install flashplayer_10924_i7721594_il345.exe

Runner Utility

BERSHNET LLC

The application install flashplayer_10924_i7721594_il345.exe by BERSHNET has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from downprov.brown1switch.com and multiple other hosts.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
a4f5ca09dec07b9e1c860fa5ffdc0978

SHA-1:
49877dc9104c338eab116e4536b844bf2b1bd84b

SHA-256:
99a984e2114d6bd5aa3e90eb68abab2e8fa84e77ba579e49514e88587766b0e2

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/24/2024 12:01:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonitize.BERSHNET.Installer (M)
16.3.15.5

File size:
1.5 MB (1,540,112 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\install flashplayer_10924_i7721594_il345.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/6/2015 1:00:00 AM

Valid to:
2/7/2016 12:59:59 AM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
5/13/2015 6:33:06 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:zgsoPJlvLyWtK1rziQSad2tLhHPdWHYgYJFBrnkrisxcWz+I5GMcDt+vxJMjhXrW:XkJlvLlK1fiHa8pVdW4ZtslCIk50vLMA

Entry address:
0x3E5A5F

Entry point:
0F, 8C, B2, 87, E9, FF, 68, 75, 08, E3, D8, FF, 34, 24, 68, 94, 89, F4, E2, C7, 44, 24, 08, 5B, C7, 75, 00, 88, 5C, 24, 04, E9, 74, 36, 00, 00, E8, 67, C8, F7, FF, F9, 83, EF, 04, 53, 80, FE, 03, FF, 37, 8F, 44, 24, 04, 9C, 66, 0F, BA, E7, 0A, 3C, 9C, 84, E0, 39, DF, E8, F9, 3C, F8, FF, 8B, 7A, 24, 9C, 9C, 60, 01, C7, F9, 0F, B7, 0C, 4F, 66, 0F, B6, FA, 66, F7, D7, 81, CF, EE, BB, 47, 45, 9C, 8B, 7A, 1C, FF, 34, 24, 01, C7, C6, 04, 24, 41, E9, F8, 22, 00, 00, 4B, F8, 2A, 50, 56, 24, F0, F4, 24, 4A, DF, 7A...
 
[+]

Code size:
187.5 KB (192,000 bytes)

The file install flashplayer_10924_i7721594_il345.exe has been seen being distributed by the following 2 URLs.

Remove install flashplayer_10924_i7721594_il345.exe - Powered by Reason Core Security