home

install flashplayer_10924_i13785693_il345.exe

Runner Utility

BERSHNET LLC

The application install flashplayer_10924_i13785693_il345.exe by BERSHNET has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from downprov.brown1switch.com.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
cf76996721570664729451429b1a1ba2

SHA-1:
78e747202f9081116c228c9d5a0fc9bf8ff025f1

SHA-256:
0c1f09f430740fb5a7d94a2b9eeaa725871664308ab590d75252821c663c111b

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/23/2024 7:06:17 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonitize (M)
17.3.15.16

File size:
1.5 MB (1,559,568 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\install flashplayer_10924_i13785693_il345.exe

Digital Signature
Signed by:
BERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/6/2015 1:00:00 AM

Valid to:
2/7/2016 12:59:59 AM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
5/31/2015 7:43:05 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x2780B8

Entry point:
9C, 66, C7, 04, 24, DB, 63, 60, C7, 44, 24, 20, 4F, A7, C8, 85, 9C, 8D, 64, 24, 24, 0F, 80, DA, E0, FF, FF, 60, C7, 44, 24, 1C, C7, 9A, D9, 13, 88, 0C, 24, 9C, 8D, 64, 24, 20, E9, 2F, 45, 17, 00, 71, D1, 35, DC, E4, C5, EC, 49, D5, 2A, E2, 44, 61, B2, 43, 84, 29, E2, F3, 3C, EF, E2, E1, 20, 05, F2, 2B, C8, 4D, 8A, 53, 9C, 71, 7A, 8B, 64, B7, E9, 31, BC, 99, F1, AF, BD, 87, 28, 0C, 5A, 71, C9, CB, 10, ED, 05, 31, B6, 6A, C6, 25, A0, 10, 07, D0, 03, A3, 3B, 08, 2E, 13, 23, 5E, C6, 39, A7, 9C, 86, 0B, 0C, DB...
 
[+]

Code size:
187.5 KB (192,000 bytes)

The file install flashplayer_10924_i13785693_il345.exe has been seen being distributed by the following URL.

http://downprov.brown1switch.com/direct?version=1.1.8.22&campid=10924&instid[appname]=Install flashplayer_Downloader&instid[appsetupurl]=http://go.bestsoftwarelive.com/getfast/download.cgi?9&ti1=5845000&ti2=13&ti3=DD1_2015-05-31T05:50:57.074143+00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.bestsoftwarelive.com/d1/logo150x150.png&prefix=Install flashplayer&instid[thankyoupage]=http://download.bestsoftwarelive.com/.../thank_you.php?ti1=5845000&ti2=13&ti3=DD1_2015-05-31T05:50:57.074143+00:00&parameter=Install flashplayer&instid[interrupted]=http://download.bestsoftwarelive.com/.../interrupted.php?ti1=5845000&ti2=13&ti3=DD1_2015-05-31T05:50:57.074143+00:00&parameter=Install flashplayer&ti1=5845000&ti2=13&ti3=DD1_2015-05-31T05:50:57.074143 00:00&_dest=files.red-2-small-button.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.