home

lagu dodi latuharihari terbaru_10924_i9712704_il345.exe

Runner Utility

BERSHNET LLC

The application lagu dodi latuharihari terbaru_10924_i9712704_il345.exe by BERSHNET has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from files.red-2-small-button.com.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
d32ebd4834c613fdb6a26c0990c43aa2

SHA-1:
75b647ff16e33442160f07ef3bb4120fe3f9ae8d

SHA-256:
912b6b1e351b9f3ef7e486e908369a3d231f2f6cf765a6d28a07032d75037a16

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 11:50:51 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonitize.BERSHNET (M)
16.4.16.20

File size:
1.4 MB (1,517,584 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\lagu dodi latuharihari terbaru_10924_i9712704_il345.exe

Digital Signature
Signed by:
BERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/6/2015 7:00:00 AM

Valid to:
2/7/2016 6:59:59 AM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
5/19/2015 12:23:07 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:Aa2NAYYHVRPpRua0FpAmQhhIj6SHdssF9ZX/MAvSCI8F/bILAMGhnmgj2X9ViPIK:AXRifp10F+phMzvU+aE/ULimgAy28SaP

Entry address:
0x35128F

Entry point:
68, 68, C3, 16, 52, 9C, C6, 04, 24, 01, C7, 44, 24, 04, 41, 4B, C7, C4, 9C, C7, 44, 24, 04, AE, FF, C9, 06, 60, 88, 74, 24, 04, FF, 74, 24, 04, 51, 8D, 64, 24, 2C, E9, B5, 65, 08, 00, B6, 84, D3, D5, 6E, D5, 70, 7A, 65, CC, AC, 03, 61, DA, 80, A4, D8, E0, 8C, 3B, 71, D8, B8, 1D, 69, A2, A8, 82, E4, C2, A0, 88, D4, 75, 0C, BC, D6, 3C, 05, 83, 07, B2, 2E, 57, D0, ED, D5, F5, B1, 08, 80, 4E, C6, 8A, F4, 81, 25, 1C, AE, FF, 47, 4B, 18, F0, C6, A1, 1B, 50, 87, 53, 36, 55, 23, 49, B8, 18, 1B, 32, 76, 36, 37, 37...
 
[+]

Entropy:
7.9941  (probably packed)

Code size:
187.5 KB (192,000 bytes)

The file lagu dodi latuharihari terbaru_10924_i9712704_il345.exe has been seen being distributed by the following URL.

http://files.red-2-small-button.com/p/.../lagu dodi latuharihari terbaru_10924_i9712704_il345.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.