home

marine corps hymn wav_10924_i42543118_il345.exe

Runner Utility

BERSHNET LLC

The application marine corps hymn wav_10924_i42543118_il345.exe by BERSHNET has been detected as adware by 16 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from files.red-1-small-button.com and multiple other hosts.
Publisher:
Dummy, Ltd.  (signed by BERSHNET LLC)

Product:
Runner Utility

Version:
1.0.0.187

MD5:
d59ac4f0132505dc7c93a7f1181905c2

SHA-1:
05b4da02b3659156b62e4d9f2bc9471490f0eaf8

SHA-256:
d5a9409c0c2026c87aa7bc7dd0a0b7346d67827f01967a892968f53d2cdf363c

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
11/28/2024 2:46:55 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.8247
6726009

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.215.190

AVG
Generic
2016.0.3175

Bitdefender
Gen:Variant.Adware.Mikey.8247
1.0.20.345

Comodo Security
Application.Win32.LoadMoney.IARS
21358

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.8247
9.0.0.4799

ESET NOD32
Win32/Amonetize.DW potentially unwanted application
7.0.302.0

F-Prot
W32/S-40484255
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Mikey
5.13.68

G Data
Gen:Variant.Adware.Mikey.8247
15.3.25

K7 AntiVirus
Unwanted-Program
13.200.15211

Kaspersky
not-a-virus:Downloader.Win32.Agent
15.0.0.543

MicroWorld eScan
Gen:Variant.Adware.Mikey.8247
16.0.0.207

Panda Antivirus
Trj/Genetic.gen
15.03.10.06

Reason Heuristics
PUP.BERSHNET
15.3.10.5

VIPRE Antivirus
Threat.4785227
37788

File size:
1.4 MB (1,484,816 bytes)

Product version:
1.0.0.187

Copyright:
Copyright (C) 2013

Original file name:
runner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\marine corps hymn wav_10924_i42543118_il345.exe

Digital Signature
Signed by:
BERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/5/2015 6:00:00 PM

Valid to:
2/6/2016 5:59:59 PM

Subject:
CN=BERSHNET LLC, O=BERSHNET LLC, STREET="st. 600-richya b.66, of.10", L=Vinnitsya, S=Vinnitskaya, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2D6C6F8DDF832E09DCF766B299AD2A9

File PE Metadata
Compilation timestamp:
3/10/2015 1:13:06 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:xVpCuJd7ZrC2jUt3NiYKDNI7yaYGxQj4QEEu/xqM/qgT/ytiRI2uD0ORBzdVUsBz:95uNSBI+ZGx2EEu/oAi91RTVU8FfB

Entry address:
0x344A3B

Entry point:
60, E8, B9, 1D, F2, FF, 9C, C6, 04, 24, 3D, C6, 44, 24, 04, 0B, C7, 44, 24, 24, 45, B2, 66, 00, E8, E9, 12, 00, 00, E8, E7, C9, 07, 00, 53, 8C, B0, 05, 8B, 7F, 1B, 6D, E1, 91, 5B, FF, E2, A3, B5, C9, D1, 7F, 62, 2B, 3D, 25, 37, 53, 65, 01, 9F, 8C, 03, 12, 64, E8, 92, 5A, 18, 20, 4E, 35, 12, F1, CA, B9, AA, 21, 6C, 46, 84, FA, 73, A8, 4D, 2C, 4C, DD, 61, 74, F7, 6A, 45, B1, 4A, 39, 99, A6, DA, ED, 00, 75, 56, A0, 06, 23, 52, A0, F7, 47, 64, 6D, 11, A5, 92, 43, B0, 11, 36, 46, BD, 6B, FE, 31, C2, 31, DC, 49...
 
[+]

Entropy:
7.9939

Packer / compiler:
ASPack v1.08.04

Code size:
187.5 KB (192,000 bytes)

The file marine corps hymn wav_10924_i42543118_il345.exe has been seen being distributed by the following 4 URLs.

http://files.red-1-small-button.com/p/.../marine corps hymn wav_10924_i42543118_il345.exe

http://downprov.brown1switch.com/p/.../marine corps hymn wav_10924_i42543118_il345.exe

http://downprov.brown1switch.com/direct?version=1.1.8.22&campid=10924&instid[appname]=marine corps hymn wav_Downloader&instid[appsetupurl]=http://go.bestsoftwarelive.com/getfast/download.cgi?9&ti1=3125000&ti2=0&ti3=DD1_2015-03-10T06:26:45.117299 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.bestsoftwarelive.com/d1/logo150x150.png&prefix=marine corps hymn wav&instid[thankyoupage]=http://download.bestsoftwarelive.com/.../thank_you.php?ti1=3125000&ti2=0&ti3=DD1_2015-03-10T06:26:45.117299 00:00&parameter=marine corps hymn wav&instid[interrupted]=http://download.bestsoftwarelive.com/.../interrupted.php?ti1=3125000&ti2=0&ti3=DD1_2015-03-10T06:26:45.117299 00:00&parameter=marine corps hymn wav&ti1=3125000&ti2=0&ti3=DD1_2015-03-10T06:26:45.117299 00:00&_dest=files.red-1-small-butto

http://downprov.brown1switch.com/direct?version=1.1.8.22&campid=10924&instid[appname]=marine corps hymn wav_Downloader&instid[appsetupurl]=http://go.bestsoftwarelive.com/getfast/download.cgi?9&ti1=3125000&ti2=0&ti3=DD1_2015-03-10T06:26:45.117299 00:00&instid[cmdline]=/S /PERFORMINSTALL /NORUN&instid[appimageurl]=http://download.bestsoftwarelive.com/d1/logo150x150.png&prefix=marine corps hymn wav&instid[thankyoupage]=http://download.bestsoftwarelive.com/.../thank_you.php?ti1=3125000&ti2=0&ti3=DD1_2015-03-10T06:26:45.117299 00:00&parameter=marine corps hymn wav&instid[interrupted]=http://download.bestsoftwarelive.com/.../interrupted.php?ti1=3125000&ti2=0&ti3=DD1_2015-03-10T06:26:45.117299 00:00&parameter=marine corps hymn wav&ti1=3125000&ti2=0&ti3=DD1_2015-03-10T06:26:45.117299 00:00&_dest=files.red-1-small-button.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.