being distributed by the following 2 URLs.

http://files.red-2-small-button.com/p/GecDp16pfrXHX0IVVxjmYQ,1427650895/.../hate season 4_10924_i47982496_il345.exe

http://downprov.brown1switch.com/direct?version=1.1.8.22&campid=10924&instid[appname]=love/hate season 4_Downloader&instid[appsetupurl]=http://go.futuresdownload.com/getfast/download.cgi?9&ti1=700000&ti2=15&ti3=2015-03-29T17:35:27.491100 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.futuresdownload.com/d1/logo150x150.png&prefix=love/hate season 4&instid[thankyoupage]=http://download.futuresdownload.com/afterinstall/thank_you.php?ti1=700000&ti2=15&ti3=2015-03-29T17:35:27.491100 00:00&parameter=love/hate season 4&instid[interrupted]=http://download.futuresdownload.com/afterinstall/.../hate season 4&ti1=700000&ti2=15&ti3=2015-03-29T17:35:27.491100 00:00&_dest=files.red-2-small-button.com

Remove hate season 4_10924_i47983270_il345.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.